create a generic bool_escape function, use that

2011-12-25 15:11:26 +00:00 · 2011-12-25 15:11:26 +00:00 · 67e0c87b20
commit 67e0c87b20
parent d167849ffc
2 changed files with 21 additions and 7 deletions
--- a/core/util.inc.php
+++ b/core/util.inc.php
@ -47,6 +47,25 @@ function sql_escape($input) {
 	return $database->db->Quote($input);
 }

+
+/**
+ * Turn all manner of HTML / INI / JS / DB booleans into a PHP one
+ *
+ * @retval boolean
+ */
+function bool_escape($input) {
+	$input = strtolower($input);
+	return (
+		$input == "y" ||
+		$input == "yes" ||
+		$input == "t" ||
+		$input == "true" ||
+		$input == "on" ||
+		$input == 1 ||
+		$input == true
+	);
+}
+
 /**
 * Some functions require a callback function for escaping,
 * but we might not want to alter the data
--- a/ext/upload/main.php
+++ b/ext/upload/main.php
@ -313,12 +313,7 @@ class Upload implements Extension {
 		
 		// Checks if user is admin > check if you want locked.
 		if($user->is_admin()){
-			// There must be a less messy way to do this..
-			if($_GET['locked'] == "y" || $_GET['locked'] == "yes" || $_GET['locked'] == "true" || $_GET['locked'] == "on" || $_GET['locked'] == "n" || $_GET['locked'] == "no" || $_GET['locked'] == "false" || $_GET['locked'] == "off"){	
-				if($_GET['locked'] == "y" || $_GET['locked'] == "yes" || $_GET['locked'] == "true" || $_GET['locked'] == "on"){
-					$locked = "on";
-				}
-			}
+			$locked = bool_escape($_GET['locked']);
 		}
 		
 		// Checks if url contains rating, also checks if the rating extension is enabled.
@ -391,7 +386,7 @@ class Upload implements Extension {
 			
 			/* check for locked > adds to metadata if it has */
 			if(!empty($locked)){
-			$metadata['locked'] = $locked;
+				$metadata['locked'] = $locked ? "on" : "";
 			}
 						
 			/* check for rating > adds to metadata if it has */