Source for file antihack.php

Documentation is available at antihack.php

  1. <?php
  2. /* ******************************************************************** */
  3. /* CATALYST PHP Source Code */
  4. /* -------------------------------------------------------------------- */
  5. /* This program is free software; you can redistribute it and/or modify */
  6. /* it under the terms of the GNU General Public License as published by */
  7. /* the Free Software Foundation; either version 2 of the License, or */
  8. /* (at your option) any later version. */
  9. /* */
  10. /* This program is distributed in the hope that it will be useful, */
  11. /* but WITHOUT ANY WARRANTY; without even the implied warranty of */
  12. /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
  13. /* GNU General Public License for more details. */
  14. /* */
  15. /* You should have received a copy of the GNU General Public License */
  16. /* along with this program; if not, write to: */
  17. /* The Free Software Foundation, Inc., 59 Temple Place, Suite 330, */
  18. /* Boston, MA 02111-1307 USA */
  19. /* -------------------------------------------------------------------- */
  20. /* */
  21. /* Filename: antihack.php */
  22. /* Author: Paul Waite */
  23. /* Description: Anti-hacking filter/checking done on each page. */
  24. /* */
  25. /* ******************************************************************** */
  26. /** @package core *//**
  27. * Filters out potential hacking
  28. * A utility function to determine whether the supplied
  29. * string contains any of the more sensitive SQL
  30. * keywords. Usually called to parse URL parameters to
  31. * check for hacks etc..
  32. */
  33. function hasSQL($str) {
  34. if (stristr($str, "SELECT * ")) return true;
  35. if (stristr($str, "DELETE FROM ")) return true;
  36. if (stristr($str, "ALTER TABLE ")) return true;
  37. if (stristr($str, "DROP TABLE ")) return true;
  38. if (stristr($str, "CREATE TABLE ")) return true;
  39. return false;
  40. }
  41. if (isset($HTTP_POST_VARS)) {
  42. while (list($key, $val) = each($HTTP_POST_VARS)) {
  43. if (hasSQL($val)) {
  44. die("500: Internal Server Error");
  45. exit;
  46. }
  47. }
  48. }
  49. else if (isset($HTTP_GET_VARS)) {
  50. while (list($key, $val) = each($HTTP_POST_VARS)) {
  51. if (hasSQL($val)) {
  52. die("500: Internal Server Error");
  53. exit;
  54. }
  55. }
  56. }
  57. if (isset($QUERY_STRING)) {
  58. if (hasSQL($QUERY_STRING)) {
  59. die("500: Internal Server Error");
  60. exit;
  61. }
  62. }
  63. ?>

Documentation generated by phpDocumentor 1.3.0RC3