/** * 模板隐藏安全检测 只是匹配一些敏感函数 */ function m__safe_check() { global $page, $words; $template = $_GET['file']; $dir = dirname(__FILE__) . '/../templates/' . $template; $files = get_file_list($dir); $saferes = ''; // 遍历所有模板页 foreach ($files as $f) { $filecont = strtolower(helper::get_contents($dir . "/" . $f['name'])); /** * 判断模板文件中是否有敏感变量或方法名 */ foreach ($words as $sa) { if (preg_match('~(<\\?|<%)[\\w\\W]*?' . strtolower($sa) . '[\\w\\W]*?(%|\\?>)~', $filecont)) { $saferes .= '模板文件 ' . $f['name'] . " 代码中有敏感字符 " . $sa . ",可能存在安全隐患\\r\\n"; } } if (!empty($saferes)) { die('{"code":"100","msg":"' . $saferes . '请仔细检查模板中存在该字符的代码,本提示不保证绝对准确!"}'); } if (is_file($f['name'])) { /** * 判断是否包含其他文件 */ if (preg_match_all('~(require_once|include_once|require|include)(.*?)(;|\\?>)~', $filecont, $arr)) { $arrs = $arr[2]; foreach ($arrs as $fileurl) { $count1 = substr_count($fileurl, '"'); $count2 = substr_count($fileurl, "'"); if ($count1 > 2 || $count2 > 2) { die('{"code":"100","msg":"模板 ' . $f['name'] . ' 的包含了其他目录的文件 ' . $fileurl . ',可能存在安全隐患"}'); } if (count(explode('/', $fileurl)) > 1) { die('{"code":"100","msg":"模板 ' . $f['name'] . ' 的包含了其他目录的文件 ' . $fileurl . ',可能存在安全隐患"}'); } } } /** * 判断是否又实例化对象(模板是不需要实例化任何东西的) */ if (preg_match('~<\\?[\\w\\W]*?new [\\w\\W]*?\\?>~', $filecont)) { die('{"code":"100","msg":"模板文件 ' . $f['name'] . ' 实例化了一个对象,可能存在安全隐患"}'); } } // echo $f['name'].'<br>'; } die('{"code":"0","msg":"我们不保证文件绝对安全"}'); }
/** * 根据百度搜索结果自动提取关键词 * @param $title 要提取关键词的标题 * @param $filter_words1 精准过滤词数组 array('过滤词1','过滤词2') * @param $filetr_words2 模糊过滤词数组 array('过滤词1','过滤词2') */ public static function get_tags_baidu($title, $filter_words1 = array(), $filter_words2 = array()) { if (strlen($title) <= 4) { die('{"code":1,"msg":"","data":["' . $title . '"]}'); } $ret = helper::get_contents('http://www.baidu.com/s?wd=' . urlencode($title)); preg_match_all('~<em>(.*?)</em>~', $ret, $keys); //过滤字符 for ($i = 0; $i < count($keys[1]); $i++) { $keys[1][$i] = preg_replace('~"|\'|“|”|【|】|\\(|\\)|(|)|:|:|\\-|—~', '', $keys[1][$i]); } //去重并过滤 $nkeys = array(); foreach ($keys[1] as $a) { //去重 $is_key = 0; for ($b = 0; $b < count($nkeys); $b++) { if ($a == $nkeys[$b]['k']) { $is_key = 1; $nkeys[$b]['t'] = 1 + $nkeys[$b]['t']; break; } } //过滤 $is_k1 = 0; foreach ($filter_words1 as $b) { if ($b == $a) { $is_k1 = 1; break; } } $is_k2 = 0; foreach ($filter_words2 as $b) { if (strstr($a, $b)) { $is_k2 = 1; break; } } if ($is_key == 0 && $is_k1 == 0 && $is_k2 == 0) { array_push($nkeys, array('k' => $a, 't' => 1, 'l' => strlen($a))); } } //过滤字符长度 $tags = array(); for ($i = 0; $i < count($nkeys); $i++) { if (strlen($nkeys[$i]['k']) >= 9 && strlen($nkeys[$i]['k']) <= 18) { array_push($tags, $nkeys[$i]); } } //排序 $tags = helper::array_sort($tags, 'l'); //print_r($info_tags); $ntags = array(); //重做数组 foreach ($tags as $a) { array_push($ntags, $a); } return $ntags; }
public function get_geo($addr) { $ret = helper::get_contents('http://api.map.baidu.com/geocoder/v2/?address=' . $addr . '&output=json&ak=9f2feaa6d4a8a3eaae63d3b6d212fd13&callback='); $json = json_decode($ret, 1); $arr = array('status' => '1'); if ($json['status'] == '0') { $arr['status'] = $json['status']; if (isset($json['result']['location'])) { $arr['longitude'] = $json['result']['location']['lng']; $arr['latitude'] = $json['result']['location']['lat']; } else { $arr['status'] = '2'; } } return $arr; }
function m__del() { global $page, $dbm; check_level("E0202"); $_POST = helper::sqlxss($_POST); // 直接传过来的删除动作 if (isset($_POST['flink_id'])) { //单个删除值传递 $_POST['params'] = array($_POST['flink_id']); } //循环删除数据 foreach ($_POST['params'] as $id) { $id = intval($id); $where = " flink_id = '" . $id . "'"; $sql = "select * from " . TB_PREFIX . "flink where flink_id=" . $id; $rs = $dbm->query($sql); if ($rs['error'] == '' && $rs['list'] == '') { continue; } elseif ($rs['list'][0]['flink_type'] == 1) { //是云链接 告知服务器此链接已被删除 $path = AUTH_URL; $last_char = substr($path, -1); if ($last_char == '/') { $path = substr($path, 0, -1); } $url = $path . '/api/yunflink.php?m=del_url&auth_code=' . AUTH_CODE . '&flink_url=' . $rs['list'][0]['flink_url']; $data = helper::get_contents($url); } $dbm->single_del(TB_PREFIX . "flink", $where); } logs("成功删除了友情链接"); die('{"code":"0","msg":"删除成功"}'); }