diff options
| author | Moritz helios Rudert <helios@planetcyborg.de> | 2011-06-01 12:13:39 +0200 |
|---|---|---|
| committer | Moritz helios Rudert <helios@planetcyborg.de> | 2011-06-01 12:13:39 +0200 |
| commit | 75448045cfe70054c8f4bae1bcfaf9bb0f70d330 (patch) | |
| tree | 6a4d3d35019cdf933c1816e8522dc5d2557f5238 /includes/secure.php | |
| parent | 12e0b0d809c29d435a247798d7318cc9835980ea (diff) | |
fixes
Diffstat (limited to 'includes/secure.php')
| -rw-r--r--[-rwxr-xr-x] | includes/secure.php | 54 |
1 files changed, 19 insertions, 35 deletions
diff --git a/includes/secure.php b/includes/secure.php index d6b5c512..1d1a9e46 100755..100644 --- a/includes/secure.php +++ b/includes/secure.php @@ -1,41 +1,25 @@ <?php -//soll dein funktion entahlten die alle übergebenen parameter überprüft -//'`'" + if($debug) + echo "secure.php START<br />\n"; -if( $DEBUG) - echo "secure.php START<br>\n"; + foreach ($_GET as $k => $v) { + $v = htmlentities($v, ENT_QUOTES); + preg_replace('/([\'"`\'])/', '', $v); + $_GET[$k] = $v; -foreach ($_GET as $k => $v) -{ -// $v = htmlspecialchars($v, ENT_QUOTES); -// $v = mysql_escape_string($v); - $v = htmlentities($v, ENT_QUOTES); - if (preg_match('/([\'"`\'])/', $v, $match)) - { - print "sorry get has illegal char '$match[1]'"; - exit; - } - $_GET[$k] = $v; - - if( $DEBUG) - echo "GET $k=\"$v\"<br>"; -} + if($debug) + echo "GET $k=\"$v\"<br />"; + } + + foreach ($_POST as $k => $v) { + $v = htmlentities($v, ENT_QUOTES); + preg_replace('/([\'"`\'])/', '', $v); + $_POST[$k] = $v; -foreach ($_POST as $k => $v) -{ -// $v = htmlspecialchars($v, ENT_QUOTES); -// $v = mysql_escape_string($v); - $v = htmlentities($v, ENT_QUOTES); - if (preg_match('/([\'"`\'])/', $v, $match)) { - print "sorry post has illegal char '$match[1]'"; - exit; - } - $_POST[$k] = $v; - - if( $DEBUG) - echo "POST $k=\"$v\"<br>"; -} -if( $DEBUG) - echo "secure.php END<br>\n"; + if($debug) + echo "POST $k=\"$v\"<br />"; + } + if($debug) + echo "secure.php END<br />\n"; ?> |