0) { foreach ($_GET as $secvalue) { if (!is_array($secvalue)) { if ((preg_match("/<[^>]*script*\"?[^>]*>/i", $secvalue)) || (preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue)) || (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*alert*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*cookie*\"?[^>]*>/i", $secvalue)) || (preg_match("/\"/i", $secvalue)) ) { oos_redirect(oos_href_link($aContents['home'])); } } } } /** * Lets now sanitize the POST vars */ if (count($_POST) > 0) { foreach ($_POST as $secvalue) { if (!is_array($secvalue)) { if ((preg_match("/<[^>]*script*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*alert*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*cookie*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) ) { oos_redirect(oos_href_link($aContents['home'])); } } } } /** * Lets now sanitize the COOKIE vars */ if (count($_COOKIE) > 0) { foreach ($_COOKIE as $secvalue) { if (!is_array($secvalue)) { if ((preg_match("/<[^>]*script*\"?[^>]*>/i", $secvalue)) || (preg_match("/.*[[:space:]](or|and)[[:space:]].*(=|like).*/i", $secvalue)) || (preg_match("/<[^>]*object*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*iframe*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*applet*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*meta*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*style*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*form*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*window.*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*alert*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*document.*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*cookie*\"?[^>]*>/i", $secvalue)) || (preg_match("/<[^>]*img*\"?[^>]*>/i", $secvalue)) ) { oos_redirect(oos_href_link($aContents['home'])); } } } } }