Skip to content

Commit

Permalink
Version 3.3.7
Browse files Browse the repository at this point in the history 
去除addslashes转义(无sql),确保UI显示的是非转义的结果
  • Loading branch information
@firesunCN
firesunCN committed Feb 3, 2016
1 parent 3cb52ed commit 1669079
Show file tree
Hide file tree
Showing 4 changed files with 48 additions and 14 deletions.
42 changes: 38 additions & 4 deletions api.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,11 @@
//添加js模板
case 'add':
if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = save_js_desc( JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( JS_TEMPLATE_PATH, $_POST['content'], $_POST['name'] );
echo json_encode( $result );
Expand All @@ -67,6 +72,12 @@
//修改js模板
case 'modify':
if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['old_name'] = stripslashes($_POST['old_name']);
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = true;
if ( $_POST['old_name'] != $_POST['name'] )
$result = delete_js( JS_TEMPLATE_PATH, $_POST['old_name'] );
Expand All @@ -85,16 +96,22 @@

//获取某一js模板的内容
case 'get':
if ( isset( $_GET['name'] ) )
if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( load_js_content( JS_TEMPLATE_PATH, $_GET['name'] ) );
}
else
echo json_encode( false );
break;

//删除js模板
case 'del':
if ( isset( $_GET['name'] ) )
if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( delete_js( JS_TEMPLATE_PATH, $_GET['name'] ) );
}
else
echo json_encode( false );
break;
Expand All @@ -119,6 +136,11 @@
//添加js模板
case 'add':
if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = save_js_desc( MY_JS_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( MY_JS_PATH, $_POST['content'], $_POST['name'] );
echo json_encode( $result );
Expand All @@ -131,6 +153,12 @@
//修改js模板
case 'modify':
if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['old_name'] = stripslashes($_POST['old_name']);
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = true;
if ( $_POST['old_name'] != $_POST['name'] )
$result = delete_js( MY_JS_PATH, $_POST['old_name'] );
Expand All @@ -147,16 +175,22 @@

//获取某一js模板的内容
case 'get':
if ( isset( $_GET['name'] ) )
if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( load_js_content( MY_JS_PATH, $_GET['name'] ) );
}
else
echo json_encode( false );
break;

//删除js模板
case 'del':
if ( isset( $_GET['name'] ) )
if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( delete_js( MY_JS_PATH, $_GET['name'] ) );
}
else
echo json_encode( false );
break;
Expand Down
10 changes: 5 additions & 5 deletions dio.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ function load_xss_record( $id ) {

$isChange = false;
if ( !isset( $info['location'] ) ) {
$info['location'] = stripStr( convertip( $info['user_IP'], IPDATA_PATH ) );
$info['location'] = convertip( $info['user_IP'], IPDATA_PATH );
$isChange = true;
}

Expand Down Expand Up @@ -116,7 +116,7 @@ function list_xss_record_detail() {
$isChange = false;
//如果没有设置location,就查询qqwry.dat判断location
if ( !isset( $info['location'] ) ) {
$info['location'] = stripStr( convertip( $info['user_IP'], IPDATA_PATH ) );
$info['location'] = convertip( $info['user_IP'], IPDATA_PATH );
$isChange = true;
}

Expand Down Expand Up @@ -216,7 +216,7 @@ function list_js_name_and_desc( $path ) {
$filename = preg_replace( '/^.+[\\\\\\/]/', '', $file );
$filename = substr( $filename, 0, strlen( $filename ) - 3 );
$item['js_name'] = $filename;
$item['js_name_abbr'] = stripStr( $filename );
$item['js_name_abbr'] = htmlspecialchars($filename, ENT_QUOTES, 'UTF-8');

$result = @file_get_contents( dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc' );
$result = $result ? $result : "";
Expand All @@ -228,9 +228,9 @@ function list_js_name_and_desc( $path ) {
$result = "加密密码不符,无法获得描述";

$item['js_description'] = $result;
$item['js_description_abbr'] = stripStr( $result );
$item['js_description_abbr'] = htmlspecialchars($result, ENT_QUOTES, 'UTF-8');

//特别注意:只有js_name_abbr,js_description_abbr经过stripStr处理
//特别注意:只有js_name_abbr,js_description_abbr经过htmlspecialchars处理
$list[] = $item;

}
Expand Down
4 changes: 2 additions & 2 deletions functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ function isKeepSession($info) {
function stripStr($str) {
if (get_magic_quotes_gpc())
$str = stripslashes($str);
return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8'));
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}

function stripArr($arr) {
Expand Down Expand Up @@ -121,7 +121,7 @@ function decrypt($info) {
return $info;
}

//基于Discuz X3.1 function_misc.php
//基于Discuz X3.1 function_misc.php 函数已过滤,可直接输出
function convertip($ip, $ipdatafile) {
$ipaddr = '未知';
if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) {
Expand Down
6 changes: 3 additions & 3 deletions keepsession.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@

}

//可加上sleep来防止keepsession被ddos
//可加上sleep来防止keepsession被ddos
//sleep(10);
flock($pid, LOCK_UN);
}
Expand All @@ -75,7 +75,7 @@ function getCookie($info)
else if (isset($info['cookie_data']['cookie']) && $info['cookie_data']['cookie'] != "")
$cookie = $info['cookie_data']['cookie'];

return htmlspecialchars_decode(stripslashes($cookie), ENT_QUOTES);
return htmlspecialchars_decode($cookie, ENT_QUOTES);

}

Expand All @@ -98,5 +98,5 @@ function getLocation($info)
else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "")
$location = $info['headers_data']['Referer'];

return htmlspecialchars_decode(stripslashes($location), ENT_QUOTES);
return htmlspecialchars_decode($location, ENT_QUOTES);
}

0 comments on commit 1669079

Please sign in to comment.