* $Author:: $ *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009 - 2012 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2013 by Mailer Developer Team *
* For more information visit: http://mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
} // END - if
// Check if important arrays are found and define them if missing
-if (!isset($_SERVER)) {
+if ((!isset($_SERVER)) || (!is_array($_SERVER))) {
global $_SERVER;
$_SERVER = $GLOBALS['_SERVER'];
} // END - if
-if (!isset($_GET)) {
+if ((!isset($_GET)) || (!is_array($_GET))) {
global $_GET;
$_GET = $GLOBALS['_GET'];
} // END - if
-if (!isset($_POST)) {
+if ((!isset($_POST)) || (!is_array($_POST))) {
global $_POST;
$_POST = $GLOBALS['_POST'];
} // END - if
// Generate arrays which holds the relevante chars to replace
$GLOBALS['security_chars'] = array(
// The chars we are looking for...
- 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92)),
+ 'from' => array('/', '.', chr(39), '$', '(', ')', '{--', '--}', '{%', '%}', '{?', '?}', '%', ';', '[', ']', ':', '--', chr(92), chr(39), '<', '>'),
// ... and we will replace to.
'to' => array(
'{SLASH}',
'{DOLLAR}',
'{OPEN_ANCHOR}',
'{CLOSE_ANCHOR}',
+ '{OPEN_LANGUAGE}',
+ '{CLOSE_LANGUAGE}',
'{OPEN_TEMPLATE}',
'{CLOSE_TEMPLATE}',
'{OPEN_CONFIG}',
'{CLOSE_INDEX}',
'{DBL_DOT}',
'{COMMENT}',
- '{BACKSLASH}'
+ '{BACKSLASH}',
+ '{SQUOTE}',
+ '{OPEN_TAG}',
+ '{CLOSE_TAG}'
),
);
/*
- * Characters allowed in URLs
+ * Characters allowed in booked URLs
*
* Note: Do not replace 'to' with 'from' and vise-versa! When you do this all booked URLs will be
* rejected because of the {SLASH}, {DOT} and all below listed items inside the URL.
if (is_array($_GET)) {
foreach ($_GET as $seckey => $secvalue) {
if (is_array($secvalue)) {
- // Throw arrays away...
+ // Throw arrays away ...
unset($_GET[$seckey]);
} else {
- // Only variables are allowed (non-array) but we secure them all!
+ // Only variables are allowed (non-array) but we secure them all.
$_GET[$seckey] = str_replace($GLOBALS['security_chars']['from'], $GLOBALS['security_chars']['to'], $_GET[$seckey]);
// Strip all other out