merge from branch 1.5.3.2 (r12300-r12332)

git-svn-id: http://xe-core.googlecode.com/svn/branches/luminous@12336 201d5d3c-b55e-5fd7-737f-ddc643e51545

classes/context/Context.class.php

@@ -113,6 +113,20 @@ class Context {
 	 * @var bool true if attached file exists
 	 */
 	var $is_uploaded = false;
+	/**
+	 * Pattern for request vars check
+	 * @var array
+	 */
+	var $patterns = array(
+			'/<\?/iUsm',
+			'/<\%/iUsm',
+			'/<script(\s|\S)*language[\s]*=[\s]*("|\')?[\s]*php[\s]*("|\')?(\s|\S)*/iUsm'
+			);
+	/**
+	 * Check init
+	 * @var bool false if init fail
+	 */
+	var $isSuccessInit = true;
 
 	/**
 	 * returns static context object (Singleton). It's to use Context without declaration of an object
@@ -847,15 +861,36 @@ class Context {
 
 			if($set_to_vars)
 			{
-				$val = preg_replace('/<\?/i', '', $val);
-				$val = preg_replace('/<\%/i', '', $val);
-				$val = preg_replace('/<script\s+language\s*=\s*("|\')php("|\')\s*>/ism', '', $val);
+				$this->_recursiveCheckVar($val);
 			}
 
 			$this->set($key, $val, $set_to_vars);
 		}
 	}
 
+	function _recursiveCheckVar($val)
+	{
+		if(is_string($val))
+		{
+			foreach($this->patterns as $pattern)
+			{
+				$result = preg_match($pattern, $val);
+				if($result)
+				{
+					$this->isSuccessInit = FALSE;
+					return;
+				}
+			}
+		}
+		else if(is_array($val))
+		{
+			foreach($val as $val2)
+			{
+				$this->_recursiveCheckVar($val2);
+			}
+		}
+	}
+
 	/**
 	 * Handle request arguments for JSON
 	 *