sanitize_null_character()関数をsanitize()にリネームし、magic_quote_gpc()時にstripslashes()を通す処理を追加。

diff --git a/func.php b/func.php
index 2a85ad4..c648e75 100644 (file)
--- a/func.php
+++ b/func.php
@@ -2,7 +2,7 @@
 /////////////////////////////////////////////////
 // PukiWiki - Yet another WikiWikiWeb clone.
 //
-// $Id: func.php,v 1.38 2003/05/14 10:08:40 arino Exp $
+// $Id: func.php,v 1.39 2003/05/16 05:45:46 arino Exp $
 //
 
 // ʸ»úÎó¤¬InterWikiName¤«¤É¤¦¤«
@@ -537,21 +537,27 @@ PHP
 
 http://ns1.php.gr.jp/pipermail/php-users/2003-January/012742.html
 [PHP-users 12736] null byte attack
+
+2003-05-16: magic quotes gpc¤ÎÉü¸µ½èÍý¤òÅý¹ç
 */ 
-function sanitize_null_character($param)
+function sanitize($param)
 {
        if (is_array($param))
        {
                $result = array();
-               foreach ($param as $key => $value)
+               foreach ($param as $key=>$value)
                {
-                       $key = sanitize_null_character($key);
-                       $result[$key] = sanitize_null_character($value);
+                       $key = str_replace("\0",'',$key);
+                       $result[$key] = sanitize($value);
                }
        }
        else
        {
                $result = str_replace("\0",'',$param);
+               if (get_magic_quotes_gpc())
+               {
+                       $result = stripslashes($result);
+               }
        }
        return $result;
 }