function sax_stripslashes(&$array) { if (is_array($array)) { foreach ($array as $k => $v) { $array[$k] = sax_stripslashes($v); } } else { if (is_string($array)) { $array = stripslashes($array); } } return $array; }
$onlineip = sax_addslashes($onlineip); @preg_match("/[\\d\\.]{7,15}/", $onlineip, $onlineipmatches); $onlineip = $onlineipmatches[0] ? $onlineipmatches[0] : 'unknown'; unset($onlineipmatches); // 允许程序在 register_globals = off 的环境下工作 $onoff = function_exists('ini_get') ? ini_get('register_globals') : get_cfg_var('register_globals'); if ($onoff != 1) { @extract($_POST, EXTR_SKIP); @extract($_GET, EXTR_SKIP); @extract($_COOKIE, EXTR_SKIP); } // 判断 magic_quotes_gpc 状态 if (@get_magic_quotes_gpc()) { $_GET = sax_stripslashes($_GET); $_POST = sax_stripslashes($_POST); $_COOKIE = sax_stripslashes($_COOKIE); } // 调试函数 function pr($a) { echo '<pre>'; print_r($a); echo '</pre>'; } function cpmsg($message, $url = 'javascript:history.go(-1);') { $message = "<meta HTTP-EQUIV=\"REFRESH\" content=\"2;URL={$url}\" /><p>{$message}</p>"; if ($url) { $message .= "<p><a href=\"{$url}\">跳转</a></p>"; } echo $message;
<?php if (!defined('SABLOG_ROOT') || !isset($php_self) || !preg_match("/[\\/\\\\]cp\\.php\$/", $php_self)) { exit('Access Denied'); } permission(array(1, 2)); if ($_POST['action'] == 'autosave') { if ($_POST['title'] || $_POST['description'] || $_POST['content']) { autosave_recache($_POST['title'], $_POST['description'], $_POST['content']); } } if ($_GET['action'] == 'switchtodraft') { if (@(include_once SABLOG_ROOT . 'data/cache/cache_autosave.php')) { $autosavedb = sax_stripslashes($autosavedb); $title = $autosavedb[$sax_uid]['title']; $description = $autosavedb[$sax_uid]['description']; $content = $autosavedb[$sax_uid]['content']; $content = str_replace(array("\r", "\n"), '', $content); $description = str_replace(array("\r", "\n"), '', $description); ?> var timestamp = '<?php echo sadate('m月d日,H:i:s'); ?> '; $('#title').val('<?php echo $title; ?> '); oEditor.html('<?php echo $content; ?>
function transhash($url, $tag = '') { global $sax_hash; $tag = sax_stripslashes($tag); if (!$tag || !preg_match("/^(http:\\/\\/|mailto:|#|javascript)/i", $url) && !strpos($url, 'sax_hash=')) { if ($pos = strpos($url, '#')) { $urlret = substr($url, $pos); $url = substr($url, 0, $pos); } else { $urlret = ''; } $url .= (strpos($url, '?') ? '&' : '?') . 'sax_hash=' . $sax_hash . $urlret; } return $tag . $url; }
$DB->query("REPLACE INTO {$db_prefix}settings VALUES ('templatename', '" . sax_addslashes($name) . "')"); settings_recache(); $location = getlink('template', 'template', array('message' => 3, 'name' => $name)); $options['templatename'] = $name; } else { $location = getlink('template', 'template', array('message' => 4, 'name' => $name)); } header("Location: {$location}"); exit; } //保存文件 if ($action == 'savefile' && $tpledit) { $ext = in_array($ext, array('php', 'css')) ? $ext : 'php'; $filepath = SABLOG_ROOT . $template_dir . $path . '/' . $file . '.' . $ext; if (file_exists($filepath)) { $content = sax_stripslashes(trim($_POST['content'])); writefile($filepath, $content); $location = getlink('template', 'filelist', array('message' => 5, 'name' => $desc[$file])); } else { $location = getlink('template', 'filelist', array('message' => 6, 'name' => $desc[$file])); } header("Location: {$location}"); exit; } //设置状态 if ($action == 'visible') { if ($stylevar['visible']) { $visible = 0; $state = '禁用'; $location = getlink('template', 'stylevar', array('message' => 7, 'stylevarid' => $stylevarid)); } else {