Changeset 23


Ignore:
Timestamp:
Mar 5, 2010, 1:53:30 PM (14 years ago)
Author:
roby
Message:

Gestione charset con query mysql e sostituzione funzioni ereg

Location:
trunk
Files:
1 deleted
11 edited

Legend:

Unmodified
Added
Removed

  • trunk/admin/admin.php

    r21 r23  
    124124                $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
    125125                mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
    126 #               mysql_set_charset('utf8', $dbi);
    127126        mysql_query("SET NAMES 'utf8'", $dbi);
    128127//---10/05/2009  gestione consultazione predefinita

  • trunk/admin/footer.php

    r2 r23  
    88
    99$PHP_SELF=$_SERVER['PHP_SELF'];
    10 if (eregi("footer.php",$PHP_SELF)) {
     10if (preg_match("/footer.php/i",$PHP_SELF)) {
    1111    Header("Location: admin.php");
    1212    die();

  • trunk/admin/inc/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php

    r2 r23  
    5353        $GLOBALS["UserFilesPath"] = $strBP ;
    5454}
    55 if ( ! ereg( '/$', $GLOBALS["UserFilesPath"] ) )
     55if ( ! preg_match( '/\/$/', $GLOBALS["UserFilesPath"] ) )
    5656        $GLOBALS["UserFilesPath"] .= '/' ;
    5757
     
    6060        $GLOBALS["UserFilesDirectory"] = $Config['UserFilesAbsolutePath'] ;
    6161
    62         if ( ! ereg( '/$', $GLOBALS["UserFilesDirectory"] ) )
     62        if ( ! preg_match( '/\/$/', $GLOBALS["UserFilesDirectory"] ) )
    6363                $GLOBALS["UserFilesDirectory"] .= '/' ;
    6464}
     
    8686
    8787        // Check the current folder syntax (must begin and start with a slash).
    88         if ( ! ereg( '/$', $sCurrentFolder ) ) $sCurrentFolder .= '/' ;
     88        if ( ! preg_match( '/\/$/', $sCurrentFolder ) ) $sCurrentFolder .= '/' ;
    8989        if ( strpos( $sCurrentFolder, '/' ) !== 0 ) $sCurrentFolder = '/' . $sCurrentFolder ;
    9090       

  • trunk/admin/index.php

    r15 r23  
    1010                $dbi=mysql_connect($dbhost, $dbuname, $dbpass) or die("Connessione non riuscita: " . mysql_error());
    1111                mysql_select_db($dbname)or die("Connessione non riuscita:" . mysql_error());
    12                 mysql_set_charset('utf8', $dbi);
     12        mysql_query("SET NAMES 'utf8'", $dbi);
    1313//---10/05/2009  gestione consultazione predefinita
    1414//if (!isset($_SESSION['id_comune'])){

  • trunk/admin/modules/Elezioni/controllo_votanti.php

    r2 r23  
    130130                }
    131131//      $ar['riga2'][$data1.$ora1]="<hr>";
    132                 if (intval(ereg("[1-9]",$tot[$data1.$ora1]))>0) {
     132                if (intval(preg_match("/[1-9]/",$tot[$data1.$ora1]))>0) {
    133133                        for ($i=1;$i<=$num_sez;$i++)
    134134                        {

  • trunk/admin/modules/Elezioni/ele_come.php

    r2 r23  
    138138
    139139$temp=$title.$preamble.$content;
    140         if (eregi("script",$temp)) die("La parola script e' proibita, devi toglierla dal testo.");
     140        if (preg_match("/script/i",$temp)) die("La parola script e' proibita, devi toglierla dal testo.");
    141141    $result = mysql_query("update ".$prefix.$tab." set title='$title', preamble='$preamble', content='$content' WHERE mid='$mid' AND id_cons='$id_cons'", $dbi);
    142142    Header("Location: admin.php?op=$op&vai=come&id_cons_gen=$id_cons_gen");

  • trunk/admin/modules/Elezioni/ele_voti.php

    r2 r23  
    11121112
    11131113
    1114         if (!ereg("rec",$op)) {
     1114        if (!preg_match("/rec/",$op)) {
    11151115                ele(); //menu
    11161116                numeri_sezione();

  • trunk/admin/temi/facebook/menu.php

    r2 r23  
    227227        for ($i=0; $i < sizeof($menulist); $i++) {
    228228                if($menulist[$i]!="") {
    229                         $tl = ereg_replace("lang-","",$menulist[$i]);
    230                         $tl = ereg_replace(".php","",$tl);
     229                        $tl = preg_replace("/lang-/","",$menulist[$i]);
     230                        $tl = preg_replace("/.php/","",$tl);
    231231                        $altlang = ucfirst($tl);
    232232                       

  • trunk/admin/temi/facebook/tema.php

    r2 r23  
    1919        while ($file = readdir($handle)) {
    2020
    21                         if ( (ereg("^([_0-9a-zA-Z]+)([_0-9a-zA-Z]{3})$",$file)) ) {
     21                        if ( (preg_match("/^([_0-9a-zA-Z]+)([_0-9a-zA-Z]{3})$/",$file)) ) {
    2222
    2323                   $tlist .= "$file ";

  • trunk/client/file.php

    r15 r23  
    1010die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br><br><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br><br>Provate piu' tardi, Grazie.</b><br><font color=\"#ff0000\">". mysql_error()."</font></center>");
    1111}
    12 mysql_set_charset('utf8', $dbi);
     12mysql_query("SET NAMES 'utf8'", $dbi);
    1313if ($fase=='1'){
    1414        $res = mysql_query("SELECT id_cons_gen,descrizione from ".$prefix."_ele_consultazione order by descrizione",$dbi);

  • trunk/client/modules.php

    r17 r23  
    3535
    3636foreach ($_GET as $sec_key => $secvalue) {
    37     if ((preg_match('/<[^>]*script*\"?[^>]*>/i', $secvalue)) ||
    38         (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
    39         (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
    40         (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
    41         (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
    42         (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
    43         (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
    44         (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
    45         (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
    46         (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
    47         (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
    48         (eregi("\"", $secvalue)) ||
    49         (eregi("inside_mod", $sec_key))) {
     37    if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
     38        (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
     39        (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
     40        (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
     41        (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
     42        (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
     43        (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
     44        (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
     45        (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
     46        (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
     47        (preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) ||
     48        (preg_match("/\"/", $secvalue)) ||
     49        (preg_match("/inside_mod/i", $sec_key))) {
    5050        die ("Operazione non consentita");
    5151     }
     
    5353
    5454  foreach ($_POST as $secvalue) {
    55     if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
     55    if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
    5656      die ($htmltags);
    5757    }
     
    7474global $op,$name;
    7575if(!isset($_GET['js'])){
    76 $querystring= @eregi_replace($_SERVER['DOCUMENT_ROOT'],'http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
    77 if (eregi("modules.php",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
    78 if (eregi("admin.php",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
     76$querystring= @preg_replace('/'.$_SERVER['DOCUMENT_ROOT'].'/i','http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
     77if (preg_match("/modules.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
     78if (preg_match("/admin.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
    7979 echo "<noscript><meta http-equiv=\"refresh\" content=\"0; url=".$querystring."?js=b&amp;$pagina\"/></noscript>";
    8080  }
     
    104104die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br/><br/><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br/><br/>Provate piu' tardi, Grazie.</b><br/><font color=\"#ff0000\">". mysql_error()."</font></center>");
    105105}
    106 mysql_set_charset('utf8', $dbi);
     106mysql_query("SET NAMES 'utf8'", $dbi);
    107107
    108108# carica i parametri di default sulla tabella
     
    210210        $tema=$param['tema'];
    211211        $tema=htmlentities($tema); // evita xss
    212         if(eregi("%", $tema)) $tema="default";// evita xss
     212        if(preg_match("/%/i", $tema)) $tema="default";// evita xss
    213213        $_SESSION['newtema']="$tema";
    214214        }
    215215
    216 if (eregi("%",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
     216if (preg_match("/%/i",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
    217217if (isset($_SESSION['newtema'])) $tema=$_SESSION['newtema'];
    218218
Note: See TracChangeset for help on using the changeset viewer.