Version: 1.0

Type: Function

Category: Other

License: GNU General Public License

Description: By Metalfrog Studios http://metalfrog.co.uk USAGE: Put this at the top of your php and it will loop thought your GET,POST, COOKIES It will remove any XSS code as well as make the code safe to store into a database or display on the page



<?php
/*
Metalfrog Studios (GPL)
http://metalfrog.co.uk
Website Development, website SEO & Graphic Designers

USAGE: Put this at the top of your php and it will loop thought your GET,POST, COOKIES
It will remove any XSS code as well as make the code safe to store into a database or display on the page
*/

/*////////////////////////////////////////////////////////////
//////////////////////////////// Super Globes Security System
*/////////////////////////////////////////////////////////////
if ($_GET) 
	{
  	foreach ($_GET as $k => $v) 
		{
    	$_GET[$k] = mysql_real_escape_string(RemoveXSS(trim(stripslashes ($v))));
		$length = strlen($v);
		if ($length > 20 )
			{
			$v="";
			}
    	if (is_numeric ($v)) 
			{
			$length = strlen($v);
			if ($length > 11 )
				{
				$_GET[$k]="";
				}
      		$_GET[$k] = intval ($v);
    		}
  		}
	}
if ($_POST) 
	{
  	foreach ($_POST as $k => $v) 
		{
    	$_POST[$k] = mysql_real_escape_string(RemoveXSS(trim(stripslashes ($v))));
		$length = strlen($v);
		
		if ($length > 20 )
			{
			$_POST[$k]="";
			}
		}
		
    	if (is_numeric ($v)) 
			{
			$length = strlen($v);
			if ($length > 11 )
				{
				$_POST[$k]="";
				}
			$_POST[$k] = intval ($v);
    		}
  		}
	}
if ($_COOKIE) 
	{
  	foreach ($_COOKIE as $k => $v) 
		{
    	$_COOKIE[$k] = RemoveXSS(trim(stripslashes ($v)));
    	if (is_numeric ($v)) 
			{
			$_COOKIE[$k] = intval ($v);
    		}
  		}
	}
	
	
	
/*////////////////////////////////////////////////////////////
////////////////////////// Security System from XSS Injections
*/////////////////////////////////////////////////////////////
function RemoveXSS($val) 
	{
	$val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
   
   $search = 'abcdefghijklmnopqrstuvwxyz';
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $search .= '1234567890!@#$%^&*()';
   $search .= '~`";:?+/={}[]-_|\'\\';
   for ($i = 0; $i < strlen($search); $i++) 
   		{
      	$val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); 
     	$val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); 
   		}
   
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
   $ra = array_merge($ra1, $ra2);
   
   $found = true; 
   while ($found == true) 
		{
		  $val_before = $val;
		  for ($i = 0; $i < sizeof($ra); $i++) 
			{
			 $pattern = '/';
			 for ($j = 0; $j < strlen($ra[$i]); $j++) 
				{
					if ($j > 0) 
						{
					   $pattern .= '(';
					   $pattern .= '(&#[xX]0{0,8}([9ab]);)';
					   $pattern .= '|';
					   $pattern .= '|(&#0{0,8}([9|10|13]);)';
					   $pattern .= ')*';
						}
				$pattern .= $ra[$i][$j];
				}
			 $pattern .= '/i';
			 $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); 
			 $val = preg_replace($pattern, $replacement, $val);
			 if ($val_before == $val) 
				{
				
				$found = false;
				}
			}
		}
	return $val;
	}	
?>