advanced code snippet search

We Recommend

Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems Wicked Cool PHP: Real-World Scripts That Solve Difficult Problems
Wicked Cool PHP contains a wide variety of scripts to process credit cards, check the validity of email addresses, template HTML, and serve dynamic images and text.

Posted By

romanos on 05/29/08


Tagged

globals xss


Versions (?)


Who likes this?

1 person has marked this snippet as a favorite

heinz1959


Sanitise $_SERVER globals

Published in: PHP 

URL: http://www.php-fusion.co.uk

This code from pfp fusion engine.

Put it above your code in the php-script.

Plain TextExpand 
  1. // Clean URL Function, prevents entities in server globals
  2. function cleanurl($url) {
  3. 	$bad_entities = array("&", "\"", "'", '\"', "\'", "<", ">", "(", ")", "*");
  4. 	$safe_entities = array("&amp;", "", "", "", "", "", "", "", "", "");
  5. 	$url = str_replace($bad_entities, $safe_entities, $url);
  6. 	return $url;
  7. }
  8.  
  9. // Sanitise $_SERVER globals
  10. $_SERVER['PHP_SELF'] = cleanurl($_SERVER['PHP_SELF']);
  11. $_SERVER['QUERY_STRING'] = isset($_SERVER['QUERY_STRING']) ? cleanurl($_SERVER['QUERY_STRING']) : "";
  12. $_SERVER['REQUEST_URI'] = isset($_SERVER['REQUEST_URI']) ? cleanurl($_SERVER['REQUEST_URI']) : "";
  13. $PHP_SELF = cleanurl($_SERVER['PHP_SELF']);

Report this snippet 

You need to login to post a comment.