ndexa
  • Fatal Error
    Fatal Error: could not open XML input (http://news.yandex.ru/index.rss)...
    >>

: .



: 6.7 . 7.0, , .

:

:

/engine/modules/functions.php

:

<!-- code1 -->
<!-- ecode1 --> function check_xss () {

$url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, './') !== false) ||
(strpos($url, '../') !== false) ||
(strpos($url, '\'') !== false) ||
(strpos($url, '.php') !== false)
)
{
if ($_GET['do'] != "search" OR $_GET['subaction'] != "search")die("Hacking attempt!");
}

}

} <!-- code2 -->
<!-- ecode2 -->

:

<!-- code1 -->
<!-- ecode1 --> function check_xss () {

$url = html_entity_decode(urldecode($_SERVER['QUERY_STRING']));

if ($url) {

if ((strpos($url, '<') !== false) ||
(strpos($url, '>') !== false) ||
(strpos($url, '"') !== false) ||
(strpos($url, './') !== false) ||
(strpos($url, '../') !== false) ||
(strpos($url, '\'') !== false) ||
(strpos($url, '[') !== false) ||
(strpos($url, ']') !== false) ||
(strpos($url, '{') !== false) ||
(strpos($url, '}') !== false) ||
(strpos($url, '.php') !== false)
)
{
if ($_GET['do'] != "search" OR $_GET['subaction'] != "search")die("Hacking attempt!");
}

}

} <!-- code2 -->
<!-- ecode2 -->

/engine/inc/functions.inc.php


Alexander, -. , 5369

  (0)

?