ajustes de validação de variáveis

Edmar Moretti
1 parent bf069394
Showing 1 changed file with 7 additions and 4 deletions Show diff stats
classesphp/pega_variaveis.php
@@ -56,14 +56,16 @@ i3geo/classesphp/pega_variaveis.php
 //echo "<pre>";
 //var_dump($_POST);exit;
 error_reporting(0);
+$bl = array("passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen"," ","base64","contents","delete","drop","update","insert","exec","system",";");
 if (isset($_GET))
 {
 	foreach(array_keys($_GET) as $k)
 	{
-		$k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k);
+		$k = str_ireplace($bl,"",$k);
 		if ($_GET[$k] != "''"){
 			$v = strip_tags($_GET[$k]);
-			$v = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$v);
+			$v = str_ireplace($bl,"",$v);
+			//$v = filter_var($v, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
 			eval("\$".$k."='".(trim($v))."';");
 		}
 	}
@@ -74,8 +76,9 @@ if (isset($_POST))
 	//var_dump($_POST);exit;
 	foreach(array_keys($_POST) as $k)
 	{
-		$k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k);
-		$_POST[$k] = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$_POST[$k]);
+		$k = str_ireplace($bl,"",$k);
+		$_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
+		//$_POST[$k] = filter_var($_POST[$k], FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
 		if (($_POST[$k] != "''"))
 		eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';");
...	...	@@ -56,14 +56,16 @@ i3geo/classesphp/pega_variaveis.php
56	56	//echo "<pre>";
57	57	//var_dump($_POST);exit;
58	58	error_reporting(0);
	59	+$bl = array("passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen"," ","base64","contents","delete","drop","update","insert","exec","system",";");
59	60	if (isset($_GET))
60	61	{
61	62	foreach(array_keys($_GET) as $k)
62	63	{
63		- $k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k);
	64	+ $k = str_ireplace($bl,"",$k);
64	65	if ($_GET[$k] != "''"){
65	66	$v = strip_tags($_GET[$k]);
66		- $v = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$v);
	67	+ $v = str_ireplace($bl,"",$v);
	68	+ //$v = filter_var($v, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
67	69	eval("\$".$k."='".(trim($v))."';");
68	70	}
69	71	}
...	...	@@ -74,8 +76,9 @@ if (isset($_POST))
74	76	//var_dump($_POST);exit;
75	77	foreach(array_keys($_POST) as $k)
76	78	{
77		- $k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k);
78		- $_POST[$k] = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$_POST[$k]);
	79	+ $k = str_ireplace($bl,"",$k);
	80	+ $_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
	81	+ //$_POST[$k] = filter_var($_POST[$k], FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
79	82	if (($_POST[$k] != "''"))
80	83	eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';");
81	84
...	...