DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
3 Branches
110MB
Tree: 66f402eac8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66f402eac8'
${ noResults }
DedeV6/src/include/request.class.php

230 lines
6.2KB
Raw Blame History 

  1. <?php

  2. 

  3. /**

  4.  * 处理外部请求变量的类

  5.  *

  6.  * 禁止此文件以外的文件出现 $_POST、$_GET、$_FILES变量及eval函数(用request::myeval )

  7.  * 以便于对主要黑客攻击进行防范

  8.  *

  9.  * @version        $Id: request.class.php 1 12:03 2010-10-28 tianya $

  10.  * @package        DedeBIZ.Libraries

  11.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  12.  * @license        https://www.dedebiz.com/license

  13.  * @link           https://www.dedebiz.com

  14.  */

  15. // REQUEST常量,用于判断是否启用REQUEST类

  16. define('DEDEREQUEST', TRUE);

  17. 

  18. //简化 cls_request::item() 函数

  19. function Request($key, $df = '')

  20. {

  21.     $GLOBALS['request'] = isset($GLOBALS['request']) ? $GLOBALS['request'] : new Request;

  22.     if (!$GLOBALS['request']->isinit) {

  23.         $GLOBALS['request']->Init();

  24.     }

  25.     return $GLOBALS['request']->Item($key, $df);

  26. }

  27. class Request

  28. {

  29. 

  30.     var $isinit = false;

  31.     //用户的cookie

  32.     var $cookies = array();

  33. 

  34.     //把GET、POST的变量合并一块,相当于 _REQUEST

  35.     var $forms = array();

  36. 

  37.     //_GET 变量

  38.     var $gets = array();

  39. 

  40.     //_POST 变量

  41.     var $posts = array();

  42. 

  43.     //用户的请求模式 GET 或 POST

  44.     var $request_type = 'GET';

  45. 

  46.     //文件变量

  47.     var $files = array();

  48. 

  49.     //严禁保存的文件名

  50.     var $filter_filename = '/\.(php|pl|sh|js)$/i';

  51. 

  52.     /**

  53.      * 初始化用户请求

  54.      * 对于 post、get 的数据,会转到 selfforms 数组, 并删除原来数组

  55.      * 对于 cookie 的数据,会转到 cookies 数组,但不删除原来数组

  56.      */

  57.     function Init()

  58.     {

  59.         global $_POST, $_GET;

  60.         //处理post、get

  61.         $formarr = array('p' => $_POST, 'g' => $_GET);

  62.         foreach ($formarr as $_k => $_r) {

  63.             if (count($_r) > 0) {

  64.                 foreach ($_r as $k => $v) {

  65.                     if (preg_match('/^cfg_(.*?)/i', $k)) {

  66.                         continue;

  67.                     }

  68.                     $this->forms[$k] = $v;

  69.                     if ($_k == 'p') {

  70.                         $this->posts[$k] = $v;

  71.                     } else {

  72.                         $this->gets[$k] = $v;

  73.                     }

  74.                 }

  75.             }

  76.         }

  77.         unset($_POST);

  78.         unset($_GET);

  79.         unset($_REQUEST);

  80. 

  81.         //处理cookie

  82.         if (count($_COOKIE) > 0) {

  83.             foreach ($_COOKIE as $k => $v) {

  84.                 if (preg_match('/^config/i', $k)) {

  85.                     continue;

  86.                 }

  87.                 $this->cookies[$k] = $v;

  88.             }

  89.         }

  90.         //unset($_POST, $_GET);

  91. 

  92.         //上传的文件处理

  93.         if (isset($_FILES) && count($_FILES) > 0) {

  94.             $this->FilterFiles($_FILES);

  95.         }

  96.         $this->isinit = TRUE;

  97. 

  98.         //global变量

  99.         //self::$forms['_global'] = $GLOBALS;

  100.     }

  101. 

  102.     /**

  103.      * 把 eval 重命名为 myeval

  104.      */

  105.     function MyEval($phpcode)

  106.     {

  107.         return eval($phpcode);

  108.     }

  109. 

  110.     /**

  111.      * 获得指定表单值

  112.      */

  113.     function Item($formname, $defaultvalue = '')

  114.     {

  115.         return isset($this->forms[$formname]) ? $this->forms[$formname] :  $defaultvalue;

  116.     }

  117. 

  118.     /**

  119.      * 获得指定临时文件名值

  120.      */

  121.     function Upfile($formname, $defaultvalue = '')

  122.     {

  123.         return isset($this->files[$formname]['tmp_name']) ? $this->files[$formname]['tmp_name'] :  $defaultvalue;

  124.     }

  125. 

  126.     /**

  127.      * 过滤文件相关

  128.      */

  129.     function FilterFiles(&$files)

  130.     {

  131.         foreach ($files as $k => $v) {

  132.             $this->files[$k] = $v;

  133.         }

  134.         unset($_FILES);

  135.     }

  136. 

  137.     /**

  138.      * 移动上传的文件

  139.      */

  140.     function MoveUploadFile($formname, $filename, $filetype = '')

  141.     {

  142.         if ($this->IsUploadFile($formname)) {

  143.             if (preg_match($this->filter_filename, $filename)) {

  144.                 return FALSE;

  145.             } else {

  146.                 return move_uploaded_file($this->files[$formname]['tmp_name'], $filename);

  147.             }

  148.         }

  149.     }

  150. 

  151.     /**

  152.      * 获得文件的扩展名

  153.      */

  154.     function GetShortname($formname)

  155.     {

  156.         $filetype = strtolower(isset($this->files[$formname]['type']) ? $this->files[$formname]['type'] : '');

  157.         $shortname = '';

  158.         switch ($filetype) {

  159.             case 'image/jpeg':

  160.                 $shortname = 'jpg';

  161.                 break;

  162.             case 'image/pjpeg':

  163.                 $shortname = 'jpg';

  164.                 break;

  165.             case 'image/gif':

  166.                 $shortname = 'gif';

  167.                 break;

  168.             case 'image/png':

  169.                 $shortname = 'png';

  170.                 break;

  171.             case 'image/xpng':

  172.                 $shortname = 'png';

  173.                 break;

  174.             case 'image/wbmp':

  175.                 $shortname = 'bmp';

  176.                 break;

  177.             default:

  178.                 $filename = isset($this->files[$formname]['name']) ? $this->files[$formname]['name'] : '';

  179.                 if (preg_match("/\./", $filename)) {

  180.                     $fs = explode('.', $filename);

  181.                     $shortname = strtolower($fs[count($fs) - 1]);

  182.                 }

  183.                 break;

  184.         }

  185.         return $shortname;

  186.     }

  187. 

  188.     /**

  189.      * 获得指定文件表单的文件详细信息

  190.      */

  191.     function GetFileInfo($formname, $item = '')

  192.     {

  193.         if (!isset($this->files[$formname]['tmp_name'])) {

  194.             return FALSE;

  195.         } else {

  196.             if ($item == '') {

  197.                 return $this->files[$formname];

  198.             } else {

  199.                 return (isset($this->files[$formname][$item]) ? $this->files[$formname][$item] : '');

  200.             }

  201.         }

  202.     }

  203. 

  204.     /**

  205.      * 判断是否存在上传的文件

  206.      */

  207.     function IsUploadFile($formname)

  208.     {

  209.         if (!isset($this->files[$formname]['tmp_name'])) {

  210.             return FALSE;

  211.         } else {

  212.             return is_uploaded_file($this->files[$formname]['tmp_name']);

  213.         }

  214.     }

  215. 

  216.     /**

  217.      * 检查文件后缀是否为指定值

  218.      *

  219.      * @param  string  $subfix

  220.      * @return boolean

  221.      */

  222.     function CheckSubfix($formname, $subfix = 'csv')

  223.     {

  224.         if ($this->GetShortname($formname) != $subfix) {

  225.             return FALSE;

  226.         }

  227.         return TRUE;

  228.     }

  229. }