diff options
| -rwxr-xr-x | inc/UserCVS.php | 9 | ||||
| -rwxr-xr-x | inc/secure.php | 11 |
2 files changed, 8 insertions, 12 deletions
diff --git a/inc/UserCVS.php b/inc/UserCVS.php index 3454e7e3..ee1cb0a0 100755 --- a/inc/UserCVS.php +++ b/inc/UserCVS.php @@ -6,9 +6,12 @@ $Page["CVS"] = $_SESSION['CVS'][ $Page["Name"] ]; if( $DEBUG ) { - echo "UserID:". $_SESSION["UID"]. "<br>"; - echo "Nick:". $_SESSION["Nick"]. "<br>"; - +// echo "UserID:". $_SESSION["UID"]. "<br>"; +// echo "Nick:". $_SESSION["Nick"]. "<br>"; + + foreach( $_SESSION as $k => $v) + echo "$k = $v<br>\n"; + if( strlen($Page["CVS"]) == 0 ) echo "<h1><u> CVS ERROR, on page '". $Page["Name"]. "'</u></h1>"; else diff --git a/inc/secure.php b/inc/secure.php index 99d646d2..32c8f864 100755 --- a/inc/secure.php +++ b/inc/secure.php @@ -5,33 +5,26 @@ foreach ($_GET as $k => $v) { $v = htmlspecialchars($v); -//echo "$v<br>"; $v = mysql_escape_string($v); -//echo "$v<br>"; // $v = htmlentities($v); -//echo "$v<br>"; -// if (preg_match('/([\'"`\'])/', $v, $match)) if (preg_match('/([\"`])/', $v, $match)) { print "sorry get has illegal char '$match[1]'"; exit; } - $$k = $v; + $_GET[$k] = $v; } foreach ($_POST as $k => $v) { $v = htmlspecialchars($v); -//echo "$v<br>"; $v = mysql_escape_string($v); -//echo "$v<br>"; // $v = htmlentities($v); -//echo "$v<br>"; if (preg_match('/([\'"`\'])/', $v, $match)) { print "sorry post has illegal char '$match[1]'"; exit; } - $$k = $v; + $_POST[$k] = $v; } ?> |