is phpizabi back??

Posted on July 13, 2008 by yalamber

I just saw an security fix update at www.phpizabi.net posted on july,9th. What it does is provide security against the attack used in comment form to reveal other user sensitive informations. The below code protects you from that attack at line 75:


// SQL INJECTIONS / XSS HACKS PROTECTION //////////////////////////////////////////////
$entities = array(";"=>"&amp;#059;", "\""=>"&amp;quot;", "'"=>"&amp;#039;", "<"=>"&amp;lt;", ">"=>"&amp;gt;", "\\"=>"&amp;#092;", "^"=>"&amp;#094;", "{"=>"&amp;#123;", "}"=>"&amp;#125;");

if (isset($_POST)) foreach($_POST as $var => $val)
if (!is_array($val) and substr($var, 0, 1) != "_")
$_POST[$var] = trim(strtr(stripslashes($val), $entities));

if (isset($_GET)) foreach($_GET as $var => $val)
if (!is_array($val) and substr($var, 0, 1) != "_")
$_GET[$var] = trim(strtr(stripslashes($val), $entities));

unset ($var, $val, $entities);

I hope phpizabi will be back soon and become stronger. Let’s hope for it as it was the best script i have ever used.

This entry was posted in phpizabi and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>