if (defined('__SECURITY')) return;
// Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (strpos($_SERVER['PHP_SELF'], basename(__FILE__)) !== false) {
die();
} // END - if
+// Include ctracker, recommended place!
+//require_once('ctracker.php');
+
/**
* Function to secure input strings
*
$phpSelfFile = basename($_SERVER['PHP_SELF']);
// Check for a .php inside the $phpSelfDirectory...
- while (ereg('.php', $phpSelfDirectory)) {
+ while (strpos($phpSelfDirectory, '.php') !== false) {
// Correct the dirname
$phpSelfDirectory = substr($phpSelfDirectory, 0, (strpos($phpSelfDirectory, '.php') + 4));
// Rewrite filename...
}
// Runtime/GPC quoting is off now...
-set_magic_quotes_runtime(false);
+ini_set('magic_quotes_runtime', false);
ini_set('magic_quotes_gpc', false); // This may not work on some systems
// Check if important arrays are found and define them if missing
$_POST = $GLOBALS['_POST'];
} // END - if
-// Include IP-Filter here
-//include("/usr/share/php/ipfilter.php");
-
// Generate arrays which holds the relevante chars to replace
$GLOBALS['security_chars'] = array(
// The chars we are looking for...
- 'from' => array('{', '}', '/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
+ 'from' => array('/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
// ... and we will replace to.
'to' => array(
- '{OPEN_ANCHOR2}',
- '{CLOSE_ANCHOR2}',
'{SLASH}',
'{DOT}',
'{QUOT}',