Sanatize super-globals variables before use.

[lewisgoddard]

We will likely want to sanitize all the variables appropriately before we do anything else.

• List all variables
• Sanitize in new file
• De-duplicate sanitation
• Replace references

[lewisgoddard]

From phoenix.php#L33:

// TODO Sanatize everything
// once.input.sanatize.php
// IF BINARY
if (
    isset($_GET['info_hash']) &&
    strlen($_GET['info_hash']) == 20
) {
    $_GET['info_hash'] = bin2hex($_GET['info_hash']);
}
if (
    isset($_GET['peer_id']) &&
    strlen($_GET['peer_id']) == 20
) {
    $_GET['peer_id'] = bin2hex($_GET['peer_id']);
}
// END IF BINARY

[lewisgoddard]

We should replace all super-global references with ones similar to $Sanitized['GET']['info_hash']. $Sanitized should be SQL-safe. This will remove the need for sanitation within functions or before SQL queries.

[lewisgoddard]

once.input.sanatize.admin.php
once.input.sanatize.announce.php
once.input.sanatize.scrape.php
once.input.sanatize.tracker.php (both)

[lewisgoddard]

admin.php is done, I'm up to announce.php#L47

[lewisgoddard]

announce.php is done. Only scrape.php and it's associates to do.

[lewisgoddard]

Just de-duplication left. once.sanatize.tracker.php has two 20-bit binary or 40-bit hexadecimals that work the same.