Rev 13 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 13 | Rev 14 | ||
---|---|---|---|
Line 9... | Line 9... | ||
9 | unset($xxx_vts_prepend_config); |
9 | unset($xxx_vts_prepend_config); |
10 | 10 | ||
11 | function ___check_xss___($str) { |
11 | function ___check_xss___($str) { |
12 | $ary = is_array($str) ? $str : array($str); |
12 | $ary = is_array($str) ? $str : array($str); |
13 | foreach ($ary as $str) { |
13 | foreach ($ary as $str) { |
- | 14 | if (!is_string($str)) continue; |
|
14 | if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
15 | if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
15 | #@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); |
16 | #@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); |
16 | @header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400); |
17 | @header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400); |
17 | die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
18 | die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
18 | } |
19 | } |