Пример #1
0
	/**
	 * @param string $name
	 * @param string $value
	 */
	protected function addVariable($name, $value)
	{
		if(!is_string($value))
			return;
		if(strlen($value) <= 2)
			return; //too short
		if(preg_match("/^(?P<quot>[\"']?)[^,;+\-*\/\{\}\[\]\(\)&\\|=\\\\]*(?P=quot)\$/D", $value))
			return; //there is no potantially dangerous code
		if(preg_match("/^[,0-9_-]*\$/D", $value))
			return; //there is no potantially dangerous code
		if($name === '$_COOKIE[__utmz]' && preg_match("/^[0-9.]++(utm[a-z]{3}=\(?([a-z\/0-1.]++|\(not provided\))\)?\|?)++\$/iD", $value))
			return; //there is no potantially dangerous code, google analytics

		$this->variables->addVariable($name, str_replace(chr(0), "", $value));
	}
Пример #2
0
 /**
  * @param string $name
  * @param string $value
  */
 protected function addVariable($name, $value)
 {
     if (!is_string($value)) {
         return;
     }
     if (strlen($value) <= 2) {
         return;
     }
     //too short
     if (preg_match("/^(?P<quot>[\"']?)[^`,;+\\-*\\/\\{\\}\\[\\]\\(\\)&\\|=\\\\]*(?P=quot)\$/D", $value)) {
         return;
     }
     //there is no potantially dangerous code
     if (preg_match("/^[,0-9_-]*\$/D", $value)) {
         return;
     }
     //there is no potantially dangerous code
     $this->variables->addVariable($name, str_replace(chr(0), "", $value));
 }
Пример #3
0
 /**
  * @param string $name
  * @param string $value
  */
 protected function addVariable($name, $value)
 {
     if (!is_string($value)) {
         return;
     }
     if (strlen($value) <= 2) {
         return;
     }
     //too short
     if (preg_match("/^[^,;\\'\"+\\-*\\/\\{\\}\\[\\]\\(\\)&\\|=\\\\]*\$/D", $value)) {
         return;
     }
     //there is no potantially dangerous code
     if (preg_match("/^[,0-9_-]*\$/D", $value)) {
         return;
     }
     //there is no potantially dangerous code
     if ($name === '$_COOKIE[__utmz]' && preg_match("/^[0-9.]++(utm[a-z]{3}=\\(?([a-z\\/0-1.]++|\\(not provided\\))\\)?\\|?)++\$/iD", $value)) {
         return;
     }
     //there is no potantially dangerous code, google analytics
     $this->variables->addVariable($name, str_replace(chr(0), "", $value));
 }