|
12.02.2006, 11:10
Вроде всё правильно.
PHP код:
$user = base64_decode($user);
$user = addslashes($user);
$user = base64_encode($user);
}
if (!defined('ADMIN_FILE')) {
foreach ($_GET as $sec_key => $secvalue) {
if((eregi("<[^>]*script*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*style*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*onmouseover *\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*body *\"?[^>]*", $secvalue)) ||
(eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
(eregi("\"", $secvalue)) ||
(eregi("forum_admin", $sec_key)) ||
(eregi("inside_mod", $sec_key)))
{
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
foreach ($_POST as $secvalue) {
if ((eregi("<[^>]*iframe*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*object*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*applet*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*meta*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*form*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*img*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*onmouseover*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]script*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]*body*\"?[^>]*", $secvalue)) ||
(eregi("<[^>]style*\"?[^>]*", $secvalue)))
{
die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=\"javascript:history.go(-1)\"><b>Go Back</b></a> ]");
}
}
}
if (stristr($_SERVER['PHP_SELF'], "mainfile.php")) {
Header("Location: index.php");
die();
|
|