- 01
- 02
- 03
- 04
- 05
- 06
- 07
- 08
- 09
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
function key_check($key) {
if ($key == '') { return ''; }
$key = preg_replace("/[^\w\xB2-\xB4\xBF-\xFF\xA5\xA8\xAA\xAF\xB8\xBA\s]/", "", $key );
if ($key =='_SERVER' OR $key =='_SESSION' OR $key =='_FILES' OR $key =='_REQUEST' OR $key =='GLOBALS') die("<h3>Error variable ".basename(__FILE__)." ".__LINE__."</h3>");
else return $key;
}
function str_check($str_val) {
if ($str_val == '') { return ''; }
if(preg_match("/<[^>]*script*\"?[^>]*>/i", $str_val)
or preg_match("/<[^>]*object*\"?[^>]*>/i", $str_val)
or preg_match("/<[^>]*applet*\"?[^>]*>/i", $str_val)
or preg_match("/<[^>]*form*\"?[^>]*>/i" , $str_val)
or preg_match("/&#\d+;{0,1}/i" , $str_val) ){
die("<h3>ERROR ".basename(__FILE__)." ".__LINE__."</h3>");
}
$str_val = str_replace( "&" , '&' , $str_val );
$str_val = str_replace( "<!--" , '<!--' , $str_val );
$str_val = str_replace( "-->" , '-->' , $str_val );
$str_val = str_replace( ">" , '>' , $str_val );
$str_val = str_replace( "<" , '<' , $str_val );
$str_val = str_replace( "\"" , '"' , $str_val );
$str_val = str_replace( "\r" , null , $str_val );
$str_val = str_notsqlatacs($str_val);
if (!get_magic_quotes_gpc()){$str_val=addslashes($str_val);}
return $str_val;
}
function str_notsqlatacs($str_val) {
$searcharray =array('/drop/i','/delete/i','/union/i','/char/i','/benchmark/i','/expression/i','/alert/i','/replace/i','/write/i','/document/i','/window/i','/script/i','/user_pass/i','/unescape/i','/eval/i','/form/i','/applet/i','/object/i','/user_login/i','/setTimeout/i','/onerror/i');
$replacearray=array('drop','delete','union','char','benchmark','Expression','Alert','Replace','Write','Document','Window','Script','User_pass','Unescape','Eval','Form','Applet','Object','User_login','/SetTimeout/i','/Onerror/i');//
$str_val=preg_replace($searcharray, $replacearray, $str_val);
return $str_val;
}
Фрагмент файла ./php/wojs.php "портального движка" WebCodePortalSystem версии 5.2. И вот так вся CMSка - два с половиной мегабайта говна.
guest 10.08.2009 16:48 # 0
guest 12.08.2009 04:17 # 0
ппц.. ой кашмар какой. слава яйцем в php 6 magic quotes уже обозначена как deprecated и выключены по дефалту.