<?php
/* Security Request Module(Alternative for mod_seq )*/
/* Code by Roman Shneer 20090428*/
/*usage:just include this file to header of site*/
/*about new type of attacks of wanted changes write to hide@address.com*/
/*v 1.0*/
//setting:which interface to check
$options=array('GET'=>true,
'POST'=>true,
'COOKIE'=>true,
'REQUEST'=>true);
/*Security Filter based on RegExp Pattern, disable if changes of site requests*/
$patterns=array('SQL'=>'/(["]|['])/i',
'SQLinjection'=>'/select|union|concat|char/i',
'Crosssite'=>'/(..)/',
'HEX'=>'/0x/',
'cmd'=>'/base64_decode|system/',
'XSS'=>'/<script>/');
Class SecModule
{
function SecModule()
{
global $options;
foreach($options as $k=>$int)
{
if($int)
{
$patterns=$this->load_patterns();
//check sql injection
$this->check_object($k,$patterns['SQL']);
$this->check_object($k,$patterns['SQLinjection']);
$this->check_object($k,$patterns['Crosssite']);
$this->check_object($k,$patterns['HEX']);
$this->check_object($k,$patterns['XSS']);
$this->check_object($k,$patterns['cmd']);
}
}
}
function load_patterns()
{
global $patterns;
return $patterns;
}
function check_object($objname,$pattern)
{
switch($objname)
{
case 'GET':
$obj=$_GET;
break;
case 'POST':
$obj=$_POST;
break;
case 'COOKIE':
$obj=$_COOKIE;
break;
case 'REQUEST':
$obj=$_REQUEST;
break;
}
foreach($obj as $key=>$value)
{
preg_match($pattern,$value,$myaso);
if(!empty($myaso[0]))
{
$value=false;
}
switch($objname)
{
case 'GET':
$_GET[$key]=$value;
break;
case 'POST':
$_POST[$key]=$value;
break;
case 'COOKIE':
$_COOKIE[$key]=$value;
break;
case 'REQUEST':
$_REQUEST[$key]=$value;
break;
}
}
}
}
$SM=new SecModule;
#print_r($_REQUEST);
?>