Posted By

romanos on 05/29/08


Tagged

globals xss


Versions (?)

Who likes this?

2 people have marked this snippet as a favorite

heinz1959
lfcortes


Sanitise $_SERVER globals


 / Published in: PHP
 

URL: http://www.php-fusion.co.uk

This code from pfp fusion engine.

Put it above your code in the php-script.

  1. // Clean URL Function, prevents entities in server globals
  2. function cleanurl($url) {
  3. $bad_entities = array("&", "\"", "'", '\"', "\'", "<", ">", "(", ")", "*");
  4. $safe_entities = array("&amp;", "", "", "", "", "", "", "", "", "");
  5. $url = str_replace($bad_entities, $safe_entities, $url);
  6. return $url;
  7. }
  8.  
  9. // Sanitise $_SERVER globals
  10. $_SERVER['PHP_SELF'] = cleanurl($_SERVER['PHP_SELF']);
  11. $_SERVER['QUERY_STRING'] = isset($_SERVER['QUERY_STRING']) ? cleanurl($_SERVER['QUERY_STRING']) : "";
  12. $_SERVER['REQUEST_URI'] = isset($_SERVER['REQUEST_URI']) ? cleanurl($_SERVER['REQUEST_URI']) : "";
  13. $PHP_SELF = cleanurl($_SERVER['PHP_SELF']);

Report this snippet  

You need to login to post a comment.