global $user_ID; if($user_ID) {
if(!current_user_can('administrator')) {
if (strlen($_SERVER['REQUEST_URI']) > 255 ||
stripos($_SERVER['REQUEST_URI'], "eval(") ||
stripos($_SERVER['REQUEST_URI'], "CONCAT") ||
stripos($_SERVER['REQUEST_URI'], "UNION+SELECT") ||
stripos($_SERVER['REQUEST_URI'], "base64")) {
@header("HTTP/1.1 414 Request-URI Too Long");
@header("Status: 414 Request-URI Too Long");
@header("Connection: Close");
@exit;
}
}
}
This function checks whether the user visiting the website is an administrator. If the user is not an administrator, the length of the current URL is checked. If the length is greater than 255 or if the URL contains certain strings such as "eval(", "CONCAT", "UNION+SELECT", or "base64", an HTTP error message with the code 414 Request-URI Too Long is returned and the connection is closed.
The function uses the global variables $user_ID and $_SERVER['REQUEST_URI']. If $user_ID exists, it checks whether the user is not an administrator by calling the function current_user_can('administrator'). If this condition is met, the length of the current URL is checked using strlen($_SERVER['REQUEST_URI']). If the length is greater than 255 or if certain strings are contained in the URL, an HTTP error message is returned and the connection is closed.
The function uses the PHP functions stripos() and @header() to check the URL length and send the HTTP error message. stripos() searches for a string within another string, regardless of case. @header() is used to send HTTP headers, including the status code and error message. The @ symbol before the function suppresses any error messages generated by the function.
EN 
DE 
FR 
PT 
ES