From 7ee9b8b60a6908736323de6fbcff3f8a80712198 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A5=81=E5=AE=81?= Date: Wed, 12 Mar 2014 12:58:44 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E4=BD=BF=E7=94=A8=E4=B8=8D?= =?UTF-8?q?=E5=90=88=E6=B3=95=E7=9A=84utf-8=E5=AD=97=E7=AC=A6=E4=B8=B2?= =?UTF-8?q?=E5=AF=BC=E8=87=B4=E7=9A=84=E6=95=B0=E6=8D=AE=E5=88=A4=E6=96=AD?= =?UTF-8?q?=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- var/Typecho/Common.php | 42 ++++--- var/Typecho/Request.php | 111 +++++++----------- var/Typecho/Response.php | 5 +- .../Widget/Helper/Form/Element/Hidden.php | 2 +- .../Widget/Helper/Form/Element/Password.php | 2 +- .../Widget/Helper/Form/Element/Text.php | 2 +- .../Widget/Helper/Form/Element/Textarea.php | 2 +- var/Widget/Contents/Post/Edit.php | 9 +- var/Widget/Options/Discussion.php | 4 +- var/Widget/Options/General.php | 3 +- var/Widget/Users/Edit.php | 2 +- 11 files changed, 90 insertions(+), 94 deletions(-) diff --git a/var/Typecho/Common.php b/var/Typecho/Common.php index 767064011c..e561d4e989 100644 --- a/var/Typecho/Common.php +++ b/var/Typecho/Common.php @@ -9,6 +9,8 @@ * @version $Id$ */ +define('__TYPECHO_MB_SUPPORTED__', function_exists('mb_get_info')); + /** * Typecho公用方法 * @@ -103,7 +105,7 @@ public static function __safePath($path) * @param mixed $matches * @static * @access public - * @return void + * @return bool */ public static function __filterAttrs($matches) { @@ -242,20 +244,9 @@ function __autoLoad($className) { */ public static function exceptionHandle(Exception $exception) { - //$obHandles = ob_list_handlers(); - @ob_end_clean(); - /* - if (in_array('ob_gzhandler', $obHandles)) { - ob_start('ob_gzhandler'); - } else { - ob_start(); - } - */ - if (defined('__TYPECHO_DEBUG__')) { - //@ob_clean(); echo nl2br($exception->__toString()); } else { if (404 == $exception->getCode() && !empty(self::$exceptionHandle)) { @@ -279,6 +270,7 @@ public static function exceptionHandle(Exception $exception) public static function error($exception) { $isException = is_object($exception); + $message = ''; if ($isException) { $code = $exception->getCode(); @@ -743,7 +735,7 @@ public static function subStr($str, $start, $length, $trim = "...") $iLength = self::strLen($str) - $start; $tLength = $length < $iLength ? ($length - self::strLen($trim)) : $length; - if (function_exists('mb_get_info')) { + if (__TYPECHO_MB_SUPPORTED__) { $str = mb_substr($str, $start, $tLength, self::$charset); } else { if ('UTF-8' == strtoupper(self::$charset)) { @@ -767,7 +759,7 @@ public static function subStr($str, $start, $length, $trim = "...") */ public static function strLen($str) { - if (function_exists('mb_get_info')) { + if (__TYPECHO_MB_SUPPORTED__) { return mb_strlen($str, self::$charset); } else { return 'UTF-8' == strtoupper(self::$charset) @@ -775,6 +767,26 @@ public static function strLen($str) } } + /** + * 检查是否为合法的编码数据 + * + * @param string|array $str + * @return boolean + */ + public static function checkStrEncoding($str) + { + if (is_array($str)) { + return array_map(array('Typecho_Common', 'checkStrEncoding'), $str); + } + + if (__TYPECHO_MB_SUPPORTED__) { + return mb_check_encoding($str, self::$charset); + } else { + // just support utf-8 + return preg_match('//u', $str); + } + } + /** * 生成缩略名 * @@ -792,7 +804,7 @@ public static function slugName($str, $default = NULL, $maxLength = 128) return $default; } - if (function_exists('mb_regex_encoding')) { + if (__TYPECHO_MB_SUPPORTED__) { mb_regex_encoding(self::$charset); mb_ereg_search_init($str, "[\w" . preg_quote('_-') . "]+"); $result = mb_ereg_search(); diff --git a/var/Typecho/Request.php b/var/Typecho/Request.php index 0f6272f0f6..54dd0eae04 100644 --- a/var/Typecho/Request.php +++ b/var/Typecho/Request.php @@ -7,6 +7,8 @@ * @version $Id$ */ +define('__TYPECHO_FILTER_SUPPORTED__', function_exists('filter_var')); + /** * 服务器请求处理类 * @@ -23,6 +25,13 @@ class Typecho_Request */ private $_params = array(); + /** + * 参数是否已经处理过 + * + * @var bool + */ + private $_paramsParsed = false; + /** * 路径信息 * @@ -95,6 +104,13 @@ class Typecho_Request */ private static $_instance = NULL; + /** + * 全部的http数据 + * + * @var bool|array + */ + private static $_httpParams = false; + /** * 当前过滤器 * @@ -146,9 +162,10 @@ private function _applyFilter($value) $value = is_array($value) ? array_map($filter, $value) : call_user_func($filter, $value); } + + $this->_filter = array(); } - $this->_filter = array(); return $value; } @@ -160,9 +177,9 @@ private function _applyFilter($value) */ private function _checkIp($ip) { - if (function_exists('filter_var')) { - return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) - || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6); + if (__TYPECHO_FILTER_SUPPORTED__) { + return false !== (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) + || filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)); } return preg_match("/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/", $ip) @@ -180,6 +197,17 @@ private function _checkAgent($agent) return preg_match("/^[_a-z0-9- ,:;=#@\.\(\)\/\+\*\?]+$/i", $agent); } + /** + * 初始化变量 + */ + public function __construct() + { + if (false === self::$_httpParams) { + self::$_httpParams = array_filter(array_merge($_POST, $_GET), + array('Typecho_Common', 'checkStrEncoding')); + } + } + /** * 设置过滤器 * @@ -219,9 +247,8 @@ public function __get($key) */ public function __isset($key) { - return isset($_GET[$key]) - || isset($_POST[$key]) - || $this->isSetParam($key); + return isset(self::$_httpParams[$key]) + || isset($this->_params[$key]); } /** @@ -238,11 +265,8 @@ public function get($key, $default = NULL) case isset($this->_params[$key]): $value = $this->_params[$key]; break; - case isset($_GET[$key]): - $value = $_GET[$key]; - break; - case isset($_POST[$key]): - $value = $_POST[$key]; + case isset(self::$_httpParams[$key]): + $value = self::$_httpParams[$key]; break; default: $value = $default; @@ -250,7 +274,7 @@ public function get($key, $default = NULL) } $value = !is_array($value) && strlen($value) > 0 ? $value : $default; - return $this->_filter ? $this->_applyFilter($value) : $value; + return $this->_applyFilter($value); } /** @@ -261,22 +285,11 @@ public function get($key, $default = NULL) */ public function getArray($key) { - $result = array(); - - switch (true) { - case isset($_GET[$key]): - $result = $_GET[$key]; - break; - case isset($_POST[$key]): - $result = $_POST[$key]; - break; - default: - break; - } + $result = isset(self::$_httpParams[$key]) ? self::$_httpParams[$key] : array(); $result = is_array($result) ? $result : (strlen($result) > 0 ? array($result) : array()); - return $this->_filter ? $this->_applyFilter($result) : $result; + return $this->_applyFilter($result); } /** @@ -298,21 +311,6 @@ public function from($params) return $result; } - /** - * 获取指定的http传递参数 - * - * @access public - * @param string $key 指定的参数 - * @param mixed $default 默认的参数 - * @return mixed - */ - public function getParam($key, $default = NULL) - { - $value = isset($this->_params[$key]) ? $this->_params[$key] : $default; - $value = is_array($value) || strlen($value) > 0 ? $value : $default; - return $this->_filter ? $this->_applyFilter($value) : $value; - } - /** * 设置http传递参数 * @@ -323,31 +321,9 @@ public function getParam($key, $default = NULL) */ public function setParam($name, $value) { - $this->_params[$name] = $value; - } - - /** - * 删除参数 - * - * @access public - * @param string $name 指定的参数 - * @return void - */ - public function unSetParam($name) - { - unset($this->_params[$name]); - } - - /** - * 参数是否存在 - * - * @access public - * @param string $key 指定的参数 - * @return boolean - */ - public function isSetParam($key) - { - return isset($this->_params[$key]); + if (Typecho_Common::checkStrEncoding($value)) { + $this->_params[$name] = $value; + } } /** @@ -365,7 +341,8 @@ public function setParams($params) $params = $out; } - $this->_params = array_merge($this->_params, $params); + $this->_params = array_merge($this->_params, + array_filter($params, array('Typecho_Common', 'checkStrEncoding'))); } /** diff --git a/var/Typecho/Response.php b/var/Typecho/Response.php index 540f9391ec..d84ec613b8 100644 --- a/var/Typecho/Response.php +++ b/var/Typecho/Response.php @@ -142,7 +142,7 @@ public function setCharset($charset = null) * 获取字符集 * * @access public - * @return void + * @return string */ public function getCharset() { @@ -258,9 +258,8 @@ public function redirect($location, $isPermanently = false) * 返回来路 * * @access public - * @param string $anchor 附加地址 + * @param string $suffix 附加地址 * @param string $default 默认来路 - * @return void */ public function goBack($suffix = NULL, $default = NULL) { diff --git a/var/Typecho/Widget/Helper/Form/Element/Hidden.php b/var/Typecho/Widget/Helper/Form/Element/Hidden.php index 382d0bb119..c3c921497f 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Hidden.php +++ b/var/Typecho/Widget/Helper/Form/Element/Hidden.php @@ -57,6 +57,6 @@ public function input($name = NULL, array $options = NULL) */ protected function _value($value) { - $this->input->setAttribute('value', $value); + $this->input->setAttribute('value', htmlspecialchars($value)); } } diff --git a/var/Typecho/Widget/Helper/Form/Element/Password.php b/var/Typecho/Widget/Helper/Form/Element/Password.php index 21481b78ec..347a540e66 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Password.php +++ b/var/Typecho/Widget/Helper/Form/Element/Password.php @@ -47,6 +47,6 @@ public function input($name = NULL, array $options = NULL) */ protected function _value($value) { - $this->input->setAttribute('value', $value); + $this->input->setAttribute('value', htmlspecialchars($value)); } } diff --git a/var/Typecho/Widget/Helper/Form/Element/Text.php b/var/Typecho/Widget/Helper/Form/Element/Text.php index 390d3efcb2..78d1939c68 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Text.php +++ b/var/Typecho/Widget/Helper/Form/Element/Text.php @@ -48,6 +48,6 @@ public function input($name = NULL, array $options = NULL) */ protected function _value($value) { - $this->input->setAttribute('value', $value); + $this->input->setAttribute('value', htmlspecialchars($value)); } } diff --git a/var/Typecho/Widget/Helper/Form/Element/Textarea.php b/var/Typecho/Widget/Helper/Form/Element/Textarea.php index b984bdc17d..ec5adacda4 100644 --- a/var/Typecho/Widget/Helper/Form/Element/Textarea.php +++ b/var/Typecho/Widget/Helper/Form/Element/Textarea.php @@ -47,6 +47,6 @@ public function input($name = NULL, array $options = NULL) */ protected function _value($value) { - $this->input->html($value); + $this->input->html(htmlspecialchars($value)); } } diff --git a/var/Widget/Contents/Post/Edit.php b/var/Widget/Contents/Post/Edit.php index b844d42d09..9a337f943f 100644 --- a/var/Widget/Contents/Post/Edit.php +++ b/var/Widget/Contents/Post/Edit.php @@ -92,7 +92,11 @@ protected function getFields() $fields = array(); if (!empty($this->request->fieldNames)) { - $data = $this->request->from('fieldNames', 'fieldTypes', 'fieldValues'); + $data = array( + 'fieldNames' => $this->request->getArray('fieldNames'), + 'fieldTypes' => $this->request->getArray('fieldTypes'), + 'fieldValues' => $this->request->getArray('fieldValues') + ); foreach ($data['fieldNames'] as $key => $val) { if (empty($val)) { continue; @@ -701,8 +705,9 @@ public function setCategories($cid, array $categories, $beforeCount = true, $aft public function writePost() { $contents = $this->request->from('password', 'allowComment', - 'allowPing', 'allowFeed', 'slug', 'category', 'tags', 'text', 'visibility'); + 'allowPing', 'allowFeed', 'slug', 'tags', 'text', 'visibility'); + $contents['category'] = $this->request->getArray('category'); $contents['title'] = $this->request->get('title', _t('未命名文档')); $contents['created'] = $this->getCreated(); diff --git a/var/Widget/Options/Discussion.php b/var/Widget/Options/Discussion.php index 74bdfacc9d..ca330a3457 100644 --- a/var/Widget/Options/Discussion.php +++ b/var/Widget/Options/Discussion.php @@ -183,9 +183,11 @@ public function updateDiscussionSettings() $this->response->goBack(); } - $settings = $this->request->from('commentDateFormat', 'commentsListSize', 'commentsShow', 'commentsPost', 'commentsPageSize', 'commentsPageDisplay', 'commentsAvatar', + $settings = $this->request->from('commentDateFormat', 'commentsListSize', 'commentsPageSize', 'commentsPageDisplay', 'commentsAvatar', 'commentsOrder', 'commentsMaxNestingLevels', 'commentsUrlNofollow', 'commentsPostTimeout', 'commentsUniqueIpInterval', 'commentsWhitelist', 'commentsRequireMail', 'commentsAvatarRating', 'commentsPostTimeout', 'commentsPostInterval', 'commentsRequireModeration', 'commentsRequireURL', 'commentsHTMLTagAllowed', 'commentsStopWords', 'commentsIpBlackList'); + $settings['commentsShow'] = $this->request->getArray('commentsShow'); + $settings['commentsPost'] = $this->request->getArray('commentsPost'); $settings['commentsShowCommentOnly'] = $this->isEnableByCheckbox($settings['commentsShow'], 'commentsShowCommentOnly'); $settings['commentsMarkdown'] = $this->isEnableByCheckbox($settings['commentsShow'], 'commentsMarkdown'); diff --git a/var/Widget/Options/General.php b/var/Widget/Options/General.php index f8e8926969..00709365d9 100644 --- a/var/Widget/Options/General.php +++ b/var/Widget/Options/General.php @@ -148,7 +148,8 @@ public function updateGeneralSettings() $this->response->goBack(); } - $settings = $this->request->from('title', 'siteUrl', 'description', 'keywords', 'allowRegister', 'timezone', 'attachmentTypes'); + $settings = $this->request->from('title', 'siteUrl', 'description', 'keywords', 'allowRegister', 'timezone'); + $settings['attachmentTypes'] = $this->request->getArray('attachmentTypes'); $settings['siteUrl'] = rtrim($settings['siteUrl'], '/'); $attachmentTypes = array(); diff --git a/var/Widget/Users/Edit.php b/var/Widget/Users/Edit.php index a5de7937ce..e2e04d160f 100644 --- a/var/Widget/Users/Edit.php +++ b/var/Widget/Users/Edit.php @@ -78,7 +78,7 @@ public function userExists($uid) ->from('table.users') ->where('uid = ?', $uid)->limit(1)); - return $user ? true : false; + return !empty($user); } /**