Example #1
0
function TestOneFile($f)
{
    global $message, $info;
    $str = '';
    //排除safefile和data/tplcache目录
    if (NotCheckFile($f) || preg_match("#data/tplcache|.svn#", $f)) {
        return -1;
    }
    $fp = fopen($f, 'r');
    while (!feof($fp)) {
        $str .= fgets($fp, 1024);
    }
    fclose($fp);
    if (preg_match("#(" . $info . ")[ \r\n\t]{0,}([\\[\\(])#i", $str)) {
        $trfile = preg_replace("#^" . DEDEROOT . "#", '', $f);
        $message .= "<div style='clear:both;border-bottom:1px dotted #B8E6A2;line-height:24px'>\r\n        <div style='width:350px;float:left'>可疑文件:{$trfile}</div>\r\n        <div style='float:left'>[<a href='file_manage_view.php?fmdo=del&filename={$trfile}&activepath=' target='_blank'><u>删除</u></a>]\r\n        [<a href='file_manage_view.php?fmdo=edit&filename={$trfile}&activepath=' target='_blank'><u>查看源码</u></a>]\r\n        </div></div>\r\n";
        return 1;
    }
    return 0;
}
Example #2
0
function TestOneFile($f)
{
    global $message;
    $str = '';
    //排除safefile和data/tplcache目录
    if (NotCheckFile($f) || ereg('data/tplcache', $f)) {
        return -1;
    }
    $fp = fopen($f, 'r');
    while (!feof($fp)) {
        $str .= fgets($fp, 1024);
    }
    fclose($fp);
    if (eregi("(eval|cmd|_GET|_POST)[ \r\n\t]{0,}([\\[\\(])", $str)) {
        $trfile = ereg_replace('^' . DEDEROOT, '', $f);
        $message .= "<div style='clear:both;border-bottom:1px dotted #B8E6A2;line-height:24px'>\r\n\t\t<div style='width:350px;float:left'>可疑文件:{$trfile}</div>\r\n\t\t<div style='float:left'>[<a href='file_manage_view.php?fmdo=del&filename={$trfile}&activepath=' target='_blank'><u>删除</u></a>]\r\n\t\t[<a href='file_manage_view.php?fmdo=edit&filename={$trfile}&activepath=' target='_blank'><u>查看源码</u></a>]\r\n\t\t</div></div>\r\n";
        return 1;
    }
    return 0;
}