PhpSnip.com

Navigation

Resources

User Stats

  • 3313 subscribers
    ( Subscribe Now )
  • 8 guests online
  • 347 hits Today
  • 588 hits Yesterday
  • 22725 hits this month
  • Total 516106 hits
  • Total Scripts : 580

CGI Filter

This is a piece of code to help reduce security holes at the application level.

Info

 Download  View Source (print view)
 Rating : 4.7  Views : 132

Source Code ( 74 lines )

<?

####################################################################
#  PHP  CGI-Filter, can be used with $_COOKIE, $_POST, $_GET, etc...
#  Date    : 11/05/2003
#  Version : 0.9
#  Author  : Cameron Jacobson
#  Questions / Comments  :  cameron@tripdubdev.com
#  Please send word of any benchmarks produced, best order for the 'alphabet' string, etc...

#  Installation:  Include the following line at the top of your script
#     include 'filename.php';   where filename is the name of this file

#  Instructions:
#  Define the characters you will allow in your PHP apps in the
#  $alphabet variable...
#  AND, add variables accordingly if you want to filter 
#  $_COOKIE, $_FILES, $_SESSION variables, etc...

#  NOTE:  In order for this filter to be useful, you should not have 
#         REGISTER_GLOBALS on, or should at least not program
#         your scripts as though it were on

#  LICENSE  :  To use this piece of software you must agree with
#              the terms and conditions of the GNU GPL.

####################################################################

        $alphabet="rn abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890<>=/._";


$post=$_POST;
$get=$_GET;
$postcount=count($post) -1;
$getcount=count($get) -1;
$getkeys=array_keys($get);
$postkeys=array_keys($post);

while($getcount>0) {
$key=$getkeys[$getcount];
$variable=$get[$key];

        $variable=$variable1=trim(strtolower($variable));
        $vnum=0;


        while($variable2=$variable1[$vnum]) {
                if(!strstr($alphabet,$variable2) || $variable2==""") {
			$variable=str_replace($variable2,'',$variable);
                        }
                $vnum=$vnum+1;
                }
	$_GET[$key]=$variable;
	$getcount=$getcount-1;
	}

while($postcount>0) {

$key=$postkeys[$postcount];
$variable=$post[$key];
        $variable=$variable1=trim(strtolower($variable));
        $vnum=0;


        while($variable2=$variable1[$vnum]) {
                if(!strstr($alphabet,$variable2) || $variable2==""") {
                        $variable=str_replace($variable2,'',$variable);
                        }
                $vnum=$vnum+1;
                }
	$_POST[$key]=$variable;
        $postcount=$postcount-1;
        }
?>

Search

Subscribe

  Rss Feeds

Recently Searched

i need webmail login name and password, search results, project, php script" class="neww" target="_blank" title="im neuen, unction, yahoo status check, anton sorina, guest, php snips, doc,_pdf,_rtf,_xsl__files_to_a_single_pdf_at_runtime, php script" class="neww" target="_b...', twenty_2007, paper without wood, \"php_script, yahoo_status, yahoostatus, auto loading combo box, bbcode, page link, php script" class="neww" target="_blank" title="im neuen fens, comment

Sponsors

Advertise

Copyrights 2010 PhpSnip.com. All rights reserved.