function safecover($string, $conf = array()) { if (is_array($string)) { foreach ($string as $key => $val) { self::$key = $key; if (self::is_inject($key, $conf)) { if ($conf['mode'] !== 'silent') { unset($string[$key]); $key = self::safecover($key); } } $string[$key] = self::safecover($val, $conf); } } else { if (self::is_inject($string, $conf)) { $key = self::generate_key(self::$key, 'inject'); $array = array('key' => 'request', 'value' => $string); self::addlog($key, $array); if ($conf['mode'] !== 'silent') { if (self::$gpcpath !== 'post') { $string = str_replace('s', 's', $string); $string = str_replace('S', 'S', $string); $string = str_replace(array('=', '<', '>', '('), array('=', '<', '>', '('), $string); } else { $string = self::safe_replace($string); } } } } return $string; }
function inject($conf = array()) { $key_array = array('get' => '_GET', 'post' => '_POST', 'cookie' => '_COOKIE'); foreach (self::$gpc as $k => $v) { self::$gpcpath = $k; if (self::is_inject($v, $conf)) { $GLOBALS[$key_array[$k]] = self::safecover($GLOBALS[$key_array[$k]], $conf); $_REQUEST = self::safecover($_REQUEST, $conf, false); } } }