Changeset 23
- Timestamp:
- Mar 5, 2010, 1:53:30 PM (14 years ago)
- Location:
- trunk
- Files:
-
- 1 deleted
- 11 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/admin.php
r21 r23 124 124 $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error()); 125 125 mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error()); 126 # mysql_set_charset('utf8', $dbi);127 126 mysql_query("SET NAMES 'utf8'", $dbi); 128 127 //---10/05/2009 gestione consultazione predefinita -
trunk/admin/footer.php
r2 r23 8 8 9 9 $PHP_SELF=$_SERVER['PHP_SELF']; 10 if ( eregi("footer.php",$PHP_SELF)) {10 if (preg_match("/footer.php/i",$PHP_SELF)) { 11 11 Header("Location: admin.php"); 12 12 die(); -
trunk/admin/inc/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php
r2 r23 53 53 $GLOBALS["UserFilesPath"] = $strBP ; 54 54 } 55 if ( ! ereg( '/$', $GLOBALS["UserFilesPath"] ) )55 if ( ! preg_match( '/\/$/', $GLOBALS["UserFilesPath"] ) ) 56 56 $GLOBALS["UserFilesPath"] .= '/' ; 57 57 … … 60 60 $GLOBALS["UserFilesDirectory"] = $Config['UserFilesAbsolutePath'] ; 61 61 62 if ( ! ereg( '/$', $GLOBALS["UserFilesDirectory"] ) )62 if ( ! preg_match( '/\/$/', $GLOBALS["UserFilesDirectory"] ) ) 63 63 $GLOBALS["UserFilesDirectory"] .= '/' ; 64 64 } … … 86 86 87 87 // Check the current folder syntax (must begin and start with a slash). 88 if ( ! ereg( '/$', $sCurrentFolder ) ) $sCurrentFolder .= '/' ;88 if ( ! preg_match( '/\/$/', $sCurrentFolder ) ) $sCurrentFolder .= '/' ; 89 89 if ( strpos( $sCurrentFolder, '/' ) !== 0 ) $sCurrentFolder = '/' . $sCurrentFolder ; 90 90 -
trunk/admin/index.php
r15 r23 10 10 $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error()); 11 11 mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error()); 12 mysql_set_charset('utf8', $dbi);12 mysql_query("SET NAMES 'utf8'", $dbi); 13 13 //---10/05/2009 gestione consultazione predefinita 14 14 //if (!isset($_SESSION['id_comune'])){ -
trunk/admin/modules/Elezioni/controllo_votanti.php
r2 r23 130 130 } 131 131 // $ar['riga2'][$data1.$ora1]="<hr>"; 132 if (intval( ereg("[1-9]",$tot[$data1.$ora1]))>0) {132 if (intval(preg_match("/[1-9]/",$tot[$data1.$ora1]))>0) { 133 133 for ($i=1;$i<=$num_sez;$i++) 134 134 { -
trunk/admin/modules/Elezioni/ele_come.php
r2 r23 138 138 139 139 $temp=$title.$preamble.$content; 140 if ( eregi("script",$temp)) die("La parola script e' proibita, devi toglierla dal testo.");140 if (preg_match("/script/i",$temp)) die("La parola script e' proibita, devi toglierla dal testo."); 141 141 $result = mysql_query("update ".$prefix.$tab." set title='$title', preamble='$preamble', content='$content' WHERE mid='$mid' AND id_cons='$id_cons'", $dbi); 142 142 Header("Location: admin.php?op=$op&vai=come&id_cons_gen=$id_cons_gen"); -
trunk/admin/modules/Elezioni/ele_voti.php
r2 r23 1112 1112 1113 1113 1114 if (! ereg("rec",$op)) {1114 if (!preg_match("/rec/",$op)) { 1115 1115 ele(); //menu 1116 1116 numeri_sezione(); -
trunk/admin/temi/facebook/menu.php
r2 r23 227 227 for ($i=0; $i < sizeof($menulist); $i++) { 228 228 if($menulist[$i]!="") { 229 $tl = ereg_replace("lang-","",$menulist[$i]);230 $tl = ereg_replace(".php","",$tl);229 $tl = preg_replace("/lang-/","",$menulist[$i]); 230 $tl = preg_replace("/.php/","",$tl); 231 231 $altlang = ucfirst($tl); 232 232 -
trunk/admin/temi/facebook/tema.php
r2 r23 19 19 while ($file = readdir($handle)) { 20 20 21 if ( ( ereg("^([_0-9a-zA-Z]+)([_0-9a-zA-Z]{3})$",$file)) ) {21 if ( (preg_match("/^([_0-9a-zA-Z]+)([_0-9a-zA-Z]{3})$/",$file)) ) { 22 22 23 23 $tlist .= "$file "; -
trunk/client/file.php
r15 r23 10 10 die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br><br><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br><br>Provate piu' tardi, Grazie.</b><br><font color=\"#ff0000\">". mysql_error()."</font></center>"); 11 11 } 12 mysql_ set_charset('utf8', $dbi);12 mysql_query("SET NAMES 'utf8'", $dbi); 13 13 if ($fase=='1'){ 14 14 $res = mysql_query("SELECT id_cons_gen,descrizione from ".$prefix."_ele_consultazione order by descrizione",$dbi); -
trunk/client/modules.php
r17 r23 35 35 36 36 foreach ($_GET as $sec_key => $secvalue) { 37 if ((preg_match( '/<[^>]*script*\"?[^>]*>/i',$secvalue)) ||38 ( eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||39 ( eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||40 ( eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||41 ( eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||42 ( eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||43 ( eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||44 ( eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||45 ( eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||46 ( eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||47 ( eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||48 ( eregi("\"", $secvalue)) ||49 ( eregi("inside_mod", $sec_key))) {37 if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) || 38 (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) || 39 (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) || 40 (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) || 41 (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) || 42 (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) || 43 (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) || 44 (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) || 45 (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || 46 (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || 47 (preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) || 48 (preg_match("/\"/", $secvalue)) || 49 (preg_match("/inside_mod/i", $sec_key))) { 50 50 die ("Operazione non consentita"); 51 51 } … … 53 53 54 54 foreach ($_POST as $secvalue) { 55 if (( eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {55 if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) { 56 56 die ($htmltags); 57 57 } … … 74 74 global $op,$name; 75 75 if(!isset($_GET['js'])){ 76 $querystring= @ eregi_replace($_SERVER['DOCUMENT_ROOT'],'http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);77 if ( eregi("modules.php",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza78 if ( eregi("admin.php",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza76 $querystring= @preg_replace('/'.$_SERVER['DOCUMENT_ROOT'].'/i','http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']); 77 if (preg_match("/modules.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza 78 if (preg_match("/admin.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza 79 79 echo "<noscript><meta http-equiv=\"refresh\" content=\"0; url=".$querystring."?js=b&$pagina\"/></noscript>"; 80 80 } … … 104 104 die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br/><br/><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br/><br/>Provate piu' tardi, Grazie.</b><br/><font color=\"#ff0000\">". mysql_error()."</font></center>"); 105 105 } 106 mysql_ set_charset('utf8', $dbi);106 mysql_query("SET NAMES 'utf8'", $dbi); 107 107 108 108 # carica i parametri di default sulla tabella … … 210 210 $tema=$param['tema']; 211 211 $tema=htmlentities($tema); // evita xss 212 if( eregi("%", $tema)) $tema="default";// evita xss212 if(preg_match("/%/i", $tema)) $tema="default";// evita xss 213 213 $_SESSION['newtema']="$tema"; 214 214 } 215 215 216 if ( eregi("%",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss216 if (preg_match("/%/i",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss 217 217 if (isset($_SESSION['newtema'])) $tema=$_SESSION['newtema']; 218 218
Note:
See TracChangeset
for help on using the changeset viewer.