X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Flibs%2Fsecurity_functions.php;h=10002eea7120000cc4ee52f429653b2919b17459;hb=e70440e1164db8bbeeccd90df305bfa0efb641e1;hp=8409e0c72742e092d8c91239b9052f21d21fa538;hpb=17b4111e3cc49c8cbc7b5a31d1c7c0af03129b7f;p=mailer.git diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php index 8409e0c727..10002eea71 100644 --- a/inc/libs/security_functions.php +++ b/inc/libs/security_functions.php @@ -41,7 +41,7 @@ if (defined('__SECURITY')) { } // END - if // Some security stuff... -if (strpos($_SERVER['PHP_SELF'], basename(__FILE__)) !== false) { +if (strpos($_SERVER['PHP_SELF'], basename(__FILE__)) !== FALSE) { die(); } // END - if @@ -56,9 +56,9 @@ if (strpos($_SERVER['PHP_SELF'], basename(__FILE__)) !== false) { * @param $stripTags Strip tags * @return $str A (hopefully) secured string against XSS and other bad things */ -function secureString ($str, $stripTags = true, $encode = false) { +function secureString ($str, $stripTags = TRUE, $encode = FALSE) { // Shall we strip HTML code? - if ($stripTags === true) { + if ($stripTags === TRUE) { $str = strip_tags($str); } // END - if @@ -66,7 +66,7 @@ function secureString ($str, $stripTags = true, $encode = false) { $str = trim($str); // Encode in entities if requested - if ($encode === true) { + if ($encode === TRUE) { // Encode in entities (this breakes UTF-8!) $str = htmlentities($str, ENT_QUOTES); } // END - if @@ -98,7 +98,7 @@ function securePhpSelf () { $phpSelfFile = basename($_SERVER['PHP_SELF']); // Check for a .php inside the $phpSelfDirectory... - while (strpos($phpSelfDirectory, '.php') !== false) { + while (strpos($phpSelfDirectory, '.php') !== FALSE) { // Correct the dirname $phpSelfDirectory = substr($phpSelfDirectory, 0, (strpos($phpSelfDirectory, '.php') + 4)); // Rewrite filename... @@ -111,7 +111,7 @@ function securePhpSelf () { $_SERVER['PHP_SELF'] = $phpSelfDirectory . '/' . $phpSelfFile; // Did run... - $GLOBALS['php_self_secured'] = true; + $GLOBALS['php_self_secured'] = TRUE; // Remove uneccessary variables unset($phpSelfDirectory); @@ -151,8 +151,8 @@ function detectPhpCaching () { } // Runtime/GPC quoting is off now... -ini_set('magic_quotes_runtime', false); -ini_set('magic_quotes_gpc', false); // This may not work on some systems +ini_set('magic_quotes_runtime', FALSE); +ini_set('magic_quotes_gpc', FALSE); // This may not work on some systems /* * No compatibility with Zend Engine 1, else an error like 'Implicit cloning' @@ -181,7 +181,7 @@ if (!isset($_POST)) { // Generate arrays which holds the relevante chars to replace $GLOBALS['security_chars'] = array( // The chars we are looking for... - 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92)), + 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92), chr(39), '<', '>'), // ... and we will replace to. 'to' => array( '{SLASH}', @@ -200,12 +200,15 @@ $GLOBALS['security_chars'] = array( '{CLOSE_INDEX}', '{DBL_DOT}', '{COMMENT}', - '{BACKSLASH}' + '{BACKSLASH}', + '{SQUOTE}', + '{OPEN_TAG}', + '{CLOSE_TAG}' ), ); /* - * Characters allowed in URLs + * Characters allowed in booked URLs * * Note: Do not replace 'to' with 'from' and vise-versa! When you do this all booked URLs will be * rejected because of the {SLASH}, {DOT} and all below listed items inside the URL.