Location: PHPKode > projects > Maran php Blog > maranxssfilter.php
<?

// ------------------------------------------------------------------        //
//  Projekt:   XSS Filter                                                    //
//  Download:  http://maran.pamil-visions.com                                //
//  Autor:     Maran Emil                                                    //
//  Kontakt:   hide@address.com                                          //
//                                                                           //
//  Dateiname: maranxssfilter.php                                            //
//  AEnderung: 07. 12 2008                                                   //
//  -----------------------------------------------------------------------  //

/* create you array with banned words for request*/
$arrInjection = array(
"UNION",
"SELECT",
"concat",
"user_password",
"char",
"user_name",
"administrators",
"FROM",
"../",
"etc/",
"script",
"alert",
"passwd",
"session",
"save_path",
"configuration",
"folder"
);

/* make exit if attacks are found from arrInjection */
foreach($arrInjection as $item){
	if(strstr($_SERVER["REQUEST_URI"],$item)){
		exit;
	}

}

/* make exit if attacks are from external website using file txt */
foreach($_REQUEST as $key=>$val){
	if(strstr($val,".txt")){
		exit;
	}
}

/* make exit if attacks are from external website  */
foreach($_POST as $key=>$val){
	if(strstr($val,"http")){
	exit;
	}
}

/* make exit if attacks are from external website  */
foreach($_GET as $key=>$val){
	if(strstr($val,"http")){
	exit;
	}
}

/* CHECK IF IS INTEGER*/
function isInteger($input){
return preg_match('@^[-]?[0-9]+$@',$input) === 1;
}

/* CHECK IF IS STRING*/
function isString($string)
{
	if(ereg('^[A-Za-z_][A-Za-z_]*$', $string))
	{
	return true;
	}
	else
	{
	return false;
	}
}

function onlyDigits ($string)
{
	if (ereg_replace("[^0-9]","",$string)==$string) return 1;
	else return 0;
}

function onlyString ($string)
{
	if (ereg_replace("[a-zA-Z]","",$string)==$string) return 1;
	else return 0;
}


/* VALIDATE GET REQUESTS */
/* make exit if id is not integer  */
if((!isInteger($_GET['id']))&&(isset($_GET['id']))) { exit;}

?>
Return current item: Maran php Blog