tianya
преди 6 месеца
променени са 1 файла, в които са добавени 2 реда и са изтрити 43 реда
Разделен изглед
Diff Options
-
+2 -43src/user/config.php
+ 2
- 43
src/user/config.php
Целия файл
| @@ -21,56 +21,15 @@ function XSSClean($val) | |||
| } | |||
| return $val; | |||
| } | |||
| $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','', $val); | |||
| $search = 'abcdefghijklmnopqrstuvwxyz'; | |||
| $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; | |||
| $search .= '1234567890!@#$%^&*()'; | |||
| $search .= '~`";:?+/={}[]-_|\'\\'; | |||
| for ($i = 0; $i < strlen($search); $i++) { | |||
| $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); //with a ; | |||
| $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); //with a ; | |||
| } | |||
| $val = str_replace("`", "‘", $val); | |||
| $val = str_replace("'", "‘", $val); | |||
| $val = str_replace("\"", "“", $val); | |||
| $val = str_replace(",", ",", $val); | |||
| $val = str_replace("(", "(", $val); | |||
| $val = str_replace(")", ")", $val); | |||
| $ra1 = array('javascript','vbscript','expression','applet','meta','xml','blink','link','style','script','embed','object','iframe','frame','frameset','ilayer','layer','bgsound','title','base'); | |||
| $ra2 = array('onabort','onactivate','onafterprint','onafterupdate','onbeforeactivate','onbeforecopy','onbeforecut','onbeforedeactivate','onbeforeeditfocus','onbeforepaste','onbeforeprint','onbeforeunload','onbeforeupdate','onblur','onbounce','oncellchange','onchange','onclick','oncontrolselect','oncopy','oncut','ondataavailable','ondatasetchanged','ondatasetcomplete','ondblclick','ondeactivate','ondrag','ondragend','ondragenter','ondragleave','ondragover','ondragstart','ondrop','onerror','onerrorupdate','onfilterchange','onfinish','onfocus','onfocusin','onfocusout','onhelp','onkeydown','onkeypress','onkeyup','onlayoutcomplete','onload','onlosecapture','onmousedown','onmouseenter','onmouseleave','onmousemove','onmouseout','onmouseover','onmouseup','onmousewheel','onmove','onmoveend','onmovestart','onpaste','onpropertychange','onreadystatechange','onreset','onresize','onresizeend','onresizestart','onrowenter','onrowexit','onrowsdelete','onrowsinserted','onscroll','onselect','onselectionchange','onselectstart','onstart','onstop','onsubmit','onunload'); | |||
| $ra = array_merge($ra1, $ra2); | |||
| $found = true; | |||
| while ($found == true) { | |||
| $val_before = $val; | |||
| for ($i = 0; $i < sizeof($ra); $i++) { | |||
| $pattern = '/'; | |||
| for ($j = 0; $j < strlen($ra[$i]); $j++) { | |||
| if ($j > 0) { | |||
| $pattern .= '('; | |||
| $pattern .= '(&#[xX]0{0,8}([9ab]);)'; | |||
| $pattern .= '|'; | |||
| $pattern .= '|(�{0,8}([9|10|13]);)'; | |||
| $pattern .= ')*'; | |||
| } | |||
| $pattern .= $ra[$i][$j]; | |||
| } | |||
| $pattern .= '/i'; | |||
| $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); | |||
| $val = preg_replace($pattern, $replacement, $val); | |||
| if ($val_before == $val) { | |||
| $found = false; | |||
| } | |||
| } | |||
| } | |||
| if ($cfg_soft_lang == 'gb2312') utf82gb($val); | |||
| return $val; | |||
| return RemoveXss($val); | |||
| } | |||
| $_GET = XSSClean($_GET); | |||
| $_POST = XSSClean($_POST); | |||
| $_REQUEST = XSSClean($_REQUEST); | |||
| $_COOKIE = XSSClean($_COOKIE); | |||
| require_once(dirname(__FILE__).'/../system/common.inc.php'); | |||
| //require_once(DEDEINC.'/filter.inc.php'); | |||
| require_once(DEDEINC.'/filter.inc.php'); | |||
| require_once(DEDEINC.'/memberlogin.class.php'); | |||
| require_once(DEDEINC.'/dedetemplate.class.php'); | |||
| //检查CSRF | |||