function CheckData($data, $security_version)
{
if (is_array($data)) {
foreach ($data as $name => $value) {
CheckData($value, $security_version);
}
return;
}
$sql_words = array("UNION(.*?)SELECT(.*?)FROM" => "SQL-Injection", "SET(.*?)=" => "SQL-Injection / Datenmanipulation");
foreach ($sql_words as $word => $type) {
if (preg_match("#" . str_replace("#", "\\#", $word) . "#ism", $data)) {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Security Alert</title>
</head>
<body>
<center>
<font style="color: red; font-size: 50px; font-family: Verdana; font-weight: bold;">! SECURITY ALERT !</font><br />
<font style="color: black; font-size: 14px; font-family: Verdana;"><b>Versuchtes eindingen ins System per <?php
echo $type;
?>
gestoppt.</b></font><br /><br /><br />
</center>
</body>
</html>
<?php
exit;
}
}
}
function saveTmpData()
{
$query = 'BEGIN; LOCK "MapSettings";';
$tables = getTables();
$tbl_del = "";
$ins = "";
for ($i = 0; $i < count($tables); $i++) {
$table = $tables[$i];
$tmpT = tmpTable($table, TRUE);
if (strlen($tbl_del) > 0) {
$tbl_del .= ', ';
}
$tbl_del .= '"' . $table . '"';
$ins .= ' INSERT INTO "' . $table . '" SELECT * FROM "' . $tmpT . '";';
}
$query .= ' TRUNCATE ' . $tbl_del . ' CASCADE;' . $ins;
$query .= ' COMMIT;';
$res = PQuery($query);
if (!isset($res['error'])) {
$res = setMapLastEdit();
}
if (!isset($res['error'])) {
$res = CheckData();
}
return $res;
}
