function unsafe_array( &$my_array )
{
foreach( $my_array as $key => &$value )
{
$value = unsafe( $value );
}
return $my_array;
}
function cleaninput($input)
{
global $db_con, $block_attacks;
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
// delete quotes
}
/*
// prevent Directory Traversal attacks
if(preg_match('/\.\.\/|\.\.\\\/i', $input)) {
$input = '';
}
// prevent SQL-injection
if (substr_count($input,"'") != '1') {
$input = mysql_real_escape_string($input);
} else {
$input = str_replace('\\','\\\\', $input); // if one slash is part of the query, we have to allow it . . .
$input = str_replace('"','\"', $input); // never the less we need to prevent SQL attacks
}
*/
// prevent SQL-injection
$input = $db_con->real_escape_string($input);
if (preg_match("/%FF%FE%3C%73%63%72%69%70%74%3E/i", $input)) {
// tr/vb.hpq trojan
$input = '';
}
if ($block_attacks == "1") {
// prevent XSS-attack and Shell-execute
if (preg_match("/cmd|CREATE|DELETE|DROP|eval|EXEC|File|INSERT|printf/i", $input)) {
$input = '';
}
if (preg_match("/LOCK|PROCESSLIST|SELECT|shell|SHOW|SHUTDOWN/i", $input)) {
$input = '';
}
if (preg_match("/SQL|SYSTEM|TRUNCATE|UNION|UPDATE|DUMP/i", $input)) {
$input = '';
}
// suppress JavaScript execution and tag inclusions
$input = unsafe($input);
}
return $input;
}
