diff --git a/admin/admin.db b/admin/admin.db
index 5070d39..bc2ae8e 100755
Binary files a/admin/admin.db and b/admin/admin.db differ
diff --git a/classesphp/funcoes_gerais.php b/classesphp/funcoes_gerais.php
index 68632be..a185a1a 100755
--- a/classesphp/funcoes_gerais.php
+++ b/classesphp/funcoes_gerais.php
@@ -2829,6 +2829,7 @@ function cloneInlineSymbol($layern,$nmapa,$mapa){
 //recupera um mapfile armazenado no banco de dados de administracao
 //ver admin/php/mapas.php salvaMapfile
 function restauraMapaAdmin($id_mapa,$dir_tmp){
+	return;
 	include(dirname(__FILE__)."/../admin/php/conexao.php");
 	if(!empty($esquemaadmin)){
 		$esquemaadmin = str_replace(".","",$esquemaadmin).".";
diff --git a/classesphp/pega_variaveis.php b/classesphp/pega_variaveis.php
index 4333043..0883dc2 100755
--- a/classesphp/pega_variaveis.php
+++ b/classesphp/pega_variaveis.php
@@ -56,16 +56,16 @@ i3geo/classesphp/pega_variaveis.php
 //echo "<pre>";
 //var_dump($_POST);exit;
 error_reporting(0);
-$bl = array("passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen"," ","base64","contents","delete","drop","update","insert","exec","system",";");
+$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
 if (isset($_GET))
 {
 	foreach(array_keys($_GET) as $k)
 	{
 		$k = str_ireplace($bl,"",$k);
+		$k = filter_var($k, FILTER_SANITIZE_STRING);
 		if ($_GET[$k] != "''"){
 			$v = strip_tags($_GET[$k]);
 			$v = str_ireplace($bl,"",$v);
-			//$v = filter_var($v, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
 			eval("\$".$k."='".(trim($v))."';");
 		}
 	}
@@ -77,8 +77,8 @@ if (isset($_POST))
 	foreach(array_keys($_POST) as $k)
 	{
 		$k = str_ireplace($bl,"",$k);
+		$k = filter_var($k, FILTER_SANITIZE_STRING);
 		$_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
-		//$_POST[$k] = filter_var($_POST[$k], FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
 		if (($_POST[$k] != "''"))
 		eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';");
 
--
libgit2 0.21.2