foreach ($HTTP_GET_VARS as $key=>$val) {
if (ereg("^_priv_(postget.*)\$",$val,$matched)) {
- if ($HTTP_SERVER_VARS["REMOTE_ADDR"]!="127.0.0.1")
+ $permit=array("127.0.0.1"=>1,"192.168.192.1"=>1,"192.168.90.11"=>1);
+ if (!$permit[$HTTP_SERVER_VARS["REMOTE_ADDR"]])
print("Forbidden:"
." REMOTE_ADDR=".htmlspecialchars($HTTP_SERVER_VARS["REMOTE_ADDR"])
.",key=".htmlspecialchars($key)
if ($getget) {
$first='?';
foreach ($HTTP_GET_VARS as $key=>$val) {
- $where.="${first}$key=$val";
+ $where.="${first}".urlencode($key)."=".urlencode($val);
$first='&';
}
header("Location: $where");