Файл: vzabave/sys/func/check.php
Строк: 33
<?
/*function check($msg){
$msg = strip_tags(htmlspecialchars($msg));
$search = array('|',''','$','\','^','%','`',"�","x00","x1A");
$replace = array('|',''','$','\','^','%','`','','','');
$msg = str_replace($search, $replace, $msg);
$msg = stripslashes(trim($msg));
$msg = mysql_real_escape_string($msg);
return $msg;
}*/
// Фильтрация переменных
function check($str) {
$str = htmlentities(trim($str), ENT_QUOTES, 'UTF-8');
$str = nl2br($str);
$str = strtr($str, array (chr(0)=> '',chr(1)=> '',chr(2)=> '',chr(3)=> '',chr(4)=> '',chr(5)=> '',chr(6)=> '',chr(7)=> '',chr(8)=> '',chr(9)=> '',chr(10)=> '',chr(11)=> '',chr(12)=> '',chr(13)=> '',chr(14)=> '',chr(15)=> '',chr(16)=> '',chr(17)=> '',chr(18)=> '',chr(19)=> '',chr(20)=> '',chr(21)=> '',chr(22)=> '',chr(23)=> '',chr(24)=> '',chr(25)=> '',chr(26)=> '',chr(27)=> '',chr(28)=> '',chr(29)=> '',chr(30)=> '',chr(31)=> ''));
$str = str_replace("'", "'", $str);
$str = str_replace('\', "\", $str);
$str = str_replace("|", "I", $str);
$str = str_replace("||", "I", $str);
$str = str_replace("/\$/", "$", $str);
$str = mysql_real_escape_string($str);
$str = iconv('utf-8', 'windows-1251', $str);
$str = iconv('windows-1251', 'utf-8', $str);
return $str;
}
function esc2($msg)
{
for ($i=0;$i<10;$i++)$msg=str_replace(chr($i), NULL, $msg);
for ($i=11;$i<20;$i++)$msg=str_replace(chr($i), NULL, $msg);
for ($i=21;$i<=31;$i++)$msg=str_replace(chr($i), NULL, $msg);
return $msg;
}
if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while (list($k, $v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val);
continue;
}
$in[] = &$in[$k][$key];
}
}
unset ($in);
if (!empty ($_FILES)) {
foreach ($_FILES as $k => $v) {
$_FILES[$k]['name'] = stripslashes((string) $v['name']);
}
}
}
foreach ($_GET as $check_url) {
if (is_string($check_url) && !preg_match('#^(?:[a-z0-9_-/]+|.+(?!/))*$#i', $check_url)) {header ('Location: '.H.'?err=403&'.SID);exit;
}}
unset($check_url);
?>