Rev 3 | Rev 9 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 3 | Rev 6 | ||
|---|---|---|---|
| Line 1... | Line 1... | ||
| 1 | <?php |
1 | <?php |
| 2 | 2 | ||
| 3 | // ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script! |
3 | // ATTENTION: This is a very simple XSS "Firewall". There ARE many other ways to do an XSS attack, so please don't rely on this script! |
| 4 | 4 | ||
| 5 | $xxx_directories_need_anti_xss = array( |
5 | $xxx_directories_need_anti_xss = array( |
| 6 | // Webseiten, die mit XSS verseucht sind |
- | |
| 7 | '/home/' |
6 | '/home/' |
| 8 | ); |
7 | ); |
| 9 | 8 | ||
| 10 | // --- |
9 | // --- |
| 11 | 10 | ||
| 12 | function ___check_xss___($str) { |
11 | function ___check_xss___($str) { |
| - | 12 | $ary = is_array($str) ? $str : array($str); |
|
| - | 13 | foreach ($ary as $str) { |
|
| 13 | if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
14 | if ((stripos($str, '<svg') !== false) || (stripos($str, '<script') !== false)) { |
| - | 15 | @header($_SERVER['SERVER_PROTOCOL'] . ' 500 Internal Server Error', true, 500); |
|
| 14 | die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
16 | die('There is a problem with the data you have entered. Please write us an email if you think you received this message in error. info at viathinksoft.de'); |
| 15 | } |
17 | } |
| 16 | } |
18 | } |
| - | 19 | } |
|
| 17 | 20 | ||
| 18 | // --- |
21 | // --- |
| 19 | 22 | ||
| 20 | $xxx_go = false; |
23 | $xxx_go = false; |
| 21 | foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) { |
24 | foreach ($xxx_directories_need_anti_xss as $xxx_directory_need_anti_xss) { |