Well, the other day inspecting other games, other language systems, websites, layout, etc ... I found a security vulnerability for sites (system validation of incoming data), I am using in my layout.php, and so far not had any failure eh, if he wants to finish his fix everything, but never forget the credits thanks (but iam not creator), this code i dont know if will working(i have not yet reached this level .php and security xD)
Credits to whos create this code.
rep+ if this script got any fuction for you, sorry for my english.
PHP:
$queryString = strtolower($_SERVER['QUERY_STRING']);
if(strstr($queryString, "<") || strstr($queryString, ">") || strstr($queryString, "(") || strstr($queryString, ")") ||
strstr($queryString, "..") || strstr($queryString, "%") || strstr($queryString, "*") || strstr($queryString, "+") ||
strstr($queryString, "!") || strstr($queryString, "@") || strstr($queryString, "'") || strstr($queryString, "/")) {
$loc = $_SERVER['PHP_SELF'];
$ip = $_SERVER['REMOTE_ADDR'];
$date = date("d-m-Y @ h:i:s");
$lfh = "_logs/xss.log";
$log = fopen ($lfh, "a+");
fputs ($log, "Attack Date: ".$date." | Attacker IP: ".$ip." | QueryString: index.php?".$loc=$queryString."
");
fclose($log);
header('Location: index.php');
exit();}
Credits to whos create this code.
rep+ if this script got any fuction for you, sorry for my english.