function CheckData($data, $security_version) { if (is_array($data)) { foreach ($data as $name => $value) { CheckData($value, $security_version); } return; } $sql_words = array("UNION(.*?)SELECT(.*?)FROM" => "SQL-Injection", "SET(.*?)=" => "SQL-Injection / Datenmanipulation"); foreach ($sql_words as $word => $type) { if (preg_match("#" . str_replace("#", "\\#", $word) . "#ism", $data)) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Security Alert</title> </head> <body> <center> <font style="color: red; font-size: 50px; font-family: Verdana; font-weight: bold;">! SECURITY ALERT !</font><br /> <font style="color: black; font-size: 14px; font-family: Verdana;"><b>Versuchtes eindingen ins System per <?php echo $type; ?> gestoppt.</b></font><br /><br /><br /> </center> </body> </html> <?php exit; } } }
function saveTmpData() { $query = 'BEGIN; LOCK "MapSettings";'; $tables = getTables(); $tbl_del = ""; $ins = ""; for ($i = 0; $i < count($tables); $i++) { $table = $tables[$i]; $tmpT = tmpTable($table, TRUE); if (strlen($tbl_del) > 0) { $tbl_del .= ', '; } $tbl_del .= '"' . $table . '"'; $ins .= ' INSERT INTO "' . $table . '" SELECT * FROM "' . $tmpT . '";'; } $query .= ' TRUNCATE ' . $tbl_del . ' CASCADE;' . $ins; $query .= ' COMMIT;'; $res = PQuery($query); if (!isset($res['error'])) { $res = setMapLastEdit(); } if (!isset($res['error'])) { $res = CheckData(); } return $res; }