$s_count = count($self_array); for ($i = 0; $i < $s_count - 1; $i++) { $_key = $self_array[$i]; $_value = rawurldecode($self_array[++$i]); $_NGET[$_key] = addslashes($_value); } !empty($_NGET) && ($_GET = $_NGET); unset($_NGET); } foreach ($_POST as $_key => $_value) { if (!in_array($_key, array('atc_content', 'atc_title', 'prosign', 'pwuser', 'pwpwd'))) { CheckVar($_POST[$_key]); } } foreach ($_GET as $_key => $_value) { CheckVar($_GET[$_key]); } $db_debug && error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED); list($wind_version, $wind_repair, $wind_from) = explode(',', WIND_VERSION); $db_olsize = 96; /* if (in_array(SCR,array('index','cate','mode'))) { $defaultMode = empty($db_mode) ? 'bbs' : $db_mode; $M_domain = $pwServer['HTTP_HOST']; ($m = GetGP('m')) || ($db_modedomain && $m = array_search($M_domain,$db_modedomain)); if ($m == 'bbs') { $db_mode = ''; } elseif ($db_modes && isset($db_modes[$m]) && is_array($db_modes[$m]) && $db_modes[$m]['ifopen']) { $db_mode = $m; }
$REQUEST_URI = trim($REQUEST_URI, '?#'); ObHeader($REQUEST_URI); } $admin_gid = $rightset['gid']; if ($db_ifsafecv && strpos($db_safegroup, ",{$admin_gid},") !== false && !$CK[3]) { Cookie('AdminUser', '', 0); adminmsg('safecv_prompt'); } include_once D_P . 'data/bbscache/level.php'; !defined('If_manager') && define('If_manager', 0); if (!If_manager) { Iplimit(); $temp_a = array_merge($_POST, $_GET); foreach ($temp_a as $key => $value) { if ($key != 'module') { CheckVar($value); } } unset($temp_a); $admin_level = $ltitle[$admin_gid]; } else { $admin_level = getLangInfo('other', 'admin_level'); //'manager'; } $_postdata = $_POST ? PostLog($_POST) : ''; $new_record = '|' . str_replace('|', '|', Char_cv($admin_name)) . '||' . str_replace('|', '|', Char_cv($REQUEST_URI)) . "|{$onlineip}|{$timestamp}|{$_postdata}|\n"; writeover($bbsrecordfile, $new_record, "ab"); if ($pwServer['REQUEST_METHOD'] == 'POST') { $referer_a = @parse_url($pwServer['HTTP_REFERER']); if ($referer_a['host']) { list($http_host) = explode(':', $pwServer['HTTP_HOST']);
function CheckVar(&$var) { if (is_array($var)) { foreach ($var as $key => $value) { CheckVar($var[$key]); } } elseif (P_W != 'admincp') { $var = str_replace(array('..', ')', '<', '='), array('..', ')', '<', '='), $var); } elseif (str_replace(array('<iframe', '<meta', '<script'), '', $var) != $var) { global $basename; $basename = 'javascript:history.go(-1);'; adminmsg('word_error'); } }