1<?php 2 // Security precaution: prevent script tags: <script>, <javascript "">, etc. 3 foreach ($HTTP_GET_VARS as $secvalue) 4 { 5 if (eregi("<[^>]*script*\"?[^>]*>", $secvalue)) 6 { 7 die("A security breach has been attempted and refused."); 8 } 9 } 10 11 // Security precaution: don't let anyone call xxx.inc.php files or 12 // construct URLs with relative paths (ie, /dir1/../dir2/) 13 // also deny direct access to blocks. 14 if (eregi("\.inc\.php",$PHP_SELF) || eregi("block-.*\.php",$PHP_SELF) ||ereg("\.\.",$PHP_SELF)) 15 { 16 die("Invalid URL"); 17 } 18?> 19