mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 20:58:30 +01:00
Code Issues Releases Wiki Activity

Additional input filtering.

Browse Source
This commit is contained in:
Cameron 2015-04-24 11:41:58 -07:00
parent 36fb58192a
commit dcda195679
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
e107_handlers/e107_class.php
View File

@ -2931,6 +2931,18 @@ class e107
exit();
}
// Suspicious HTML.
if(strpos($input, '<body/onload')!==false)
{
header('HTTP/1.0 400 Bad Request', true, 400);
if(deftrue('e_DEBUG'))
{
echo "Bad Request: ".__METHOD__." : ". __LINE__;
}
exit();
}
if(preg_match("/system\((.*);.*\)/i",$input))
{
header('HTTP/1.0 400 Bad Request', true, 400);