Login | ViewVC Help
View File | Revision Log | Show Annotations | Download File | View Changeset | Root Listing
root/prepend/trunk/php_auto_pre/004-anti-xss.php
Revision: 3
Committed: Mon Nov 18 12:20:14 2019 UTC (6 months, 2 weeks ago) by daniel-marschall
File size: 1460 byte(s)
Log Message:
Added super simple XSS filter

File Contents

# Content
1 <?php
2
3 // ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script!
4
5 $xxx_directories_need_anti_xss = array(
6 // Webseiten, die mit XSS verseucht sind
7 '/home/'
8 );
9
10 // ---
11
12 function ___check_xss___($str) {
13 if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) {
14 die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de');
15 }
16 }
17
18 // ---
19
20 $xxx_go = false;
21 foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) {
22 if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_anti_xss) === 0) {
23 $xxx_go = true;
24 }
25 }
26 unset($xxx_directories_need_anti_xss);
27 unset($xxx_directory_need_anti_xss);
28 if ($xxx_go) {
29 if (isset($_SERVER['REQUEST_URI'])) ___check_xss___($_SERVER['REQUEST_URI']);
30 if (isset($_SERVER['QUERY_STRING'])) ___check_xss___($_SERVER['QUERY_STRING']);
31 if (isset($_SERVER['SCRIPT_URI'])) ___check_xss___($_SERVER['SCRIPT_URI']);
32 if (isset($_SERVER['SCRIPT_URL'])) ___check_xss___($_SERVER['SCRIPT_URL']);
33 if (isset($_SERVER['PHP_SELF'])) ___check_xss___($_SERVER['PHP_SELF']);
34
35 # Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen ├╝berschreibt!
36 foreach ($_REQUEST as $___key___ => $___val___) {
37 ___check_xss___($___val___);
38 }
39 unset($___key___);
40 unset($___val___);
41 }
42 unset($xxx_go);