From 75448045cfe70054c8f4bae1bcfaf9bb0f70d330 Mon Sep 17 00:00:00 2001
From: Moritz helios Rudert <helios@planetcyborg.de>
Date: Wed, 1 Jun 2011 12:13:39 +0200
Subject: fixes

---
 includes/secure.php | 54 +++++++++++++++++++----------------------------------
 1 file changed, 19 insertions(+), 35 deletions(-)
 mode change 100755 => 100644 includes/secure.php

(limited to 'includes/secure.php')

diff --git a/includes/secure.php b/includes/secure.php
old mode 100755
new mode 100644
index d6b5c512..1d1a9e46
--- a/includes/secure.php
+++ b/includes/secure.php
@@ -1,41 +1,25 @@
 <?php
-//soll dein funktion entahlten die alle übergebenen parameter überprüft
-//'`'" 
+  if($debug)
+    echo "secure.php START<br />\n";
 
-if( $DEBUG)
-	echo "secure.php START<br>\n";
+  foreach ($_GET as $k => $v) {
+    $v = htmlentities($v, ENT_QUOTES);
+    preg_replace('/([\'"`\'])/', '', $v);
+    $_GET[$k] = $v;
 
-foreach ($_GET as $k => $v) 
-{	
-//  	$v = htmlspecialchars($v, ENT_QUOTES);
-//	$v = mysql_escape_string($v);
-	$v = htmlentities($v, ENT_QUOTES);
-	if (preg_match('/([\'"`\'])/', $v, $match)) 
-	{
-		print "sorry get has illegal char '$match[1]'";
-		exit;
-	}
-	$_GET[$k] = $v;
-
-	if( $DEBUG)
-		echo "GET $k=\"$v\"<br>";
-}
+    if($debug)
+      echo "GET $k=\"$v\"<br />";
+  }
+  
+  foreach ($_POST as $k => $v) {
+    $v = htmlentities($v, ENT_QUOTES);
+    preg_replace('/([\'"`\'])/', '', $v);
+    $_POST[$k] = $v;
   
-foreach ($_POST as $k => $v) 
-{
-//  	$v = htmlspecialchars($v, ENT_QUOTES);
-//	$v = mysql_escape_string($v);
-	$v = htmlentities($v, ENT_QUOTES);
-	if (preg_match('/([\'"`\'])/', $v, $match)) {
-		print "sorry post has illegal char '$match[1]'";
-		exit;
-	}
-	$_POST[$k] = $v;
-	
-	if( $DEBUG)
-		echo "POST $k=\"$v\"<br>";
-}
-if( $DEBUG)
-	echo "secure.php END<br>\n";
+    if($debug)
+      echo "POST $k=\"$v\"<br />";
+  }
 
+  if($debug)
+    echo "secure.php END<br />\n";
 ?>
-- 
cgit v1.2.3-70-g09d2