} /* Security against those with register globals = on */ if (ini_get('register_globals')) { ini_set('register_globals', FALSE); foreach ($_REQUEST as $requestVarName => $nullIT) { unset($requestVarName); } unset($nullIT); } /* Attempts to turn off use_trans_sid if enabled */ if (ini_get('session.use_trans_sid')) { ini_set('session.use_trans_sid', FALSE); ini_set('url_rewriter.tags', ''); } // Attempt to clean out the xss tags if (!PHPWS_Core::allowScriptTags() && (!checkUserInput($_SERVER['REQUEST_URI']) || !checkUserInput($_REQUEST))) { Security::log(_('Attempted cross-site scripting attack.')); PHPWS_Core::errorPage('400'); } /** * Checks for <script> embedding and any double-URL-encoded data * * @return bool */ function checkUserInput($input) { $scripting = '/(%3C|<|<|<)\\s*(script|\\?)/iU'; $asciiChars = '/%(0|1)(\\d|[a-f])/i'; // Call recursively if input is an array if (is_array($input)) { foreach ($input as $input_val) {