summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xinc/UserCVS.php9
-rwxr-xr-xinc/secure.php11
2 files changed, 8 insertions, 12 deletions
diff --git a/inc/UserCVS.php b/inc/UserCVS.php
index 3454e7e3..ee1cb0a0 100755
--- a/inc/UserCVS.php
+++ b/inc/UserCVS.php
@@ -6,9 +6,12 @@ $Page["CVS"] = $_SESSION['CVS'][ $Page["Name"] ];
if( $DEBUG )
{
- echo "UserID:". $_SESSION["UID"]. "<br>";
- echo "Nick:". $_SESSION["Nick"]. "<br>";
-
+// echo "UserID:". $_SESSION["UID"]. "<br>";
+// echo "Nick:". $_SESSION["Nick"]. "<br>";
+
+ foreach( $_SESSION as $k => $v)
+ echo "$k = $v<br>\n";
+
if( strlen($Page["CVS"]) == 0 )
echo "<h1><u> CVS ERROR, on page '". $Page["Name"]. "'</u></h1>";
else
diff --git a/inc/secure.php b/inc/secure.php
index 99d646d2..32c8f864 100755
--- a/inc/secure.php
+++ b/inc/secure.php
@@ -5,33 +5,26 @@
foreach ($_GET as $k => $v)
{
$v = htmlspecialchars($v);
-//echo "$v<br>";
$v = mysql_escape_string($v);
-//echo "$v<br>";
// $v = htmlentities($v);
-//echo "$v<br>";
-// if (preg_match('/([\'"`\'])/', $v, $match))
if (preg_match('/([\"`])/', $v, $match))
{
print "sorry get has illegal char '$match[1]'";
exit;
}
- $$k = $v;
+ $_GET[$k] = $v;
}
foreach ($_POST as $k => $v)
{
$v = htmlspecialchars($v);
-//echo "$v<br>";
$v = mysql_escape_string($v);
-//echo "$v<br>";
// $v = htmlentities($v);
-//echo "$v<br>";
if (preg_match('/([\'"`\'])/', $v, $match)) {
print "sorry post has illegal char '$match[1]'";
exit;
}
- $$k = $v;
+ $_POST[$k] = $v;
}
?>