1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41:
| <?php if (!empty($_GET)) extract($_GET); if (!empty($_POST)) extract($_POST);
function kill_tags_deep($value) { $value = is_array($value) ? array_map('kill_tags_deep', $value) : trim(strip_tags(stripslashes($value)));
$bad = array ('@<script[^>]*?>.*?</script>@si', '@<[\/\!]*?[^<>]*?>@si', '@&(quot|#34);@i', '@&(amp|#38);@i', '@&(lt|#60);@i', '@&(gt|#62);@i', '@&(nbsp|#160);@i', '@&(iexcl|#161);@i', '@&(cent|#162);@i', '@&(pound|#163);@i', '@&(copy|#169);@i', '@(\d+);@e');
$good = array ('', '', '"', '&', '<', '>', ' ', chr(161), chr(162), chr(169), 'chr(\1)');
return preg_replace($bad, $good, $value); return $value; }
$_POST = kill_tags_deep($_POST); $_GET = kill_tags_deep($_GET);
set_magic_quotes_runtime(0);
if (isset($HTTP_POST_VARS['GLOBALS']) || isset($HTTP_POST_FILES['GLOBALS'])) die("Hacking attempt"); if (isset($HTTP_GET_VARS['GLOBALS']) || isset($HTTP_COOKIE_VARS['GLOBALS'])) die("Hacking attempt"); if (!isset($HTTP_SESSION_VARS) || !is_array($HTTP_SESSION_VARS)) $HTTP_SESSION_VARS = array(); if (isset($HTTP_SESSION_VARS) && !is_array($HTTP_SESSION_VARS)) die("Hacking attempt");
$not_unset = array('HTTP_GET_VARS', 'HTTP_POST_VARS', 'HTTP_COOKIE_VARS', 'HTTP_SERVER_VARS', 'HTTP_SESSION_VARS', 'HTTP_ENV_VARS', 'HTTP_POST_FILES', 'phpEx', 'phpbb_root_path');
$input = array_merge($HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_SESSION_VARS, $HTTP_ENV_VARS, $HTTP_POST_FILES);
unset($input['input']); unset($input['not_unset']);
while (list($var,) = @each($input)) if (!in_array($var, $not_unset)) unset($$var);
unset($input); ?> |