Commit a5e751a3151adf39ee71beb8d74e0294c73cbc1d
1 parent
bf069394
Exists in
master
ajustes de validação de variáveis
Showing
1 changed file
with
7 additions
and
4 deletions
Show diff stats
classesphp/pega_variaveis.php
| @@ -56,14 +56,16 @@ i3geo/classesphp/pega_variaveis.php | @@ -56,14 +56,16 @@ i3geo/classesphp/pega_variaveis.php | ||
| 56 | //echo "<pre>"; | 56 | //echo "<pre>"; |
| 57 | //var_dump($_POST);exit; | 57 | //var_dump($_POST);exit; |
| 58 | error_reporting(0); | 58 | error_reporting(0); |
| 59 | +$bl = array("passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen"," ","base64","contents","delete","drop","update","insert","exec","system",";"); | ||
| 59 | if (isset($_GET)) | 60 | if (isset($_GET)) |
| 60 | { | 61 | { |
| 61 | foreach(array_keys($_GET) as $k) | 62 | foreach(array_keys($_GET) as $k) |
| 62 | { | 63 | { |
| 63 | - $k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k); | 64 | + $k = str_ireplace($bl,"",$k); |
| 64 | if ($_GET[$k] != "''"){ | 65 | if ($_GET[$k] != "''"){ |
| 65 | $v = strip_tags($_GET[$k]); | 66 | $v = strip_tags($_GET[$k]); |
| 66 | - $v = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$v); | 67 | + $v = str_ireplace($bl,"",$v); |
| 68 | + //$v = filter_var($v, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW); | ||
| 67 | eval("\$".$k."='".(trim($v))."';"); | 69 | eval("\$".$k."='".(trim($v))."';"); |
| 68 | } | 70 | } |
| 69 | } | 71 | } |
| @@ -74,8 +76,9 @@ if (isset($_POST)) | @@ -74,8 +76,9 @@ if (isset($_POST)) | ||
| 74 | //var_dump($_POST);exit; | 76 | //var_dump($_POST);exit; |
| 75 | foreach(array_keys($_POST) as $k) | 77 | foreach(array_keys($_POST) as $k) |
| 76 | { | 78 | { |
| 77 | - $k = str_ireplace(array(" ","delete","drop","update","insert","exec","system",";"),"",$k); | ||
| 78 | - $_POST[$k] = str_ireplace(array("delete","drop","update","insert","exec","system",";"),"",$_POST[$k]); | 79 | + $k = str_ireplace($bl,"",$k); |
| 80 | + $_POST[$k] = str_ireplace($bl,"",$_POST[$k]); | ||
| 81 | + //$_POST[$k] = filter_var($_POST[$k], FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW); | ||
| 79 | if (($_POST[$k] != "''")) | 82 | if (($_POST[$k] != "''")) |
| 80 | eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';"); | 83 | eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';"); |
| 81 | 84 |