» - DLE » -

-

  • - DLE

: .

:

:

:

: engine/inc/functions.inc.php

:

function check_xss () {

$url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, './') !== false) ||
(strpos($url, '../') !== false) ||
(strpos($url, '\'') !== false) ||
(strpos($url, '.php') !== false)
)
{

if ($_GET['mod'] != "editnews" OR $_GET['action'] != "list") die("Hacking attempt!");

}

}

}


:

function check_xss () {

$url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, './') !== false) ||
(strpos($url, '../') !== false) ||
(strpos($url, '\'') !== false) ||
(strpos($url, '.php') !== false)
)
{

if ($_GET['mod'] != "editnews" OR $_GET['action'] != "list") die("Hacking attempt!");

}

}

$url = html_entity_decode(urldecode($_SERVER['REQUEST_URI']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, '\'') !== false)
)
{

die("Hacking attempt!");

}

}

}


: engine/modules/functions.php

:

function check_xss () {

$url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, './') !== false) ||
(strpos($url, '../') !== false) ||
(strpos($url, '\'') !== false) ||
(strpos($url, '.php') !== false)
)
{
if ($_GET['do'] != "search" OR $_GET['subaction'] != "search")die("Hacking attempt!");
}

}

}


:

function check_xss () {

$url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, './') !== false) ||
(strpos($url, '../') !== false) ||
(strpos($url, '\'') !== false) ||
(strpos($url, '.php') !== false)
)
{
if ($_GET['do'] != "search" OR $_GET['subaction'] != "search")die("Hacking attempt!");
}

}


$url = html_entity_decode(urldecode($_SERVER['REQUEST_URI']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, '\'') !== false)
)
{
if ($_GET['do'] != "search" OR $_GET['subaction'] != "search")die("Hacking attempt!");

}

}

}


7.2

: celsoft

- : -, , ,