diff options
Diffstat (limited to 'includes/secure.php')
-rw-r--r--[-rwxr-xr-x] | includes/secure.php | 54 |
1 files changed, 19 insertions, 35 deletions
diff --git a/includes/secure.php b/includes/secure.php index d6b5c512..1d1a9e46 100755..100644 --- a/includes/secure.php +++ b/includes/secure.php @@ -1,41 +1,25 @@ <?php -//soll dein funktion entahlten die alle übergebenen parameter überprüft -//'`'" + if($debug) + echo "secure.php START<br />\n"; -if( $DEBUG) - echo "secure.php START<br>\n"; + foreach ($_GET as $k => $v) { + $v = htmlentities($v, ENT_QUOTES); + preg_replace('/([\'"`\'])/', '', $v); + $_GET[$k] = $v; -foreach ($_GET as $k => $v) -{ -// $v = htmlspecialchars($v, ENT_QUOTES); -// $v = mysql_escape_string($v); - $v = htmlentities($v, ENT_QUOTES); - if (preg_match('/([\'"`\'])/', $v, $match)) - { - print "sorry get has illegal char '$match[1]'"; - exit; - } - $_GET[$k] = $v; - - if( $DEBUG) - echo "GET $k=\"$v\"<br>"; -} + if($debug) + echo "GET $k=\"$v\"<br />"; + } + + foreach ($_POST as $k => $v) { + $v = htmlentities($v, ENT_QUOTES); + preg_replace('/([\'"`\'])/', '', $v); + $_POST[$k] = $v; -foreach ($_POST as $k => $v) -{ -// $v = htmlspecialchars($v, ENT_QUOTES); -// $v = mysql_escape_string($v); - $v = htmlentities($v, ENT_QUOTES); - if (preg_match('/([\'"`\'])/', $v, $match)) { - print "sorry post has illegal char '$match[1]'"; - exit; - } - $_POST[$k] = $v; - - if( $DEBUG) - echo "POST $k=\"$v\"<br>"; -} -if( $DEBUG) - echo "secure.php END<br>\n"; + if($debug) + echo "POST $k=\"$v\"<br />"; + } + if($debug) + echo "secure.php END<br />\n"; ?> |