Rewrote new extension detection:

[mailer.git] / inc / libs / security_functions.php

diff --git a/inc/libs/security_functions.php b/inc/libs/security_functions.php
index 67aea962195e7b8057a4b67031b6ceaf57afb906..bcb381a7f403bff03d52c7f99b412b5fac0edb0f 100644 (file)
--- a/inc/libs/security_functions.php
+++ b/inc/libs/security_functions.php
@@ -181,7 +181,7 @@ if (!isset($_POST)) {
 // Generate arrays which holds the relevante chars to replace
 $GLOBALS['security_chars'] = array(
        // The chars we are looking for...
-       'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92)),
+       'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{%', '%}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92), chr(39), '<', '>'),
        // ... and we will replace to.
        'to'   => array(
                '{SLASH}',
@@ -190,6 +190,8 @@ $GLOBALS['security_chars'] = array(
                '{DOLLAR}',
                '{OPEN_ANCHOR}',
                '{CLOSE_ANCHOR}',
+               '{OPEN_LANGUAGE}',
+               '{CLOSE_LANGUAGE}',
                '{OPEN_TEMPLATE}',
                '{CLOSE_TEMPLATE}',
                '{OPEN_CONFIG}',
@@ -200,12 +202,15 @@ $GLOBALS['security_chars'] = array(
                '{CLOSE_INDEX}',
                '{DBL_DOT}',
                '{COMMENT}',
-               '{BACKSLASH}'
+               '{BACKSLASH}',
+               '{SQUOTE}',
+               '{OPEN_TAG}',
+               '{CLOSE_TAG}'
        ),
 );
 
 /*
- * Characters allowed in URLs
+ * Characters allowed in booked URLs
  *
  * Note: Do not replace 'to' with 'from' and vise-versa! When you do this all booked URLs will be
  *       rejected because of the {SLASH}, {DOT} and all below listed items inside the URL.