From 6532972e61a2aa5e8517ebcca3113adb3c8f336d Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Thu, 13 Oct 2016 00:30:41 -0700
Subject: additional array checking

---
 include/dba/dba_driver.php | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'include/dba')

diff --git a/include/dba/dba_driver.php b/include/dba/dba_driver.php
index 36353354c..34597bec4 100755
--- a/include/dba/dba_driver.php
+++ b/include/dba/dba_driver.php
@@ -391,9 +391,22 @@ function dbesc_array_cb(&$item, $key) {
 
 
 function dbesc_array(&$arr) {
+	$bogus_key = false;
 	if(is_array($arr) && count($arr)) {
+		$matches = false;
+		foreach($arr as $k => $v) {
+			if(preg_match('/([^a-zA-Z0-9\-\_\.])/',$k,$matches)) {
+				logger('bogus key: ' . $k);
+				$bogus_key = true;
+			}
+		}
 		array_walk($arr,'dbesc_array_cb');
+		if($bogus_key) {
+			$arr['BOGUS.KEY'] = 1;
+			return false;
+		}
 	}
+	return true;
 }
 
 function db_getfunc($f) {
-- 
cgit v1.2.3