Filter out possible security hazards in the URL transfer variable

xiaoxiao2021-03-06  81

Foreach ($ _GET AS $ SECVALUE) {

IF ((EREGI ("<[^>] * script * /"? [^>] *> ", $ secValue)) ||

(EREGI ("<[^>] * Object * /"? [^>] *>, $ secValue)) ||

(EREGI ("<[^>] * iframe * /"? [^>] *> ", $ secValue)) ||

(EREGI ("<[^>] * applet * /"? [^>] *> ", $ secValue)) ||

(EREGI ("<[^>] * meta * /"? [^>] *> ", $ secValue)) ||

(EREGI ("<[^>] * style * /"? [^>] *>, $ secValue)) ||

(EREGI ("<[^>] * form * /"? [^>] *> ", $ secValue)) ||

(EREGI ("/ ([^>] * /"? [^)] * /) ", $ secValue)) ||

(EREGI ("/", $ secValue)))

die ( "



The html tags you attempted to use are not allowed

[ "(B & B);");

}

}

Foreach ($ _POST AS $ SECVALUE) {

IF ((EREGI ("<[^>] script * /"? [^>] *> ", $ secValue)) || (EREGI (" <[^>] style * / "? [^>] *> ", $ secValue)))))

die ( "



The html tags you attempted to use are not allowed

[
"(B & B);");

}

}

?>


New Post(0)