Location: PHPKode > scripts > Security Filter for Request HTTP Data > security-filter-for-request-http-data/secmodule.inc.php.txt
<?php
/* Security Request Module(Alternative for mod_seq )*/
/* Code by Roman Shneer 20090428*/
/*usage:just include this file to header of site*/
/*about new type of attacks of wanted changes write to hide@address.com*/
/*v 1.0*/
 //setting:which interface to check
$options=array('GET'=>true,
               'POST'=>true,
               'COOKIE'=>true,
               'REQUEST'=>true);

/*Security Filter based on RegExp Pattern, disable if changes of site requests*/
$patterns=array('SQL'=>'/(["]|['])/i',
                    'SQLinjection'=>'/select|union|concat|char/i',
                    'Crosssite'=>'/(..)/',
                    'HEX'=>'/0x/',
                    'cmd'=>'/base64_decode|system/',
                    'XSS'=>'/<script>/');
Class SecModule
{

    function SecModule()
    {
    global $options;
    foreach($options as $k=>$int)
        {
        if($int)
            {
            $patterns=$this->load_patterns();
            //check sql injection
            $this->check_object($k,$patterns['SQL']);
            $this->check_object($k,$patterns['SQLinjection']);
            $this->check_object($k,$patterns['Crosssite']);
            $this->check_object($k,$patterns['HEX']);
            $this->check_object($k,$patterns['XSS']);
            $this->check_object($k,$patterns['cmd']);
            }
        }
    }

    function load_patterns()
    {
    global $patterns;
    return $patterns;
    }
    function check_object($objname,$pattern)
    {
    switch($objname)
    {
        case 'GET':
        $obj=$_GET;
        break;
        case 'POST':
        $obj=$_POST;
        break;
        case 'COOKIE':
        $obj=$_COOKIE;
        break;
        case 'REQUEST':
        $obj=$_REQUEST;
        break;
    }
    foreach($obj as $key=>$value)
        {
        preg_match($pattern,$value,$myaso);

                if(!empty($myaso[0]))
                    {
                    $value=false;
                    }
                switch($objname)
                {
                case 'GET':
                $_GET[$key]=$value;
                break;
                case 'POST':
                $_POST[$key]=$value;
                break;
                case 'COOKIE':
                $_COOKIE[$key]=$value;
                break;
                case 'REQUEST':
                $_REQUEST[$key]=$value;
                break;
                }
        }
    }
}
$SM=new SecModule;
#print_r($_REQUEST);
?>
Return current item: Security Filter for Request HTTP Data