mirror of
https://github.com/Shadowss/TravianZ.git
synced 2026-07-10 14:46:09 +00:00
fix some problems
This commit is contained in:
@@ -23,9 +23,5 @@ switch(DB_TYPE) {
|
||||
break;
|
||||
}
|
||||
## Security
|
||||
if($_GET['s'] == 6 && $_SERVER['PHP_SELF'] == "/allianz.php"){
|
||||
include("Protection.php");
|
||||
}else{
|
||||
include("Protection2.php");
|
||||
}
|
||||
?>
|
||||
@@ -1,22 +0,0 @@
|
||||
<?php
|
||||
#################################################################################
|
||||
## -= YOU MAY NOT REMOVE OR CHANGE THIS NOTICE =- ##
|
||||
## --------------------------------------------------------------------------- ##
|
||||
## Filename Protection.php ##
|
||||
## Developed by: Songeriux ##
|
||||
#################################################################################
|
||||
|
||||
function filter($txt) {
|
||||
$arr_simboliu = array("#","$","!","\"","%","^","?","_","-","+","|","<",">","{","}","[","]",",","'");
|
||||
$arr_kodu = array("#","$","!",""","%","^","?","_","-","+","|","<",">","{","}","[","]",",","'");
|
||||
return strip_tags(mysql_real_escape_string(str_replace($arr_simboliu,$arr_kodu,htmlspecialchars(trim($txt)))));
|
||||
} // The script blocks out any dangorous simbols, and replaces them with an code. also protects mysql database.
|
||||
|
||||
|
||||
## We need to put it on every GET, POST, COOKIE, SESSION and SERVER methods.
|
||||
if(isset($_GET)){ foreach($_GET as $key=>$value) { $_GET[$key]=filter($value); } }
|
||||
if(isset($_POST)){ foreach($_POST as $key=>$value) { $_POST[$key]=filter($value); } }
|
||||
if(isset($_SESSION)){ foreach($_SESSION as $key=>$value){ $_SESSION[$key]=filter($value); } }
|
||||
if(isset($_COOKIE)){ foreach($_COOKIE as $key=>$value){ $_COOKIE[$key]=filter($value); } }
|
||||
if(isset($_SERVER)){ foreach($_SERVER as $key=>$value){ $_SERVER[$key]=filter($value); } }
|
||||
?>
|
||||
+1
-1
@@ -8,7 +8,7 @@ if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) header("Location: allianz.p
|
||||
if(isset($_GET['newdid'])) {
|
||||
$_SESSION['wid'] = $_GET['newdid'];
|
||||
if(isset($_GET['s'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s'));
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s']));
|
||||
}else if(isset($_GET['aid'])){
|
||||
header("Location: ".$_SERVER['PHP_SELF']."?aid=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['aid']));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user