Download as
Browse Code »

Commit ad2fd62990eb70b42e54640e7234844cd7720986

Authored by Edmar Moretti
1 parent faad436d
Exists in master and in 7 other branches composer, doc-root, docker, guia, licenca, readme, unmaintened

ajustes de validação de variáveis

Showing 2 changed files with 7 additions and 6 deletions   Show diff stats
classesphp/pega_variaveis.php
  Diff comments   View file @ad2fd62
... ... @@ -56,14 +56,16 @@ i3geo/classesphp/pega_variaveis.php
56 56 //echo "<pre>";
57 57 //var_dump($_POST);exit;
58 58 error_reporting(0);
  59 +$bl = array("passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen"," ","base64","contents","delete","drop","update","insert","exec","system",";");
59 60 if (isset($_GET))
60 61 {
61 62 foreach(array_keys($_GET) as $k)
62 63 {
63   - $k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k);
  64 + $k = str_ireplace($bl,"",$k);
64 65 if ($_GET[$k] != "''"){
65 66 $v = strip_tags($_GET[$k]);
66   - $v = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$v);
  67 + $v = str_ireplace($bl,"",$v);
  68 + //$v = filter_var($v, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
67 69 eval("\$".$k."='".(trim($v))."';");
68 70 }
69 71 }
... ... @@ -74,8 +76,9 @@ if (isset($_POST))
74 76 //var_dump($_POST);exit;
75 77 foreach(array_keys($_POST) as $k)
76 78 {
77   - $k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k);
78   - $_POST[$k] = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$_POST[$k]);
  79 + $k = str_ireplace($bl,"",$k);
  80 + $_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
  81 + //$_POST[$k] = filter_var($_POST[$k], FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
79 82 if (($_POST[$k] != "''"))
80 83 eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';");
81 84  
... ...
ms_criamapa.php
  Diff comments   View file @ad2fd62
... ... @@ -221,8 +221,6 @@ filtros - filtros podem ser adicionados incluindo o parametro da seguinte forma:
221 221 ";
222 222 exit;
223 223 }
224   -
225   -
226 224 //$_COOKIE = array();
227 225 //
228 226 //quando $funcao existe, &eacute; pq o ms_criamapa.php est&aacute; sendo utilizado como um include em classesphp/mapa_controle.php
... ...