Beispiel #1
0
/**
* 模板隐藏安全检测
只是匹配一些敏感函数
*/
function m__safe_check()
{
    global $page, $words;
    $template = $_GET['file'];
    $dir = dirname(__FILE__) . '/../templates/' . $template;
    $files = get_file_list($dir);
    $saferes = '';
    // 遍历所有模板页
    foreach ($files as $f) {
        $filecont = strtolower(helper::get_contents($dir . "/" . $f['name']));
        /**
         * 判断模板文件中是否有敏感变量或方法名
         */
        foreach ($words as $sa) {
            if (preg_match('~(<\\?|<%)[\\w\\W]*?' . strtolower($sa) . '[\\w\\W]*?(%|\\?>)~', $filecont)) {
                $saferes .= '模板文件 ' . $f['name'] . " 代码中有敏感字符 " . $sa . ",可能存在安全隐患\\r\\n";
            }
        }
        if (!empty($saferes)) {
            die('{"code":"100","msg":"' . $saferes . '请仔细检查模板中存在该字符的代码,本提示不保证绝对准确!"}');
        }
        if (is_file($f['name'])) {
            /**
             * 判断是否包含其他文件
             */
            if (preg_match_all('~(require_once|include_once|require|include)(.*?)(;|\\?>)~', $filecont, $arr)) {
                $arrs = $arr[2];
                foreach ($arrs as $fileurl) {
                    $count1 = substr_count($fileurl, '"');
                    $count2 = substr_count($fileurl, "'");
                    if ($count1 > 2 || $count2 > 2) {
                        die('{"code":"100","msg":"模板 ' . $f['name'] . ' 的包含了其他目录的文件 ' . $fileurl . ',可能存在安全隐患"}');
                    }
                    if (count(explode('/', $fileurl)) > 1) {
                        die('{"code":"100","msg":"模板 ' . $f['name'] . ' 的包含了其他目录的文件 ' . $fileurl . ',可能存在安全隐患"}');
                    }
                }
            }
            /**
             * 判断是否又实例化对象(模板是不需要实例化任何东西的)
             */
            if (preg_match('~<\\?[\\w\\W]*?new [\\w\\W]*?\\?>~', $filecont)) {
                die('{"code":"100","msg":"模板文件 ' . $f['name'] . ' 实例化了一个对象,可能存在安全隐患"}');
            }
        }
        // echo $f['name'].'<br>';
    }
    die('{"code":"0","msg":"我们不保证文件绝对安全"}');
}
Beispiel #2
0
 /**
  * 根据百度搜索结果自动提取关键词
  * @param $title 要提取关键词的标题
  * @param $filter_words1 精准过滤词数组 array('过滤词1','过滤词2')
  * @param $filetr_words2 模糊过滤词数组 array('过滤词1','过滤词2')
  */
 public static function get_tags_baidu($title, $filter_words1 = array(), $filter_words2 = array())
 {
     if (strlen($title) <= 4) {
         die('{"code":1,"msg":"","data":["' . $title . '"]}');
     }
     $ret = helper::get_contents('http://www.baidu.com/s?wd=' . urlencode($title));
     preg_match_all('~<em>(.*?)</em>~', $ret, $keys);
     //过滤字符
     for ($i = 0; $i < count($keys[1]); $i++) {
         $keys[1][$i] = preg_replace('~"|\'|“|”|【|】|\\(|\\)|(|)|:|:|\\-|—~', '', $keys[1][$i]);
     }
     //去重并过滤
     $nkeys = array();
     foreach ($keys[1] as $a) {
         //去重
         $is_key = 0;
         for ($b = 0; $b < count($nkeys); $b++) {
             if ($a == $nkeys[$b]['k']) {
                 $is_key = 1;
                 $nkeys[$b]['t'] = 1 + $nkeys[$b]['t'];
                 break;
             }
         }
         //过滤
         $is_k1 = 0;
         foreach ($filter_words1 as $b) {
             if ($b == $a) {
                 $is_k1 = 1;
                 break;
             }
         }
         $is_k2 = 0;
         foreach ($filter_words2 as $b) {
             if (strstr($a, $b)) {
                 $is_k2 = 1;
                 break;
             }
         }
         if ($is_key == 0 && $is_k1 == 0 && $is_k2 == 0) {
             array_push($nkeys, array('k' => $a, 't' => 1, 'l' => strlen($a)));
         }
     }
     //过滤字符长度
     $tags = array();
     for ($i = 0; $i < count($nkeys); $i++) {
         if (strlen($nkeys[$i]['k']) >= 9 && strlen($nkeys[$i]['k']) <= 18) {
             array_push($tags, $nkeys[$i]);
         }
     }
     //排序
     $tags = helper::array_sort($tags, 'l');
     //print_r($info_tags);
     $ntags = array();
     //重做数组
     foreach ($tags as $a) {
         array_push($ntags, $a);
     }
     return $ntags;
 }
Beispiel #3
0
 public function get_geo($addr)
 {
     $ret = helper::get_contents('http://api.map.baidu.com/geocoder/v2/?address=' . $addr . '&output=json&ak=9f2feaa6d4a8a3eaae63d3b6d212fd13&callback=');
     $json = json_decode($ret, 1);
     $arr = array('status' => '1');
     if ($json['status'] == '0') {
         $arr['status'] = $json['status'];
         if (isset($json['result']['location'])) {
             $arr['longitude'] = $json['result']['location']['lng'];
             $arr['latitude'] = $json['result']['location']['lat'];
         } else {
             $arr['status'] = '2';
         }
     }
     return $arr;
 }
Beispiel #4
0
function m__del()
{
    global $page, $dbm;
    check_level("E0202");
    $_POST = helper::sqlxss($_POST);
    // 直接传过来的删除动作
    if (isset($_POST['flink_id'])) {
        //单个删除值传递
        $_POST['params'] = array($_POST['flink_id']);
    }
    //循环删除数据
    foreach ($_POST['params'] as $id) {
        $id = intval($id);
        $where = " flink_id = '" . $id . "'";
        $sql = "select * from " . TB_PREFIX . "flink where flink_id=" . $id;
        $rs = $dbm->query($sql);
        if ($rs['error'] == '' && $rs['list'] == '') {
            continue;
        } elseif ($rs['list'][0]['flink_type'] == 1) {
            //是云链接 告知服务器此链接已被删除
            $path = AUTH_URL;
            $last_char = substr($path, -1);
            if ($last_char == '/') {
                $path = substr($path, 0, -1);
            }
            $url = $path . '/api/yunflink.php?m=del_url&auth_code=' . AUTH_CODE . '&flink_url=' . $rs['list'][0]['flink_url'];
            $data = helper::get_contents($url);
        }
        $dbm->single_del(TB_PREFIX . "flink", $where);
    }
    logs("成功删除了友情链接");
    die('{"code":"0","msg":"删除成功"}');
}