From 235577d180cd693a444a53aded48200eb9990467 Mon Sep 17 00:00:00 2001 From: unknown Date: Wed, 13 Jun 2012 20:25:09 +0300 Subject: [PATCH] fix some problems --- GameEngine/Database.php | 4 ---- GameEngine/Protection2.php | 22 ---------------------- allianz.php | 2 +- 3 files changed, 1 insertion(+), 27 deletions(-) delete mode 100644 GameEngine/Protection2.php diff --git a/GameEngine/Database.php b/GameEngine/Database.php index 30c0147f..97e48ce1 100644 --- a/GameEngine/Database.php +++ b/GameEngine/Database.php @@ -23,9 +23,5 @@ switch(DB_TYPE) { break; } ## Security -if($_GET['s'] == 6 && $_SERVER['PHP_SELF'] == "/allianz.php"){ include("Protection.php"); -}else{ -include("Protection2.php"); -} ?> \ No newline at end of file diff --git a/GameEngine/Protection2.php b/GameEngine/Protection2.php deleted file mode 100644 index 733a94f1..00000000 --- a/GameEngine/Protection2.php +++ /dev/null @@ -1,22 +0,0 @@ -","{","}","[","]",",","'"); -$arr_kodu = array("#","$","!",""","%","^","?","_","-","+","|","<",">","{","}","[","]",",","'"); -return strip_tags(mysql_real_escape_string(str_replace($arr_simboliu,$arr_kodu,htmlspecialchars(trim($txt))))); -} // The script blocks out any dangorous simbols, and replaces them with an code. also protects mysql database. - - -## We need to put it on every GET, POST, COOKIE, SESSION and SERVER methods. -if(isset($_GET)){ foreach($_GET as $key=>$value) { $_GET[$key]=filter($value); } } -if(isset($_POST)){ foreach($_POST as $key=>$value) { $_POST[$key]=filter($value); } } -if(isset($_SESSION)){ foreach($_SESSION as $key=>$value){ $_SESSION[$key]=filter($value); } } -if(isset($_COOKIE)){ foreach($_COOKIE as $key=>$value){ $_COOKIE[$key]=filter($value); } } -if(isset($_SERVER)){ foreach($_SERVER as $key=>$value){ $_SERVER[$key]=filter($value); } } -?> \ No newline at end of file diff --git a/allianz.php b/allianz.php index ff14e7ea..00307878 100644 --- a/allianz.php +++ b/allianz.php @@ -8,7 +8,7 @@ if(isset($_GET['aid']) && !is_numeric($_GET['aid'])) header("Location: allianz.p if(isset($_GET['newdid'])) { $_SESSION['wid'] = $_GET['newdid']; if(isset($_GET['s'])){ - header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s')); + header("Location: ".$_SERVER['PHP_SELF']."?s=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['s'])); }else if(isset($_GET['aid'])){ header("Location: ".$_SERVER['PHP_SELF']."?aid=".preg_replace("/[^a-zA-Z0-9_-]/","",$_GET['aid'])); }