* $Author:: $ *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2012 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2016 by Mailer Developer Team *
* For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
} // END - if
// Include ctracker, recommended place!
-//require_once('ctracker.php');
-//require_once('ipfilter.php');
+require_once('ctracker.php');
+require_once('ipfilter.php');
/**
* Function to secure input strings
} // END - if
// Check if important arrays are found and define them if missing
-if (!isset($_SERVER)) {
+if ((!isset($_SERVER)) || (!is_array($_SERVER))) {
global $_SERVER;
$_SERVER = $GLOBALS['_SERVER'];
} // END - if
-if (!isset($_GET)) {
+if ((!isset($_GET)) || (!is_array($_GET))) {
global $_GET;
$_GET = $GLOBALS['_GET'];
} // END - if
-if (!isset($_POST)) {
+if ((!isset($_POST)) || (!is_array($_POST))) {
global $_POST;
$_POST = $GLOBALS['_POST'];
} // END - if
// Generate arrays which holds the relevante chars to replace
$GLOBALS['security_chars'] = array(
// The chars we are looking for...
- 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92), chr(39), '<', '>'),
+ 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{%', '%}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92), chr(39), '<', '>'),
// ... and we will replace to.
'to' => array(
'{SLASH}',
'{DOLLAR}',
'{OPEN_ANCHOR}',
'{CLOSE_ANCHOR}',
+ '{OPEN_LANGUAGE}',
+ '{CLOSE_LANGUAGE}',
'{OPEN_TEMPLATE}',
'{CLOSE_TEMPLATE}',
'{OPEN_CONFIG}',
if (is_array($_GET)) {
foreach ($_GET as $seckey => $secvalue) {
if (is_array($secvalue)) {
- // Throw arrays away...
+ // Throw arrays away ...
unset($_GET[$seckey]);
} else {
- // Only variables are allowed (non-array) but we secure them all!
+ // Only variables are allowed (non-array) but we secure them all.
$_GET[$seckey] = str_replace($GLOBALS['security_chars']['from'], $GLOBALS['security_chars']['to'], $_GET[$seckey]);
// Strip all other out