function dhtmlchars($string) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = dhtmlchars($val); } } else { $string = preg_replace('/&((#(\\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1', str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string)); } return $string; }
<?php # MetInfo Enterprise Content Management System # Copyright (C) MetInfo Co.,Ltd (http://www.metinfo.cn). All rights reserved. require_once '../include/common.inc.php'; if ($action == 'admin') { if (isblank($id)) { echo $lang_loginIntput; exit; } $id = dhtmlchars(trim($id)); foreach ($char_key as $value) { if (strpos($id, $value) !== false) { echo $lang_loginUserErr; exit; } } unset($id_list); $id_list = $db->get_one("select admin_id from {$met_admin_table} where admin_id = '{$id}'"); if ($id_list[admin_id]) { echo $lang_loginUserMudb; exit; } else { echo $lang_loginRegok; exit; } } # This program is an open source system, commercial use, please consciously to purchase commercial license. # Copyright (C) MetInfo Co., Ltd. (http://www.metinfo.cn). All rights reserved.