Beispiel #1
0
<?php

/*
 * 5. Функция, принимающая в качестве аргумента
 * массив чисел вида: 1, 22, 5, 66, 3, 57
 * и возвращает массив по возрастанию: 1, 3, 5, 22, 57, 66
 */
$my_arr = array(1, 22, 5, 66, 3, 57);
function my_func($my_arr)
{
    $new_array = $my_arr;
    $arr_len = count($new_array);
    for ($i = 0; $i < $arr_len; $i++) {
        for ($j = $i + 1; $j < $arr_len; $j++) {
            if ($new_array[$i] > $new_array[$j]) {
                $temp = $new_array[$j];
                $new_array[$j] = $new_array[$i];
                $new_array[$i] = $temp;
            }
        }
    }
    foreach ($new_array as $my_val) {
        echo $my_val . ", ";
    }
}
my_func($my_arr);
{
    printf("%d%d", $var, $var);
}
my_func_without_ret($my_func_without_ret_var);
// WARN LINE 62
my_func_without_ret($_GET['my_func_without_ret_spec_var']);
// ALERT LINE 62
my_func_without_ret(htmlspecialchars($_GET['my_func_without_ret_spec_var']));
// NONE
function my_func_with_ret($var)
{
    return $var;
}
$my_func_with_ret_var = "my_func_with_ret_var";
echo my_func_with_ret($my_func_with_ret_var);
// WARN LINE 72
my_func($_GET['my_func_spec_var']);
// ALERT INCLUDE_FILE LINE 7 & 8
$my_func_spec_var = $_GET['my_func_spec_var'];
my_func($_GET['my_func_spec_var']);
// ALERT INCLUDE_FILE LINE 7 & 8
my_func(addslashes($_GET['my_func_spec_var']));
// WARN INCLUDE_FILE LINE 8
my_func($my_func_spec_var);
// WARN INCLUDE_FILE LINE 7 & 8
$my_static_func_spec_var = $_GET['my_static_func_spec_var'];
my_class::my_static_func($my_static_func_spec_var);
// ALERT INCLUDE_FILE LINE 16 & 17 & 18
$my_class_instance = new my_class();
$my_class_instance->my_func();
// WARN INCLUDE_FILE LINE 22 & 23 & 24
<?php

function my_func($b)
{
    return $b - 2;
}
$a = my_func($b);
$ret = put_string($a);
<?php

$a = my_func(354);
function his_func($a)
{
    return 0;
}
$x = his_func(23);
> 
					<input name="envnameb" type="submit" value="查看" class="style1">
				</td>
			</form>
			</tr>
			<?php 
                            if (isset($envname) && !empty($envname)) {
                                $envname = explode(",", $envname);
                                $i = 0;
                                while ($envname[$i]) {
                                    echo "<tr bgcolor=\"#CCCCCC\"><td colspan=\"2\">查询[{$envname[$i]}]如下:</td></tr>";
                                    echo "<tr bgcolor=\"#EEEEEE\"><td>Get_cfg_var方式</td><td>" . my_func($envname[$i], 1) . "</td></tr>";
                                    echo "<tr bgcolor=\"#EEEEEE\"><td>function_exists方式</td><td>" . my_func($envname[$i], 2) . "</td></tr>";
                                    echo "<tr bgcolor=\"#EEEEEE\"><td>Get_magic_quotes_gpc方式</td><td>" . my_func($envname[$i], 3) . "</td></tr>";
                                    echo "<tr bgcolor=\"#EEEEEE\"><td>Get_magic_quotes_runtime方式</td><td>" . my_func($envname[$i], 4) . "</td></tr>";
                                    echo "<tr bgcolor=\"#EEEEEE\"><td>Getenv方式</td><td>" . my_func($envname[$i], 5) . "</td></tr>";
                                    $i++;
                                }
                            }
                            ?>
		</table><br>
	</td>
	</tr>
	</table>
<?php 
                        } else {
                            echo "错误的提交参数</td></tr><tr><td align=\"center\" bgcolor=\"#EEEEEE\"><br><a href=\"?action=dir&dir=" . urlencode($dir) . "\">点此返回文件浏览页面</a><p></td></tr></table>";
                        }
                    }
                }
            }