X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Flibs%2Fsecurity_functions.php;h=b1cce1c5b323b30827b90b452d01bf66ae9f226e;hb=15b33f67108fcf717fc56fc9cb931f7c22a69737;hp=faeccb51a66856de62fd2b097f5002de317d0381;hpb=c3b4eaf29946349ff058691db2dcb615a5379bb2;p=mailer.git

diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index faeccb51a6..b1cce1c5b3 100644
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -17,7 +17,7 @@
  * -------------------------------------------------------------------- *
  * Copyright (c) 2003 - 2009 by Roland Haeder                           *
  * Copyright (c) 2009 - 2011 by Mailer Developer Team                   *
- * For more information visit: http://www.mxchange.org                  *
+ * For more information visit: http://mxchange.org                      *
  *                                                                      *
  * This program is free software; you can redistribute it and/or modify *
  * it under the terms of the GNU General Public License as published by *
@@ -36,7 +36,9 @@
  ************************************************************************/
 
 // Run only once this security check/replacement
-if (defined('__SECURITY')) return;
+if (defined('__SECURITY')) {
+	return;
+} // END - if
 
 // Some security stuff...
 if (strpos($_SERVER['PHP_SELF'], basename(__FILE__)) !== false) {
@@ -161,7 +163,7 @@ if (!isset($_POST)) {
 // Generate arrays which holds the relevante chars to replace
 $GLOBALS['security_chars'] = array(
 	// The chars we are looking for...
-	'from' => array('/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--'),
+	'from' => array('/', '.', "'", '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', "\\"),
 	// ... and we will replace to.
 	'to'   => array(
 		'{SLASH}',
@@ -179,7 +181,8 @@ $GLOBALS['security_chars'] = array(
 		'{OPEN_INDEX}',
 		'{CLOSE_INDEX}',
 		'{DBL_DOT}',
-		'{COMMENT}'
+		'{COMMENT}',
+		'{BACKSLASH}'
 	),
 );
 
@@ -210,6 +213,18 @@ if (is_array($_GET)) {
 	} // END - foreach
 } // END - if
 
+// Secure also $_POST data (only simple, no replace)
+if (is_array($_POST)) {
+	// Secure only simple data
+	foreach ($_POST as $seckey => $secvalue) {
+		// Is it an array?
+		if (!is_array($secvalue)) {
+			// Strip all other out
+			$_POST[$seckey] = secureString($_POST[$seckey]);
+		} // END - if
+	} // END - foreach
+} // END - if
+
 // Detect PHP caching
 detectPhpCaching();