PHPBuilder - GET POST COOKIE SECURITY SYSTEM



RSS Twitter
Snippets Other

GET POST COOKIE SECURITY SYSTEM

by: Clifford Moore
|
March 11, 2009

Version: 1.0

Type: Function

Category: Other

License: GNU General Public License

Description: By Metalfrog Studios http://metalfrog.co.uk USAGE: Put this at the top of your php and it will loop thought your GET,POST, COOKIES It will remove any XSS code as well as make the code safe to store into a database or display on the page



<?php
/*
Metalfrog Studios (GPL)
http://metalfrog.co.uk
Website Development, website SEO & Graphic Designers

USAGE: Put this at the top of your php and it will loop thought your GET,POST, COOKIES
It will remove any XSS code as well as make the code safe to store into a database or display on the page
*/

/*////////////////////////////////////////////////////////////
//////////////////////////////// Super Globes Security System
*/////////////////////////////////////////////////////////////
if ($_GET) 
	{
  	foreach ($_GET as $k => $v) 
		{
    	$_GET[$k] = mysql_real_escape_string(RemoveXSS(trim(stripslashes ($v))));
		$length = strlen($v);
		if ($length > 20 )
			{
			$v="";
			}
    	if (is_numeric ($v)) 
			{
			$length = strlen($v);
			if ($length > 11 )
				{
				$_GET[$k]="";
				}
      		$_GET[$k] = intval ($v);
    		}
  		}
	}
if ($_POST) 
	{
  	foreach ($_POST as $k => $v) 
		{
    	$_POST[$k] = mysql_real_escape_string(RemoveXSS(trim(stripslashes ($v))));
		$length = strlen($v);
		
		if ($length > 20 )
			{
			$_POST[$k]="";
			}
		}
		
    	if (is_numeric ($v)) 
			{
			$length = strlen($v);
			if ($length > 11 )
				{
				$_POST[$k]="";
				}
			$_POST[$k] = intval ($v);
    		}
  		}
	}
if ($_COOKIE) 
	{
  	foreach ($_COOKIE as $k => $v) 
		{
    	$_COOKIE[$k] = RemoveXSS(trim(stripslashes ($v)));
    	if (is_numeric ($v)) 
			{
			$_COOKIE[$k] = intval ($v);
    		}
  		}
	}
	
	
	
/*////////////////////////////////////////////////////////////
////////////////////////// Security System from XSS Injections
*/////////////////////////////////////////////////////////////
function RemoveXSS($val) 
	{
	$val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val);
   
   $search = 'abcdefghijklmnopqrstuvwxyz';
   $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
   $search .= '1234567890!@#$%^&*()';
   $search .= '~`";:?+/={}[]-_|\'\\';
   for ($i = 0; $i < strlen($search); $i++) 
   		{
      	$val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); 
     	$val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); 
   		}
   
   $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
   $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
   $ra = array_merge($ra1, $ra2);
   
   $found = true; 
   while ($found == true) 
		{
		  $val_before = $val;
		  for ($i = 0; $i < sizeof($ra); $i++) 
			{
			 $pattern = '/';
			 for ($j = 0; $j < strlen($ra[$i]); $j++) 
				{
					if ($j > 0) 
						{
					   $pattern .= '(';
					   $pattern .= '(&#[xX]0{0,8}([9ab]);)';
					   $pattern .= '|';
					   $pattern .= '|(&#0{0,8}([9|10|13]);)';
					   $pattern .= ')*';
						}
				$pattern .= $ra[$i][$j];
				}
			 $pattern .= '/i';
			 $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); 
			 $val = preg_replace($pattern, $replacement, $val);
			 if ($val_before == $val) 
				{
				
				$found = false;
				}
			}
		}
	return $val;
	}	
?>	

Comment and Contribute

Your comment has been submitted and is pending approval.

Author:
Clifford Moore

Comment:



Comment:

(Maximum characters: 1200). You have characters left.