DedeBIZ
/
DedeV6
İzle 2
Yıldızla 0
Çatalla 0
Kod Değişiklik İstekleri 0 Sürümler 31 Aktivite
Kaynağa Gözat

Update config.php

tags/6.5.8
tianya 1 hafta önce
ebeveyn
131d0f0756
işleme
20f220452b
1 değiştirilmiş dosya ile 2 ekleme ve 43 silme
Birleşik Görünüm
Diff Seçenekleri
İstatistikleri Göster Yama Dosyasını İndir Diff Dosyasını İndir
  1. +2
    -43
      src/user/config.php

+ 2
- 43
src/user/config.php Dosyayı Görüntüle

@@ -21,56 +21,15 @@ function XSSClean($val)
} }
return $val; return $val;
} }
$val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','', $val);
$search = 'abcdefghijklmnopqrstuvwxyz';
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$search .= '1234567890!@#$%^&*()';
$search .= '~`";:?+/={}[]-_|\'\\';
for ($i = 0; $i < strlen($search); $i++) {
$val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); //with a ;
$val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); //with a ;
}
$val = str_replace("`", "‘", $val);
$val = str_replace("'", "‘", $val);
$val = str_replace("\"", "“", $val);
$val = str_replace(",", ",", $val);
$val = str_replace("(", "(", $val);
$val = str_replace(")", ")", $val);
$ra1 = array('javascript','vbscript','expression','applet','meta','xml','blink','link','style','script','embed','object','iframe','frame','frameset','ilayer','layer','bgsound','title','base');
$ra2 = array('onabort','onactivate','onafterprint','onafterupdate','onbeforeactivate','onbeforecopy','onbeforecut','onbeforedeactivate','onbeforeeditfocus','onbeforepaste','onbeforeprint','onbeforeunload','onbeforeupdate','onblur','onbounce','oncellchange','onchange','onclick','oncontrolselect','oncopy','oncut','ondataavailable','ondatasetchanged','ondatasetcomplete','ondblclick','ondeactivate','ondrag','ondragend','ondragenter','ondragleave','ondragover','ondragstart','ondrop','onerror','onerrorupdate','onfilterchange','onfinish','onfocus','onfocusin','onfocusout','onhelp','onkeydown','onkeypress','onkeyup','onlayoutcomplete','onload','onlosecapture','onmousedown','onmouseenter','onmouseleave','onmousemove','onmouseout','onmouseover','onmouseup','onmousewheel','onmove','onmoveend','onmovestart','onpaste','onpropertychange','onreadystatechange','onreset','onresize','onresizeend','onresizestart','onrowenter','onrowexit','onrowsdelete','onrowsinserted','onscroll','onselect','onselectionchange','onselectstart','onstart','onstop','onsubmit','onunload');
$ra = array_merge($ra1, $ra2);
$found = true;
while ($found == true) {
$val_before = $val;
for ($i = 0; $i < sizeof($ra); $i++) {
$pattern = '/';
for ($j = 0; $j < strlen($ra[$i]); $j++) {
if ($j > 0) {
$pattern .= '(';
$pattern .= '(&#[xX]0{0,8}([9ab]);)';
$pattern .= '|';
$pattern .= '|(&#0{0,8}([9|10|13]);)';
$pattern .= ')*';
}
$pattern .= $ra[$i][$j];
}
$pattern .= '/i';
$replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);
$val = preg_replace($pattern, $replacement, $val);
if ($val_before == $val) {
$found = false;
}
}
}
if ($cfg_soft_lang == 'gb2312') utf82gb($val); if ($cfg_soft_lang == 'gb2312') utf82gb($val);
return $val;
return RemoveXss($val);
} }
$_GET = XSSClean($_GET); $_GET = XSSClean($_GET);
$_POST = XSSClean($_POST); $_POST = XSSClean($_POST);
$_REQUEST = XSSClean($_REQUEST); $_REQUEST = XSSClean($_REQUEST);
$_COOKIE = XSSClean($_COOKIE); $_COOKIE = XSSClean($_COOKIE);
require_once(dirname(__FILE__).'/../system/common.inc.php'); require_once(dirname(__FILE__).'/../system/common.inc.php');
//require_once(DEDEINC.'/filter.inc.php');
require_once(DEDEINC.'/filter.inc.php');
require_once(DEDEINC.'/memberlogin.class.php'); require_once(DEDEINC.'/memberlogin.class.php');
require_once(DEDEINC.'/dedetemplate.class.php'); require_once(DEDEINC.'/dedetemplate.class.php');
//检查CSRF //检查CSRF


Yaz Önizleme
Yükleniyor…
İptal
Kaydet