function filter() { error_reporting(0); require_once 'dati.php'; require_once 'rules.php'; //Concat all input parameter $var = array_merge($_GET, $_POST, $_COOKIE); array_push($var, $_SERVER['HTTP_USER_AGENT']); //if var has no element I don't need to parse... if (count($var) == 0) { return 0; } if ($dati['browser_whitelist'] == 1) { $i = 0; foreach ($browser_whitelist as $value) { preg_match("/{$value}/msi", $_SERVER['HTTP_USER_AGENT']) ? $i++ : ''; } $i == 0 ? die('Your browser is not supported, get a standard browser') : ''; } //if we have all filters I don't check what filter are on if (strcmp($dati['filters'], 'all') == 0) { foreach ($var as $value) { if (!is_int($value)) { //integer value can't be dangerous foreach ($rules as $rule) { //I'll check in rule if input can be dangerouse if (preg_match("/{$rule['regexp']}/msi", $value)) { found(); } } } } } else { foreach ($var as $value) { if (!is_int($value)) { //integer value can't be dangerous foreach ($rules as $rule) { if (preg_match("/{$dati['filters']}/msi", $rule['type'])) { if (preg_match("/{$rule['regexp']}/msi", $value)) { if ($dati['alert'] == 1) { found(); } } } } } } } //else }
function notfound($obj, $cond) { return !found($obj, $cond); }