[Sommaire] [Imprimer]

   1  <?php
   2      /**************************************************************************\
   3      * eGroupWare SiteMgr - Web Content Management                              *
   4      * http://www.egroupware.org                                                *
   5      * --------------------------------------------                             *
   6      *  This program is free software; you can redistribute it and/or modify it *
   7      *  under the terms of the GNU General Public License as published by the   *
   8      *  Free Software Foundation; either version 2 of the License, or (at your  *
   9      *  option) any later version.                                              *
  10      \**************************************************************************/
  11  
  12      /* $Id: security.inc.php 20295 2006-02-15 12:31:25Z  $ */
  13  
  14      // Security precaution: prevent script tags: <script>, <javascript "">, etc.
  15      foreach ($_GET as $secvalue)
  16      {
  17          if (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) 
  18          {
  19              die("A security breach has been attempted and refused.");
  20          }
  21      }
  22  
  23      // Security precaution: don't let anyone call xxx.inc.php files or
  24          // construct URLs with relative paths (ie, /dir1/../dir2/)
  25      // also deny direct access to blocks.
  26          if (eregi("\.inc\.php",$_SERVER['PHP_SELF']) || eregi("block-.*\.php",$_SERVER['PHP_SELF']) || ereg("\.\.",$_SERVER['PHP_SELF'])) 
  27      {
  28          die("Invalid URL");
  29      }
  30  ?>