Chris Malton wrote:
> // secure variables from outside
> $modxtags = array('@<script[^>]*?>.*?</script>@si',
> '@&#(\d+);@e',
> '@\[\[(.*?)[EMAIL PROTECTED]',
> '@\[!(.*?)[EMAIL PROTECTED]',
> '@\[\~(.*?)[EMAIL PROTECTED]',
> '@\[\((.*?)\)[EMAIL PROTECTED]',
> '@{{(.*?)[EMAIL PROTECTED]',
> '@\[\*(.*?)[EMAIL PROTECTED]');
> foreach($_POST as $key => $value) {
> $_POST[$key] = preg_replace($modxtags,"", $value);
> }
> foreach($_GET as $key => $value) {
> $_GET[$key] = preg_replace($modxtags,"", $value);
> }
I find this part funny. I wonder what they think this is securing.
-Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
