is phpizabi back??

I just saw an security fix update at www.phpizabi.net posted on july,9th. What it does is provide security against the attack used in comment form to reveal other user sensitive informations. The below code protects you from that attack at line 75:

// SQL INJECTIONS / XSS HACKS PROTECTION //////////////////////////////////////////////
$entities = array(";"=>"&amp;#059;", "\""=>"&amp;quot;", "'"=>"&amp;#039;", "<"=>"&amp;lt;", ">"=>"&amp;gt;", "\\"=>"&amp;#092;", "^"=>"&amp;#094;", "{"=>"&amp;#123;", "}"=>"&amp;#125;");

if (isset($_POST)) foreach($_POST as $var => $val)
if (!is_array($val) and substr($var, 0, 1) != "_")
$_POST[$var] = trim(strtr(stripslashes($val), $entities));

if (isset($_GET)) foreach($_GET as $var => $val)
if (!is_array($val) and substr($var, 0, 1) != "_")
$_GET[$var] = trim(strtr(stripslashes($val), $entities));

unset ($var, $val, $entities);

I hope phpizabi will be back soon and become stronger. Let’s hope for it as it was the best script i have ever used.

Leave a comment