Menu
▾
▴
[xoops-svn] SF.net SVN: xoops:[10109] XoopsModules/newbb/branches/alfred/newbb/seo.php
|
From: <dh...@us...> - 2012-08-25 16:27:56
|
Revision: 10109
http://xoops.svn.sourceforge.net/xoops/?rev=10109&view=rev
Author: dhcst
Date: 2012-08-25 16:27:50 +0000 (Sat, 25 Aug 2012)
Log Message:
-----------
Update Path for XOOPS_URL
Modified Paths:
--------------
XoopsModules/newbb/branches/alfred/newbb/seo.php
Modified: XoopsModules/newbb/branches/alfred/newbb/seo.php
===================================================================
--- XoopsModules/newbb/branches/alfred/newbb/seo.php 2012-08-25 16:21:24 UTC (rev 10108)
+++ XoopsModules/newbb/branches/alfred/newbb/seo.php 2012-08-25 16:27:50 UTC (rev 10109)
@@ -1,6 +1,6 @@
<?php
/*
- * $Id: seo.php 62 2012-08-17 10:15:26Z alfred $
+ * $Id: seo.php,v 1.5 2006/08/15 19:52:08 malanciault Exp $
* Module: newbbss
* Author: Sudhaker Raj <http://xoops.biz>
* Licence: GNU
@@ -26,7 +26,9 @@
{
// module specific dispatching logic, other module must implement as
// per their requirements.
- $newUrl = XOOPS_URL . '/modules/newbb/' . $seoMap[$seoOp];
+ $ori_self = $_SERVER['PHP_SELF'];
+ $ori_self = explode("modules/newbb", $ori_self);
+ $newUrl = $ori_self[0] . 'modules/newbb/' . $seoMap[$seoOp];
$_ENV['PHP_SELF'] = $newUrl;
$_SERVER['SCRIPT_NAME'] = $newUrl;
$_SERVER['PHP_SELF'] = $newUrl;
@@ -80,28 +82,24 @@
// Leerzeichen am Anfang und Ende beseitigen
$value = trim($value);
- // pr\xFCfe auf javascript include
- $str = strstr( $value , '<script' );
- if( $str !== false ) {
- $value = '';
- }
+ // pruefe auf javascript include
+ if ( strstr($value , '<script') !== false ) $value = '';
- // pr\xFCfe auf Kommentare (SQL-Injections)
- $str = strstr( $value , '/*' ) ;
- if( $str !== false ) {
- $value = '';
- }
+ // pruefe auf Kommentare (SQL-Injections)
+ if ( strstr($value , '/*' !== false) ) $value = '';
- //pr\xFCfe Verzeichnis
- $str = strstr( $value , '../' ) ;
- if( $str !== false ) {
- $value = '';
- }
+ // pruefe UNION Injections
+ if ( preg_match('/\sUNION\s+(ALL|SELECT)/i' , $value) ) $value = '';
+ // Nullbyte Injection
+ if ( strstr($value , chr(0)) !== false ) $value = '';
+
+ //pruefe Verzeichnis
+ if ( strstr($value , '../') !== false ) $value = '';
+
+ //pruefe auf externe
$str = strstr( $value , '://' ) ;
- if( $str !== false ) {
- $value = '';
- }
+ if ( strstr($value , '://') !== false ) $value = '';
return $value;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
