Rev 13 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 13 | Rev 14 | ||
|---|---|---|---|
| Line 9... | Line 9... | ||
| 9 | unset($xxx_vts_prepend_config); |
9 | unset($xxx_vts_prepend_config); |
| 10 | 10 | ||
| 11 | function ___check_xss___($str) { |
11 | function ___check_xss___($str) { |
| 12 | $ary = is_array($str) ? $str : array($str); |
12 | $ary = is_array($str) ? $str : array($str); |
| 13 | foreach ($ary as $str) { |
13 | foreach ($ary as $str) { |
| - | 14 | if (!is_string($str)) continue; |
|
| 14 | if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
15 | if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
| 15 | #@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); |
16 | #@header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); |
| 16 | @header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400); |
17 | @header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request', true, 400); |
| 17 | die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
18 | die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
| 18 | } |
19 | } |