}
/* Security against those with register globals = on */
if (ini_get('register_globals')) {
ini_set('register_globals', FALSE);
foreach ($_REQUEST as $requestVarName => $nullIT) {
unset($requestVarName);
}
unset($nullIT);
}
/* Attempts to turn off use_trans_sid if enabled */
if (ini_get('session.use_trans_sid')) {
ini_set('session.use_trans_sid', FALSE);
ini_set('url_rewriter.tags', '');
}
// Attempt to clean out the xss tags
if (!PHPWS_Core::allowScriptTags() && (!checkUserInput($_SERVER['REQUEST_URI']) || !checkUserInput($_REQUEST))) {
Security::log(_('Attempted cross-site scripting attack.'));
PHPWS_Core::errorPage('400');
}
/**
* Checks for <script> embedding and any double-URL-encoded data
*
* @return bool
*/
function checkUserInput($input)
{
$scripting = '/(%3C|<|<|<)\\s*(script|\\?)/iU';
$asciiChars = '/%(0|1)(\\d|[a-f])/i';
// Call recursively if input is an array
if (is_array($input)) {
foreach ($input as $input_val) {
