Improved XSS prevention

Added filename sanitizing function

includes/general.php

@@ -59,7 +59,10 @@
 		}
 		else
 		{
-			header("location: https://".$_SERVER['HTTP_HOST']);
+			if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
+			header("location: https://". $_SESSION['_config']['securehostname']);
+			if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['tverify'])
+			header("location: https://".$_SESSION['_config']['tverify']);
 			exit;
 		}
 	}
@@ -805,5 +808,11 @@
 		return(preg_replace("/[^A-Za-z0-9\n\r\-\:\=\+\/ ]/","",$CSR));
 	}
 
+	function sanitizeFilename($text)
+	{
+		$text=preg_replace("/[^\w-.@]/","",$text);
+		return($text);
+	}
+
 
 ?>