Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home2/altercod/public_html/forum/Sources/Load.php(225) : runtime-created function on line 3
Tightened up security
altercoder.com
January 20, 2018, 01:17:11 PM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Pages: [1]
  Print  
Author Topic: Tightened up security  (Read 454 times)
kurt
Administrator
Newbie
*****
Posts: 22


View Profile
« on: May 11, 2015, 08:56:05 PM »

We had an attack. Doesn't look like they gained access, but it prompted me to tighten security a bit. We altered the clean() function in configs.php

Code:


Find the clean() function as thus:

function clean ($str){
    $str = strip_tags ($str);
    $str = htmlspecialchars ($str, ENT_NOQUOTES);
    $str = stripslashes ($str);
    $str = mysql_real_escape_string($str);
    return $str;
}





and replace it with, or add to it to make this:

function clean ($str){
    $str = strip_tags ($str);
    $str = htmlspecialchars ($str, ENT_NOQUOTES);
    $str = stripslashes ($str);
    $str = mysql_real_escape_string($str);

    $str = str_replace("<","",$str);
    $str = str_replace(">","",$str);
    $str = str_replace("?","",$str);
    $str = str_replace("/","",$str);
    $str = str_replace("%","",$str);
    $str = str_replace("&","",$str);
    $str = str_replace("#","",$str);
    $str = str_replace("'","",$str);
    $str = str_replace("(","",$str);
    $str = str_replace(")","",$str);
    $str = str_replace(" ","",$str);
    $str = str_replace("\\","",$str);



    return $str;
}




« Last Edit: May 12, 2015, 11:25:59 PM by kurt » Logged
Pages: [1]
  Print  
 
Jump to:  


Fun Arcade Online | Bartletts Arcade | Addicted Doctors Arcade | Chinese Are Coming | Script Place
Powered by MySQL Powered by PHP Powered by SMF 1.1.13 | SMF © 2006-2011, Simple Machines LLC
SMFAds for Free Forums
Valid XHTML 1.0! Valid CSS!