From 7bd03b3b98221c39f69444f76feb4d77f41b6a6a Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@users.sourceforge.net>
Date: Mon, 7 Mar 2011 23:15:44 +0000
Subject: [PATCH] A better way to block injections

---
 htdocs/main.inc.php | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 534b266ae90..dcd5a46199b 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -87,23 +87,15 @@ function analyse_sql_and_script(&$var,$get)
 	{
 		foreach ($var as $key => $value)
 		{
-			/*if (test_sql_and_script_inject($key,$get) > 0) // We do not check key, only values
+			if (analyse_sql_and_script($value,$get))
+			{
+				$var[$key] = $value;
+			}
+			else
 			{
 				print 'Access refused by SQL/Script injection protection in main.inc.php';
 				exit;
 			}
-			else
-			{*/
-				if (analyse_sql_and_script($value,$get))
-				{
-					$var[$key] = $value;
-				}
-				else
-				{
-					print 'Access refused by SQL/Script injection protection in main.inc.php';
-					exit;
-				}
-			/*}*/
 		}
 		return true;
 	}