Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/aproxy_cli.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/aproxy_cli.php	(revision 20267)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/aproxy_cli.php	(working copy)
@@ -3,6 +3,15 @@
 	$debugLog = false;
 	//$debugLog = true;
 	$logFile = '/tmp/debugLog.txt';
+        function check_sitename($site_name)
+        {
+                $pattern = '/^([0-9]|[a-z]|[A-Z]|[-_])+$/';
+                if (preg_match($pattern, $site_name)) {
+                        return true;
+                } else {
+                        return false;
+                }
+        }
 class cli 
 {
 	function cli()
@@ -298,4 +307,4 @@
 		}
 		return $output;
 	}	
-?>
\ No newline at end of file
+?>
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/rdp/avail.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/rdp/avail.php	(revision 20267)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/rdp/avail.php	(working copy)
@@ -121,6 +121,10 @@
 
 if (isset($_GET["siteid"])) {
 	$siteid = $_GET["siteid"];
+        if(!check_sitename($siteid)) {
+                error_log("siteid is invalid!");
+                exit("siteid is invalid!");
+        }
 } else {
 	error_log("siteid is null!");
 	exit("siteid is null!");
Index: /branches/rel_ag_9_4_5/aproxy/conf/php.ini
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/conf/php.ini	(revision 20267)
+++ /branches/rel_ag_9_4_5/aproxy/conf/php.ini	(working copy)
@@ -384,7 +384,7 @@
 ; It receives a comma-delimited list of function names. This directive is
 ; *NOT* affected by whether Safe Mode is turned On or Off.
 ; http://www.php.net/manual/en/ini.sect.safe-mode.php#ini.disable-functions
-disable_functions =
+disable_functions = passthru,phpinfo,show_source,proc_open
 
 ; This directive allows you to disable certain classes for security reasons.
 ; It receives a comma-delimited list of class names. This directive is
Index: /branches/rel_ag_9_4_5/lighttpd/conf/php.ini
===================================================================
--- /branches/rel_ag_9_4_5/lighttpd/conf/php.ini	(revision 20267)
+++ /branches/rel_ag_9_4_5/lighttpd/conf/php.ini	(working copy)
@@ -382,7 +382,7 @@
 ; It receives a comma-delimited list of function names. This directive is
 ; *NOT* affected by whether Safe Mode is turned On or Off.
 ; http://php.net/disable-functions
-disable_functions =
+disable_functions = passthru,phpinfo,show_source,proc_open
 
 ; This directive allows you to disable certain classes for security reasons.
 ; It receives a comma-delimited list of class names. This directive is