/** * Security: Return true if OK, false otherwise. * * @param string &$var Variable name * @param string $type 1=GET, 0=POST, 2=PHP_SELF * @return boolean true if ther is an injection */ function analyse_sql_and_script(&$var, $type) { if (is_array($var)) { foreach ($var as $key => $value) { if (analyse_sql_and_script($value, $type)) { $var[$key] = $value; } else { print 'Access refused by SQL/Script injection protection in main.inc.php'; exit; } } return true; } else { return (test_sql_and_script_inject($var, $type) <= 0); } }
/** * Security: Return true if OK, false otherwise. * * @param string $var Variable name * @param string $type 1=GET, 0=POST, 2=PHP_SELF * @return boolean true if there is an injection */ function analyse_sql_and_script(&$var, $type) { if (is_array($var)) { foreach ($var as $key => $value) { if (analyse_sql_and_script($value, $type)) { $var[$key] = $value; } else { print 'Access refused by SQL/Script injection protection in main.inc.php (type=' . htmlentities($type) . ' key=' . htmlentities($key) . ' value=' . htmlentities($value) . ' page=' . htmlentities($_SERVER["REQUEST_URI"]) . ')'; exit; } } return true; } else { return test_sql_and_script_inject($var, $type) <= 0; } }