diff options
author | ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8> | 2008-09-10 03:42:44 +0000 |
---|---|---|
committer | ichdasich <ichdasich@29ba0400-6e00-0410-a75a-ca02368028f8> | 2008-09-10 03:42:44 +0000 |
commit | b00d5b96c6d33572b6d7c68688d6d1c4fbd0f0f4 (patch) | |
tree | cf02da8b2839bea3b6a966b575f2ba84966676bb /includes/secure.php | |
parent | 34aff10f383fe963cd3f8fd7f096321302e1efb6 (diff) |
moved /inc to ../includes
git-svn-id: svn://svn.cccv.de/engel-system@281 29ba0400-6e00-0410-a75a-ca02368028f8
Diffstat (limited to 'includes/secure.php')
-rwxr-xr-x | includes/secure.php | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/includes/secure.php b/includes/secure.php new file mode 100755 index 00000000..d6b5c512 --- /dev/null +++ b/includes/secure.php @@ -0,0 +1,41 @@ +<?php +//soll dein funktion entahlten die alle übergebenen parameter überprüft +//'`'" + +if( $DEBUG) + echo "secure.php START<br>\n"; + +foreach ($_GET as $k => $v) +{ +// $v = htmlspecialchars($v, ENT_QUOTES); +// $v = mysql_escape_string($v); + $v = htmlentities($v, ENT_QUOTES); + if (preg_match('/([\'"`\'])/', $v, $match)) + { + print "sorry get has illegal char '$match[1]'"; + exit; + } + $_GET[$k] = $v; + + if( $DEBUG) + echo "GET $k=\"$v\"<br>"; +} + +foreach ($_POST as $k => $v) +{ +// $v = htmlspecialchars($v, ENT_QUOTES); +// $v = mysql_escape_string($v); + $v = htmlentities($v, ENT_QUOTES); + if (preg_match('/([\'"`\'])/', $v, $match)) { + print "sorry post has illegal char '$match[1]'"; + exit; + } + $_POST[$k] = $v; + + if( $DEBUG) + echo "POST $k=\"$v\"<br>"; +} +if( $DEBUG) + echo "secure.php END<br>\n"; + +?> |