ogwinilo Posted January 22, 2010 Share Posted January 22, 2010 I've read the thread regarding this issue and have seen a similar question asked but has not seen an answer. Where exactly in application_top.php (catalog and admin) do we put the code as cited below. Thanks You could use this code, though I`ve not tested in other languages: // clean posted varsfunction clean_var ($vars) { if (!is_array($vars)) { return preg_replace("/[^\w@ :{}_.-]/i", "", urldecode($vars)); } else { return array_map('clean_var', $vars); }} reset($_POST); while (list($key, $value) = each($_POST)) { $_POST[$key] = clean_var ($_POST[$key]); } I have used that code on the client side application top, so avoiding modding a load of files. If adding to admin you would need to allow more chars as you add html etc in admin, like: // clean posted varsfunction clean_var ($vars) { if (!is_array($vars)) { return preg_replace("/[^\/\w@ :<>{}&\"\'=_.-]/i", "", urldecode($vars)); } else { return array_map('clean_var', $vars); }} reset($_POST); while (list($key, $value) = each($_POST)) { $_POST[$key] = clean_var ($_POST[$key]); } But how useful it is then would be debatable, you may need to look at the specific areas mentioned in your link Link to comment Share on other sites More sharing options...
spooks Posted January 22, 2010 Share Posted January 22, 2010 Its not a update or replacement for security pro, security pro cleans the query string, that cleans the post, not the same. I did suggest a place in the proper thread, just put it after the security pro code. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al. Link to comment Share on other sites More sharing options...
ogwinilo Posted January 22, 2010 Author Share Posted January 22, 2010 Its not a update or replacement for security pro, security pro cleans the query string, that cleans the post, not the same. I did suggest a place in the proper thread, just put it after the security pro code. Thanks for the response, I had come accross this line; 'This little snippit will replace the previous & clean any arrays too' Referring to the earlier post as cited below; after: require('includes/application_top.php'); add: // clean posted varsreset($_POST); while (list($key, $value) = each($_POST)) { if (!is_array($_POST[$key])) { $_POST[$key] = preg_replace("/[^ a-zA-Z0-9@%:{}_.-]/i", "", urldecode($_POST[$key])); } else { unset($_POST[$key]); } // no arrays expected Otherwise, i truly appreciate the work you do here, especially the latest one, Sam's anti-hacker account mods. I intend installing as soon i'm done with the rest and hoping that it integrates smoothly with the rest. well done again Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.