Bugfix

[simpleipd.git] / require.php

diff --git a/require.php b/require.php
index 619e891e005b6d629e3181ed799ffdbf326a21a2..2ca6af56733c239a1c9200e8f01e25e9e8355b3f 100644 (file)
--- a/require.php
+++ b/require.php
@@ -1,15 +1,19 @@
 <?php
 require(__DIR__."/config.php");
 require("lib/access.php");
+require("lib/log.php");
 require("lib/db.php");
 require("lib/functions.php");
+date_default_timezone_set(CONFIG_TZ);
 session_start();
 $page=basename($_SERVER["PHP_SELF"]);
-if($page!="login.php" && $page!="index.php"){
+if($page!="login.php"){
   if(empty($_SESSION["user"])){
     header("Location: login.php");
     exit();
   }
+}
+if($page!="login.php" && $page!="index.php"){
   $access=checkAccess(basename($_SERVER["PHP_SELF"], ".php"));
   if($access!="all" && $access!="view"){
     header("Location: error.php");
@@ -18,12 +22,20 @@ if($page!="login.php" && $page!="index.php"){
 }
 if(!empty($_GET)){
   foreach($_GET as $k=>$v){
-    $_GET[$k]=htmlspecialchars($v);
+    $_GET[$k]=htmlspecialchars(trim($v));
   }
 }
 if(!empty($_POST)){
   foreach($_POST as $k=>$v){
-    $_POST[$k]=htmlspecialchars($v);
+    if(is_array($v)){
+      foreach($v as $k2=>$v2){
+        $v[$k2]=htmlspecialchars(trim($v2));
+      }
+      $_POST["k"]=$v;
+    }
+    else{
+      $_POST[$k]=htmlspecialchars(trim($v));
+    }
   }
 }
 ?>