- Removed valid_input_check().

2005-11-30 10:27:13 +00:00 · 2005-11-30 10:27:13 +00:00 · 2917261693
parent bcb6257b31
commit 2917261693
3 changed files with 11 additions and 22 deletions
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@ -714,16 +714,6 @@ function check_plain($text) {
  return htmlspecialchars($text, ENT_QUOTES);
 }

-/**
- * Prepare a URL for use in an HTML attribute. Strips harmful protocols.
- */
-function check_url($uri) {
-  $uri = htmlspecialchars($uri, ENT_QUOTES);
-  $uri = filter_xss_bad_protocol($uri, FALSE);
-
-  return $uri;
-}
-
 /**
 * Since request_uri() is only available on Apache, we generate an
 * equivalent using other environment variables.
--- a/includes/common.inc
+++ b/includes/common.inc
@ -691,6 +691,17 @@ function check_file($filename) {
  return is_uploaded_file($filename);
 }

+/**
+ * Prepare a URL for use in an HTML attribute. Strips harmful protocols.
+ *
+ */
+function check_url($uri) {
+  $uri = htmlspecialchars($uri, ENT_QUOTES);
+  $uri = filter_xss_bad_protocol($uri, FALSE);
+
+  return $uri;
+}
+
 /**
 * @defgroup format Formatting
 * @{
--- a/includes/file.inc
+++ b/includes/file.inc
@ -391,12 +391,6 @@ function file_save_upload($source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
      }
    }

-    if (!user_access('bypass input data check') && !valid_input_data($file)) {
-      watchdog('security', t('The file %file has not been saved, because it may contain a possible attempt to exploit or abuse this system.', array('%file' => theme('placeholder', $source))), WATCHDOG_WARNING);
-      drupal_set_message(t('The file %file has not been saved, because it contains invalid data.', array('%file' => theme('placeholder', $source))), 'error');
-      return 0;
-    }
-
    // Check for file upload errors.
    switch ($file->error) {
      case 0: // UPLOAD_ERR_OK: File uploaded successfully
@ -435,12 +429,6 @@ function file_save_upload($source, $dest = 0, $replace = FILE_EXISTS_RENAME) {
 * @return A string containing the resulting filename or 0 on error
 */
 function file_save_data($data, $dest, $replace = FILE_EXISTS_RENAME) {
-  if (!user_access('bypass input data check') && !valid_input_data($data)) {
-    watchdog('security', t('The file has not been saved, because it may contain a possible attempt to exploit or abuse this system.'), WATCHDOG_WARNING);
-    drupal_set_message(t('The file has not been saved, because it contains invalid data.'), 'error');
-    return 0;
-  }
-
  $temp = file_directory_temp();
  $file = tempnam($temp, 'file');
  if (!$fp = fopen($file, 'wb')) {