* code for safe in framework.
This commit is contained in:
wangyidong
@@ -616,52 +616,3 @@ function isonlybody()
|
||||
{
|
||||
return (isset($_GET['onlybody']) and $_GET['onlybody'] == 'yes');
|
||||
}
|
||||
|
||||
/**
|
||||
* Process evil params.
|
||||
*
|
||||
* @param string $value
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
function processEvil($value)
|
||||
{
|
||||
if(strpos(htmlspecialchars_decode($value), '<?') !== false)
|
||||
{
|
||||
$value = (string) $value;
|
||||
$evils = array('eval', 'exec', 'passthru', 'proc_open', 'shell_exec', 'system', '$$', 'include', 'require', 'assert');
|
||||
$gibbedEvils = array('e v a l', 'e x e c', ' p a s s t h r u', ' p r o c _ o p e n', 's h e l l _ e x e c', 's y s t e m', '$ $', 'i n c l u d e', 'r e q u i r e', 'a s s e r t');
|
||||
return str_ireplace($evils, $gibbedEvils, $value);
|
||||
}
|
||||
return $value;
|
||||
}
|
||||
|
||||
/**
|
||||
* Process array evils.
|
||||
*
|
||||
* @param array $params
|
||||
* @access public
|
||||
* @return array
|
||||
*/
|
||||
function processArrayEvils($params)
|
||||
{
|
||||
$params = (array) $params;
|
||||
foreach($params as $item => $values)
|
||||
{
|
||||
if(!is_array($values))
|
||||
{
|
||||
$params[$item] = processEvil($values);
|
||||
if(processEvil($item) != $item) unset($params[$item]);
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach($values as $key => $value)
|
||||
{
|
||||
if(is_array($value)) continue;
|
||||
$params[$item][$key] = processEvil($value);
|
||||
if(processEvil($key) != $key) unset($params[$item][$key]);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $params;
|
||||
}
|
||||
|
||||
@@ -292,10 +292,9 @@ class router
|
||||
$this->setModuleRoot();
|
||||
$this->setThemeRoot();
|
||||
|
||||
$this->loadConfig('common');
|
||||
$this->filterSuperVars();
|
||||
$this->setSuperVars();
|
||||
|
||||
$this->loadConfig('common');
|
||||
$this->setDebug();
|
||||
$this->setErrorHandler();
|
||||
|
||||
@@ -477,9 +476,36 @@ class router
|
||||
*/
|
||||
public function filterSuperVars()
|
||||
{
|
||||
$_POST = processArrayEvils($_POST);
|
||||
$_GET = processArrayEvils($_GET);
|
||||
$_COOKIE = processArrayEvils($_COOKIE);
|
||||
if(!empty($_COOKIE))
|
||||
{
|
||||
foreach($_COOKIE as $cookieKey => $cookieValue)
|
||||
{
|
||||
if(preg_match('/[^a-zA-Z0-9=_- ,`+\/\.]/', $cookieValue)) unset($_COOKIE[$cookieKey]);
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($_FILES))
|
||||
{
|
||||
foreach($_FILES as $varName => $files)
|
||||
{
|
||||
if(is_array($files['name']))
|
||||
{
|
||||
foreach($files['name'] as $i => $fileName)
|
||||
{
|
||||
$extension = ltrim(strrchr($fileName, '.'), '.');
|
||||
if(strrpos($this->config->file->dangers, $extension) !== false)
|
||||
{
|
||||
foreach($files as $fileKey => $value) unset($_FILES[$varName][$fileKey][$i]);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$extension = ltrim(strrchr($files['name'], '.'), '.');
|
||||
if(strrpos($this->config->file->dangers, $extension) !== false) $_FILES[$varName] = array();
|
||||
}
|
||||
}
|
||||
}
|
||||
unset($_GLOBALS);
|
||||
unset($_REQUEST);
|
||||
}
|
||||
@@ -1205,6 +1231,12 @@ class router
|
||||
*/
|
||||
private function mergeParams($defaultParams, $passedParams)
|
||||
{
|
||||
/* Check params from URL. */
|
||||
foreach($passedParams as $param => $value)
|
||||
{
|
||||
if(preg_match('/[^a-zA-Z0-9=_,`+\/\.]/', $value)) die('Error params!');
|
||||
}
|
||||
|
||||
/* If not strict mode, the keys of passed params and default params must be the same order. */
|
||||
if(!isset($this->config->strictParams) or $this->config->strictParams == false)
|
||||
{
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
<td><?php echo $user->mobile?></td>
|
||||
<td><?php echo $user->birthday?></td>
|
||||
<td><?php echo $lang->admin->safe->reasonList[$user->weakReason];?></td>
|
||||
<td><?php common::printIcon('user', 'edit', "userID=$user->id", '', 'list');?></td>
|
||||
<td><?php common::printIcon('user', 'edit', "userID=" . helper::safe64Encode($user->account), '', 'list');?></td>
|
||||
</tr>
|
||||
<?php endforeach;?>
|
||||
</tbody>
|
||||
|
||||
@@ -78,7 +78,7 @@ js::set('confirmDelete', $lang->user->confirmDelete);
|
||||
<td><?php echo $user->visits;?></td>
|
||||
<td class='text-left'>
|
||||
<?php
|
||||
common::printIcon('user', 'edit', "userID=$user->account&from=company", '', 'list');
|
||||
common::printIcon('user', 'edit', "userID=" . helper::safe64Encode($user->account) . "&from=company", '', 'list');
|
||||
if(strpos($this->app->company->admins, ",{$user->account},") === false and common::hasPriv('user', 'delete'))
|
||||
{
|
||||
echo html::a($this->createLink('user', 'delete', "userID=$user->id"), '<i class="icon-remove"></i>', '', "title='{$lang->user->delete}' class='btn-icon iframe'");
|
||||
|
||||
@@ -471,6 +471,7 @@ class user extends control
|
||||
*/
|
||||
public function edit($userID)
|
||||
{
|
||||
$userID = helper::safe64Decode($userID);
|
||||
$this->lang->set('menugroup.user', 'company');
|
||||
$this->lang->user->menu = $this->lang->company->menu;
|
||||
$this->lang->user->menuOrder = $this->lang->company->menuOrder;
|
||||
|
||||
@@ -21,7 +21,7 @@
|
||||
<small class='text-muted'> <?php echo $lang->user->profile;?> <?php echo html::icon('eye-open');?></small>
|
||||
</div>
|
||||
<div class='actions'>
|
||||
<?php echo html::a($this->createLink('user', 'edit', "userID=$user->id"), html::icon('pencil') . ' ' . $lang->user->editProfile, '', "class='btn btn-primary'"); ?>
|
||||
<?php echo html::a($this->createLink('user', 'edit', "userID=" . helper::safe64Encode($user->account)), html::icon('pencil') . ' ' . $lang->user->editProfile, '', "class='btn btn-primary'"); ?>
|
||||
</div>
|
||||
</div>
|
||||
<table class='table table-borderless table-data'>
|
||||
|
||||
Reference in New Issue
Block a user