fix some problems

This commit is contained in:
unknown
2012-06-13 20:25:09 +03:00
parent 089220306f
commit 235577d180
3 changed files with 1 additions and 27 deletions
-4
View File
@@ -23,9 +23,5 @@ switch(DB_TYPE) {
break;
}
## Security
if($_GET['s'] == 6 && $_SERVER['PHP_SELF'] == "/allianz.php"){
include("Protection.php");
}else{
include("Protection2.php");
}
?>
-22
View File
@@ -1,22 +0,0 @@
<?php
#################################################################################
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
## --------------------------------------------------------------------------- ##
## Filename Protection.php ##
## Developed by: Songeriux ##
#################################################################################
function filter($txt) {
$arr_simboliu = array("#","$","!","\"","%","^","?","_","-","+","|","<",">","{","}","[","]",",","'");
$arr_kodu = array("&#35;","&#36;","&#33;","&quot;","&#37;","&#94;","&#63;","&#95;","&#45;","&#43;","&#124;","&lt;","&gt;","&#123;","&#125;","&#91;","&#93;","&#44;","&#039;");
return strip_tags(mysql_real_escape_string(str_replace($arr_simboliu,$arr_kodu,htmlspecialchars(trim($txt)))));
} // The script blocks out any dangorous simbols, and replaces them with an code. also protects mysql database.
## We need to put it on every GET, POST, COOKIE, SESSION and SERVER methods.
if(isset($_GET)){ foreach($_GET as $key=>$value) { $_GET[$key]=filter($value); } }
if(isset($_POST)){ foreach($_POST as $key=>$value) { $_POST[$key]=filter($value); } }
if(isset($_SESSION)){ foreach($_SESSION as $key=>$value){ $_SESSION[$key]=filter($value); } }
if(isset($_COOKIE)){ foreach($_COOKIE as $key=>$value){ $_COOKIE[$key]=filter($value); } }
if(isset($_SERVER)){ foreach($_SERVER as $key=>$value){ $_SERVER[$key]=filter($value); } }
?>
+1 -1
View File
@@ -8,7 +8,7 @@ if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) header("Location: allianz.p
if(isset($_GET['newdid'])) {
$_SESSION['wid'] = $_GET['newdid'];
if(isset($_GET['s'])){
header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s'));
header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s']));
}else if(isset($_GET['aid'])){
header("Location: ".$_SERVER['PHP_SELF']."?aid=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['aid']));
}