Subversion Repositories prepend

Rev

Rev 6 | Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
3 daniel-mar 1 
<?php
2 
 
3 
// ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script!
4 
 
5 
$xxx_directories_need_anti_xss = array(
6 
        // Webseiten, die mit XSS verseucht sind
7 
        '/home/'
8 
);
9 
 
10 
// ---
11 
 
12 
function ___check_xss___($str) {
13 
        if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) {
14 
                die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de');
15 
        }
16 
}
17 
 
18 
// ---
19 
 
20 
$xxx_go = false;
21 
foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) {
22 
        if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_anti_xss) === 0) {
23 
                $xxx_go = true;
24 
        }
25 
}
26 
unset($xxx_directories_need_anti_xss);
27 
unset($xxx_directory_need_anti_xss);
28 
if ($xxx_go) {
29 
        if (isset($_SERVER['REQUEST_URI'])) ___check_xss___($_SERVER['REQUEST_URI']);
30 
        if (isset($_SERVER['QUERY_STRING'])) ___check_xss___($_SERVER['QUERY_STRING']);
31 
        if (isset($_SERVER['SCRIPT_URI'])) ___check_xss___($_SERVER['SCRIPT_URI']);
32 
        if (isset($_SERVER['SCRIPT_URL'])) ___check_xss___($_SERVER['SCRIPT_URL']);
33 
        if (isset($_SERVER['PHP_SELF'])) ___check_xss___($_SERVER['PHP_SELF']);
34 
 
35 
        # Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt!
36 
        foreach ($_REQUEST as $___key___ => $___val___) {
37 
                ___check_xss___($___val___);
38 
        }
39 
        unset($___key___);
40 
        unset($___val___);
41 
}
42 
unset($xxx_go);