forked from seanlebeck/site
-
Notifications
You must be signed in to change notification settings - Fork 0
/
initvars.inc.php
108 lines (91 loc) · 2.73 KB
/
initvars.inc.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<?php
if (!defined("INIT_DONE")) {
function handle_security_attack($msg="«") {
die($msg);
}
function check_variable_injection($varname, &$var, $strict) {
if(isset($var)) {
if ($strict) {
if (isset($_REQUEST[$varname]) || isset($_GET[$varname])
|| isset($_POST[$varname]) || isset($_COOKIE[$varname])) {
handle_security_attack();
}
} else {
if ((isset($_REQUEST[$varname]) && $var == $_REQUEST[$varname])
|| (isset($_GET[$varname]) && $var == $_GET[$varname])
|| (isset($_POST[$varname]) && $var == $_POST[$varname])
|| (isset($_COOKIE[$varname]) && $var == $_COOKIE[$varname])) {
handle_security_attack();
}
}
} else {
$var = "";
}
}
function check_numeric($var) {
if(isset($var)) {
if ($var == "") {
$var = 0;
} else if(strval(0+$var) !== "{$var}") {
handle_security_attack();
}
}
}
function check_numeric_parameter($var) {
if(isset($_GET[$var])) check_numeric($_GET[$var]);
if(isset($_POST[$var])) check_numeric($_POST[$var]);
if(isset($_COOKIE[$var])) check_numeric($_COOKIE[$var]);
if(isset($_REQUEST[$var])) check_numeric($_REQUEST[$var]);
}
function numerize(&$var) {
if(isset($var)) $var += 0;
}
function numerize_parameter($var) {
if(isset($_GET[$var])) numerize($_GET[$var]);
if(isset($_POST[$var])) numerize($_POST[$var]);
if(isset($_COOKIE[$var])) numerize($_COOKIE[$var]);
if(isset($_REQUEST[$var])) numerize($_REQUEST[$var]);
}
$xcatid = "";
$xsubcatid = "";
$xcityid = "";
$xcountryid = "";
$xadid = "";
$xdate = "";
$xpostmode = "";
$specialdates = "";
$xcatname = "";
$xsubcatname = "";
$xsubcathasprice = FALSE;
$xsubcatfields = array();
$syndicate = FALSE;
$msg = "";
$err = "";
$title_extra = "";
$in_admin = FALSE;
$admin_mode = FALSE;
$postable_country = FALSE;
$postable_category = FALSE;
//$path_escape = "";
// Some more sanitization
check_variable_injection("path_escape", $path_escape, TRUE);
check_numeric_parameter("cityid");
check_numeric_parameter("catid");
check_numeric_parameter("subcatid");
check_numeric_parameter("adid");
check_numeric_parameter("imgid");
check_numeric_parameter("countryid");
check_numeric_parameter("areaid");
check_numeric_parameter("pos");
check_numeric_parameter("picid");
check_numeric_parameter("page");
check_numeric_parameter("foptid");
check_numeric_parameter("eoptid");
check_numeric_parameter("isevent");
check_numeric_parameter("shortcutcat");
check_numeric_parameter("shortcutregion");
numerize_parameter("pricemin");
numerize_parameter("pricemax");
define("INIT_DONE", TRUE);
}
?>