| 0,0 → 1,42 |
|---|
| <?php |
| |
| // ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script! |
| |
| $xxx_directories_need_anti_xss = array( |
| // Webseiten, die mit XSS verseucht sind |
| '/home/' |
| ); |
| |
| // --- |
| |
| function ___check_xss___($str) { |
| if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
| die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
| } |
| } |
| |
| // --- |
| |
| $xxx_go = false; |
| foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) { |
| if (strpos($_SERVER['SCRIPT_FILENAME'], $xxx_directory_need_anti_xss) === 0) { |
| $xxx_go = true; |
| } |
| } |
| unset($xxx_directories_need_anti_xss); |
| unset($xxx_directory_need_anti_xss); |
| if ($xxx_go) { |
| if (isset($_SERVER['REQUEST_URI'])) ___check_xss___($_SERVER['REQUEST_URI']); |
| if (isset($_SERVER['QUERY_STRING'])) ___check_xss___($_SERVER['QUERY_STRING']); |
| if (isset($_SERVER['SCRIPT_URI'])) ___check_xss___($_SERVER['SCRIPT_URI']); |
| if (isset($_SERVER['SCRIPT_URL'])) ___check_xss___($_SERVER['SCRIPT_URL']); |
| if (isset($_SERVER['PHP_SELF'])) ___check_xss___($_SERVER['PHP_SELF']); |
| |
| # Warum so viele ___ ? Damit man auf keinen Fall ein GET/POST Argument mit diesen Variablen überschreibt! |
| foreach ($_REQUEST as $___key___ => $___val___) { |
| ___check_xss___($___val___); |
| } |
| unset($___key___); |
| unset($___val___); |
| } |
| unset($xxx_go); |