From ecee1ec54748c4ecc3ae6e16a1910933464b3c5f Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Mon, 7 Mar 2011 23:11:54 +0000 Subject: [PATCH] A better way to block injections --- htdocs/main.inc.php | 8 -------- 1 file changed, 8 deletions(-) diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index acc4f798bc8..534b266ae90 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -120,14 +120,6 @@ $morevaltochecklikeget=array($_SERVER["QUERY_STRING"]); analyse_sql_and_script($morevaltochecklikeget,1); // Sanity check on POST analyse_sql_and_script($_POST,0); -/* -// Clean PHP_SELF for prevent XSS attack -// Get the name of the current file -$phpself = basename($_SERVER["SCRIPT_NAME"]); -// Get everything from start of PHP_SELF to where $phpself begins -// Cut that part out, and place $phpself after it -$_SERVER['PHP_SELF'] = substr($_SERVER['PHP_SELF'], 0, strpos($_SERVER['PHP_SELF'],$phpself)) . $phpself; -*/ // This is to make Dolibarr working with Plesk if (! empty($_SERVER['DOCUMENT_ROOT'])) set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');