Contributions
Sanitize modified for general.php
in the file :
..catalogincludesfunctionsgeneral.php
replace
function tep_sanitize_string($string) {
$string = ereg_replace(' +', ' ', trim($string));
return preg_replace("/[<>]/", '_', $string);
}
to
function tep_sanitize_string($string) {
$string = ereg_replace(' +', ' ', trim($string));
// aggiunto per sicurezza BEGIN SANITIZE
$string = preg_replace("/[<]/", '(' , $string);
$string = preg_replace("/[>]/", ')' , $string);
$string = preg_replace("/[/]/", '\' , $string);
$string = preg_replace("/[:]/", ';' , $string);
$string = preg_replace("/[[]/", '(' , $string);
$string = preg_replace("/[]]/", ')' , $string);
$string = preg_replace("/[{]/", '(' , $string);
$string = preg_replace("/[}]/", ')' , $string);
// fine aggiunta sicurezza END SANITIZE
return preg_replace("/[<>]/", '_', $string);
}
 to what it serves ? |
16 May 2006 |
to change to all the INPUT , for secure result.
OLD = standard
NESW = my version
<script> OLD => script
<script> NEWS => (script)
[aaa] OLD => [aaa] IDEM
[aaa] NESW => (aaa)
aa/aa OLD => aa/aa IDEM
aa/aa NESW => aaaa
{aaa} OLD => {aaa} IDEM
{aaa} NESW => (aaa)
only for CLIENT user, not for ADMIN !
 Sanitize modified for general.php |
13 May 2006 |
Note: Contributions are used at own risk.
