moved /inc to ../includes

git-svn-id: svn://svn.cccv.de/engel-system@281 29ba0400-6e00-0410-a75a-ca02368028f8
author: ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8> 2008-09-10 03:42:44 +0000
committer: ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8> 2008-09-10 03:42:44 +0000
commit: b00d5b96c6d33572b6d7c68688d6d1c4fbd0f0f4 (patch)
tree: cf02da8b2839bea3b6a966b575f2ba84966676bb /includes/secure.php
parent: 34aff10f383fe963cd3f8fd7f096321302e1efb6 (diff)
1 files changed, 41 insertions, 0 deletions
diff --git a/includes/secure.php b/includes/secure.php
new file mode 100755
index 00000000..d6b5c512
--- /dev/null
+++ b/includes/secure.php
@@ -0,0 +1,41 @@
+<?php
+//soll dein funktion entahlten die alle übergebenen parameter überprüft
+//'`'" 
+
+if( $DEBUG)
+	echo "secure.php START<br>\n";
+
+foreach ($_GET as $k => $v) 
+{	
+//  	$v = htmlspecialchars($v, ENT_QUOTES);
+//	$v = mysql_escape_string($v);
+	$v = htmlentities($v, ENT_QUOTES);
+	if (preg_match('/([\'"`\'])/', $v, $match)) 
+	{
+		print "sorry get has illegal char '$match[1]'";
+		exit;
+	}
+	$_GET[$k] = $v;
+
+	if( $DEBUG)
+		echo "GET $k=\"$v\"<br>";
+}
+  
+foreach ($_POST as $k => $v) 
+{
+//  	$v = htmlspecialchars($v, ENT_QUOTES);
+//	$v = mysql_escape_string($v);
+	$v = htmlentities($v, ENT_QUOTES);
+	if (preg_match('/([\'"`\'])/', $v, $match)) {
+		print "sorry post has illegal char '$match[1]'";
+		exit;
+	}
+	$_POST[$k] = $v;
+	
+	if( $DEBUG)
+		echo "POST $k=\"$v\"<br>";
+}
+if( $DEBUG)
+	echo "secure.php END<br>\n";
+
+?>
author	ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8>	2008-09-10 03:42:44 +0000
committer	ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8>	2008-09-10 03:42:44 +0000
commit	b00d5b96c6d33572b6d7c68688d6d1c4fbd0f0f4 (patch)
tree	cf02da8b2839bea3b6a966b575f2ba84966676bb /includes/secure.php
parent	34aff10f383fe963cd3f8fd7f096321302e1efb6 (diff)