Changeset 23 for trunk/client


Ignore:
Timestamp:
Mar 5, 2010, 1:53:30 PM (15 years ago)
Author:
roby
Message:

Gestione charset con query mysql e sostituzione funzioni ereg

Location:
trunk/client
Files:
1 deleted
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/client/file.php

    r15 r23  
    1010die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br><br><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br><br>Provate piu' tardi, Grazie.</b><br><font color=\"#ff0000\">". mysql_error()."</font></center>");
    1111}
    12 mysql_set_charset('utf8', $dbi);
     12mysql_query("SET NAMES 'utf8'", $dbi);
    1313if ($fase=='1'){
    1414        $res = mysql_query("SELECT id_cons_gen,descrizione from ".$prefix."_ele_consultazione order by descrizione",$dbi);

  • trunk/client/modules.php

    r17 r23  
    3535
    3636foreach ($_GET as $sec_key => $secvalue) {
    37     if ((preg_match('/<[^>]*script*\"?[^>]*>/i', $secvalue)) ||
    38         (eregi("<[^>]*object*\"?[^>]*>", $secvalue)) ||
    39         (eregi("<[^>]*iframe*\"?[^>]*>", $secvalue)) ||
    40         (eregi("<[^>]*applet*\"?[^>]*>", $secvalue)) ||
    41         (eregi("<[^>]*meta*\"?[^>]*>", $secvalue)) ||
    42         (eregi("<[^>]*style*\"?[^>]*>", $secvalue)) ||
    43         (eregi("<[^>]*form*\"?[^>]*>", $secvalue)) ||
    44         (eregi("<[^>]*img*\"?[^>]*>", $secvalue)) ||
    45         (eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) ||
    46         (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) ||
    47         (eregi("\([^>]*\"?[^)]*\)", $secvalue)) ||
    48         (eregi("\"", $secvalue)) ||
    49         (eregi("inside_mod", $sec_key))) {
     37    if ((preg_match("/<[^>]*script*\"?[^>]*>/i",$secvalue)) ||
     38        (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) ||
     39        (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) ||
     40        (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) ||
     41        (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ||
     42        (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) ||
     43        (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) ||
     44        (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ||
     45        (preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) ||
     46        (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) ||
     47        (preg_match("/\([^>]*\"?[^)]*\)/", $secvalue)) ||
     48        (preg_match("/\"/", $secvalue)) ||
     49        (preg_match("/inside_mod/i", $sec_key))) {
    5050        die ("Operazione non consentita");
    5151     }
     
    5353
    5454  foreach ($_POST as $secvalue) {
    55     if ((eregi("<[^>]*onmouseover*\"?[^>]*>", $secvalue)) || (eregi("<[^>]script*\"?[^>]*>", $secvalue)) || (eregi("<[^>]*body*\"?[^>]*>", $secvalue)) || (eregi("<[^>]style*\"?[^>]*>", $secvalue))) {
     55    if ((preg_match("/<[^>]*onmouseover*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*body*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]style*\"?[^>]*>/i", $secvalue))) {
    5656      die ($htmltags);
    5757    }
     
    7474global $op,$name;
    7575if(!isset($_GET['js'])){
    76 $querystring= @eregi_replace($_SERVER['DOCUMENT_ROOT'],'http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
    77 if (eregi("modules.php",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
    78 if (eregi("admin.php",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
     76$querystring= @preg_replace('/'.$_SERVER['DOCUMENT_ROOT'].'/i','http://'.$_SERVER['HTTP_HOST'].'/',$_SERVER['SCRIPT_FILENAME']);
     77if (preg_match("/modules.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="name=$name"; // reindirizza
     78if (preg_match("/admin.php/i",$_SERVER['SCRIPT_NAME'])) $pagina="op=$op"; // reindirizza
    7979 echo "<noscript><meta http-equiv=\"refresh\" content=\"0; url=".$querystring."?js=b&amp;$pagina\"/></noscript>";
    8080  }
     
    104104die("<center><img src=src=\"images/logo.gif\" target=\"Logo Avviso Errore\"><br/><br/><b>Ci sono dei problemi di connessione al DataBase $dbtype, chiediamo scusa per l'inconveniente.<br/><br/>Provate piu' tardi, Grazie.</b><br/><font color=\"#ff0000\">". mysql_error()."</font></center>");
    105105}
    106 mysql_set_charset('utf8', $dbi);
     106mysql_query("SET NAMES 'utf8'", $dbi);
    107107
    108108# carica i parametri di default sulla tabella
     
    210210        $tema=$param['tema'];
    211211        $tema=htmlentities($tema); // evita xss
    212         if(eregi("%", $tema)) $tema="default";// evita xss
     212        if(preg_match("/%/i", $tema)) $tema="default";// evita xss
    213213        $_SESSION['newtema']="$tema";
    214214        }
    215215
    216 if (eregi("%",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
     216if (preg_match("/%/i",$_SESSION['newtema'])) $_SESSION['newtema']="default"; // xss
    217217if (isset($_SESSION['newtema'])) $tema=$_SESSION['newtema'];
    218218
Note: See TracChangeset for help on using the changeset viewer.