function load_xss_record($filename) { if (strpos($filename, "..") === false && strpos($filename, "/") === false && strpos($filename, "\\") === false) { $logFile = dirname(__FILE__) . '/' . DATA_PATH . '/' . $filename . '.php'; if (!file_exists($logFile)) { return false; } $info = @file_get_contents($logFile); if ($info === false) { return false; } if (strncmp($info, '<?php exit();?>', 15) != 0) { return false; } $info = substr($info, 15); $info = decrypt($info); //只会出现在加密密码错误的时候 if (!preg_match('/^[A-Za-z0-9\\x00-\\x80~!@#$%&_+-=:";\'<>,\\/"\\[\\]\\\\^\\.\\|\\?\\*\\+\\(\\)\\{\\}\\s]+$/', $info)) { return false; } $info = json_decode($info, true); //只会出现在加密密码错误的时候 if ($info === false) { return false; } $isChange = false; if (!isset($info['location'])) { $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); $isChange = true; } //只会出现在加密密码错误的时候 if (!isset($info['request_time'])) { return false; } if ($isChange) { save_xss_record(json_encode($info), $filename); } return $info; } else { return false; } }
function xss_record_detail_list() { $list = array(); $files = glob(DATA_PATH . '/*.php'); arsort($files); foreach ($files as $file) { $filename = basename($file, ".php"); if (preg_match(ID_REGEX, $filename)) { $info = load_xss_record($filename); if ($info === false) { continue; } $isChange = false; //如果没有设置location,就查询qqwry.dat判断location if (!isset($info['location'])) { $info['location'] = stripStr(convertip($info['user_IP'], IPDATA_PATH)); $isChange = true; } if ($isChange) { save_xss_record(json_encode($info), $filename); } $list[] = $info; } } return $list; }
$decoded_post_data = tryBase64Decode($_POST); $cookie_data = $_COOKIE; $decoded_cookie_data = tryBase64Decode($_COOKIE); //防xss过滤,对array要同时处理key与value $info['user_IP'] = stripStr($user_IP); $info['user_port'] = stripStr($user_port); $info['protocol'] = stripStr($protocol); $info['request_method'] = stripStr($request_method); $info['request_URI'] = stripStr($request_URI); $info['request_time'] = stripStr($request_time); $info['headers_data'] = stripArr($headers_data); $info['get_data'] = stripArr($get_data); if ($decoded_get_data) { $info['decoded_get_data'] = stripArr($decoded_get_data); } $info['post_data'] = stripArr($post_data); if ($decoded_post_data) { $info['decoded_post_data'] = stripArr($decoded_post_data); } $info['cookie_data'] = stripArr($cookie_data); if ($decoded_cookie_data) { $info['decoded_cookie_data'] = stripArr($decoded_cookie_data); } //判断是否keepsession(判断标准:get或者post或者cookie包含keepsession=1) $info['keepsession'] = isKeepSession($info) ? true : false; save_xss_record(json_encode($info), $request_time); //发送邮件通知 if (MAIL_ENABLE) { require_once "mail.php"; @send_mail($info); }