function _addslashes($arr) { foreach($arr as $k=>$v) { if(is_string($v)) { $arr[$k] = addslashes($v); } else if(is_array($v)) { // 再加判断,如果是数组,调用自身,再转 $arr[$k] = _addslashes($v); } } return $arr; }
function _addslashes($arr){ foreach($arr as $key=>$value){ if(is_string($value)){ $arr[$key] = addslashes($arr[$key]); }else if(is_array($value)){ $arr[$key] = _addslashes($value); } return $arr; } }
/** * 递归转义数组 * @param array $arr * @return array */ function _addslashes($arr) { foreach ($arr as $key => $v) { if (is_string($v)) { $arr[$key] = addslashes($v); } elseif (is_array($v)) { //先写一个一维的转义函数再加一个递归 $arr[$key] = _addslashes($v); } } return $arr; }
function _addslashes($arr) { foreach ($arr as $index => $element) { if (is_string($element)) { $arr[$index] = addslashes($element); } else { if (is_array($element)) { $arr[$index] = _addslashes($element); } } } return $arr; }
function _addslashes($value) { $magic_quotes_gpc = get_magic_quotes_gpc(); if (is_array($value)) { foreach ($value as $k => $v) { $value[$k] = _addslashes($v); } return $value; } if ($magic_quotes_gpc) { return $value; } return addslashes($value); }
/** * [_addslashes 自动转义] * @param [array] $arr [要转义的数组] * @return [array] [返回转义后的数组] */ function _addslashes($arr) { foreach ($arr as $k => $v) { //如果不是数组直接转义 if (is_string($v)) { $arr[$k] = addslashes($v); } //如果是数组则递归转义 if (is_array($v)) { $arr[$k] = _addslashes($v); } } //原样输出 return $arr; }
function _addslashes($arr) { foreach ($arr as $key => $value) { if (is_string($value)) { //数组元素是一个字符串 直接转义即可 $arr[$key] = addslashes($value); } else { if (is_array($value)) { //数组元素是数组 递归转义 $arr[$key] = _addslashes($value); } else { //数组元素存在其他元素 属于错误情况 return NULL; } } } return $arr; }
/** * 二维数组 转换为 seage */ function _implode(array $pieces) { //[_implode] $str = null; foreach ($pieces as $k => $v) { if (is_array($v)) { foreach ($v as $vv) { $str .= $k . ':' . _addslashes($vv) . ';'; } } elseif (false !== stripos($v, ',')) { $str .= "{$k}:" . str_replace(',', ";{$k}:", $v) . ';'; } else { $str .= $k . ':' . _addslashes($v) . ';'; } } return $str; }
@session_start(); if (isset($_REQUEST['GLOBALS'])) { exit('Request tainting attempted.'); } //程序目录(有/) define('WEB_ROOT', str_replace(array('\\', '//'), array('/', '/'), dirname(__FILE__) . DIRECTORY_SEPARATOR)); //网站URL(无/) define('WEB_URL', 'http://' . $_SERVER['HTTP_HOST'] . ($_SERVER['SERVER_PORT'] == 80 ? '' : ':' . $_SERVER['SERVER_PORT']) . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/'))); //当前文件名(无后缀) define('FILE', basename($_SERVER['PHP_SELF'], '.php')); //包含基本文件,设置包含路径 include WEB_ROOT . 'config.inc.php'; set_include_path(get_include_path() . PATH_SEPARATOR . WEB_ROOT . 'include'); include 'common.func.php'; //数据库连接 include 'Mysql.class.php'; $db = new Mysql($db_config); //memcache支持 //$MC = new Memcache(); //$MC->connect($MC_config['MC_HOST'],$MC_config['MC_PORT']) or die('can not connect Memcache'); //时间 $mtime = explode(' ', microtime()); define('TIMESTAMP', $mtime[0]); define('MICROTIME', (double) $mtime[0] + (double) $mtime[1]); //GPC过滤 define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc()); if (!MAGIC_QUOTES_GPC) { foreach (array($_GET, $_POST, $_REQUEST, $_COOKIE) as $v) { $v = _addslashes($v); } }
$tlbrset = $_POST['tlbrset']; $resultString = ""; $_string = ''; foreach ($tlbrset as $tlbrname => $tlbr) { $resultString .= $tlbrname . ":"; $resultString .= $tlbr['show'] . ","; $resultString .= $tlbr['docked'] . ","; $resultString .= "["; foreach ($tlbr['position'] as $tlbrpos) { $resultString .= (substr($tlbrpos, -2) == "px" ? substr($tlbrpos, 0, -2) : $tlbrpos) . ";"; } $resultString .= "]"; $resultString .= "||"; } $resultString = substr($resultString, 0, -2); CUserOptions::SetOption("fileman", "toolbar_settings_" . $edname, _addslashes($resultString)); } if (isset($_REQUEST['tooltips']) && $target == 'tooltips') { CUserOptions::SetOption("fileman", "show_tooltips" . $edname, $_REQUEST['tooltips'] == "N" ? "N" : "Y"); } if (isset($_REQUEST['visual_effects']) && $target == "visual_effects") { CUserOptions::SetOption("fileman", "visual_effects" . $edname, $_REQUEST['visual_effects'] == "N" ? "N" : "Y"); } if (isset($_REQUEST['render_components']) && $target == 'render_components') { CUserOptions::SetOption("fileman", "render_components", $_REQUEST['render_components'] == "Y"); } if ($target == 'taskbars') { // Taskbars if (isset($_POST['tskbrset'])) { $taskbars = $_POST['tskbrset']; $res = array();
function _addslashes($string, $force = 0) { !defined('MAGIC_QUOTES_GPC') && define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc()); if (!MAGIC_QUOTES_GPC || $force) { if (is_array($string)) { foreach ($string as $key => $val) { $string[$key] = _addslashes($val, $force); } } else { $string = addslashes($string); } } return $string; }
function Finput($type = 'request', $field = null, $default = null, $time = null) { switch ($type) { //_REQUEST数据 case 'request': //GET方式请求 if ($_SERVER['REQUEST_METHOD'] == 'GET') { //方式 $urlencode = config('URL_ENCODE') ? config('URL_ENCODE') : false; if ($urlencode) { //GET方式判断是否URL编码 foreach ($_REQUEST as $key => $val) { //解码url参数 $_REQUEST[$key] = urldecode($val); } } } if (!empty($field)) { @($data = $_REQUEST[$field] ? $_REQUEST[$field] : $default); } else { @($data = $_REQUEST); } break; //_POST数据 //_POST数据 case 'post': if (!empty($field)) { @($data = $_POST[$field] ? $_POST[$field] : $default); } else { @($data = $_POST); } break; //_GET数据 //_GET数据 case 'get': //GET方式请求 $urlencode = config('URL_ENCODE') ? config('URL_ENCODE') : false; if ($urlencode) { //GET方式判断是否URL编码 foreach ($_GET as $key => $val) { //解码url参数 $_GET[$key] = urldecode($val); } } if (!empty($field)) { @($data = $_GET[$field] ? $_GET[$field] : $default); } else { @($data = $_GET); } break; //_PUT数据 //_PUT数据 case 'put': if (!empty($field)) { @($data = $_PUT[$field] ? $_PUT[$field] : $default); } else { @($data = $_PUT); } break; //COOKIE数据 //COOKIE数据 case 'cookie': if (!empty($field)) { @($data = $_COOKIE[$field] ? $_COOKIE[$field] : set_cookies($field, $default, $time)); } else { @($data = $_COOKIE); } break; //SESSION数据 //SESSION数据 case 'session': @session_start(); if (!empty($field)) { @($data = $_SESSION[$field] ? $_SESSION[$field] : $default); } else { @($data = $_SESSION); } break; //SERVER数据 //SERVER数据 case 'server': if (!empty($field)) { @($data = $_SERVER[$field] ? $_SERVER[$field] : $default); } else { @($data = $_SERVER); } break; } //递归转义数据 return _addslashes($data); }
/* $Id$ */ /* vim: set tabstop=4 shiftwidth=4 expandtab: */ // Matthew Gregg // <greggmc at musc.edu> require_once "./phpESP.first.php"; $_name = ''; $_title = ''; $_css = ''; $sid = ''; if (isset($_GET['name'])) { $_name = _addslashes($_GET['name']); unset($_GET['name']); $_SERVER['QUERY_STRING'] = preg_replace('/(^|&)name=[^&]*&?/', '', $_SERVER['QUERY_STRING']); } if (isset($_POST['name'])) { $_name = _addslashes($_POST['name']); unset($_POST['name']); } if (!empty($_name)) { $_sql = "SELECT id,title,theme FROM " . $GLOBALS['ESPCONFIG']['survey_table'] . " WHERE name = {$_name}"; if ($_result = execute_sql($_sql)) { if (record_count($_result) > 0) { list($sid, $_title, $_css) = fetch_row($_result); } db_close($_result); } unset($_sql); unset($_result); } // To make all results public uncomment the next line. //$results = 1;
if ($_POST['password'] != "") { $_SESSION['raw_password'] = $_POST['password']; } } if (isset($_SESSION['username'])) { $username = $_SESSION['username']; } else { $username = ""; } if (isset($_SESSION['raw_password'])) { $raw_password = $_SESSION['raw_password']; } else { $raw_password = ""; } } $password = _addslashes($raw_password); if (!manage_auth($username, $password, $raw_password)) { exit; } } else { $_SESSION['acl'] = array('username' => 'none', 'pdesign' => array('none'), 'pdata' => array('none'), 'pstatus' => array('none'), 'pall' => array('none'), 'pgroup' => array('none'), 'puser' => array('none'), 'superuser' => 'Y', 'disabled' => 'N'); } if (empty($where) && isset($_REQUEST['where'])) { $where = $_REQUEST['where']; } if ($where == 'download') { include esp_where($where); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
} if (isset($_SESSION['espuser'])) { $espuser = $_SESSION['espuser']; } else { $espuser = ""; } if (isset($_REQUEST['password']) && $_REQUEST['password'] != "") { $_SESSION['esppass'] = $_REQUEST['password']; } if (isset($_SESSION['esppass'])) { $esppass = $_SESSION['esppass']; } else { $esppass = ""; } } if (!survey_auth($sid, $espuser, _addslashes($esppass), $esppass, $_css, $_title)) { return; } if (auth_get_option('resume')) { $_SESSION['rid'] = auth_get_rid($sid, $espuser, $request_rid); if (!empty($_SESSION['rid']) && (!isset($_SESSION['sec']) || empty($_SESSION['sec']) || intval($_SESSION['sec']) < 1)) { $section_to_return_to = response_select_max_sec($sid, $_SESSION['rid']); // we let people return to previously filled in sections // if defined in the URL request if (isset($_GET['sec']) && intval($_GET['sec']) > 0 && $_GET['sec'] <= $section_to_return_to) { $_SESSION['sec'] = intval($_GET['sec']); } else { $_SESSION['sec'] = $section_to_return_to; } } }
*/ //初始化当前的绝对路径 defined("ACC") || exit("ACC Denied"); define('ROOT', str_replace('\\', '/', dirname(__DIR__)) . '/'); define('DEBUG', true); require ROOT . 'include/lib_base.php'; //自动加载类文件 function __autoload($class) { if (strtolower(substr($class, -5)) == 'model') { require ROOT . 'Model/' . $class . '.class.php'; } else { if (strtolower(substr($class, -4)) == 'tool') { require ROOT . 'tool/' . $class . '.class.php'; } else { require ROOT . 'include/' . $class . '.class.php'; } } } //过滤参数,用递归的方式过滤$_GET,$_POST,$_COOKIE,暂时不会 $_GET = _addslashes($_GET); $_POST = _addslashes($_POST); $_COOKIE = _addslashes($_COOKIE); //开启session session_start(); //设置报错级别 if (defined('DEBUG')) { error_reporting(E_ALL); } else { error_reporting(0); }
} /* prepare sql statement */ $sqlf = array(); $sqlv = array(); foreach ($fields as $f) { if (isset($post[$f]) && !empty($post[$f])) { array_push($sqlf, $f); if ($f == 'password') { array_push($sqlv, db_crypt(_addslashes($post[$f]))); } else { array_push($sqlv, _addslashes($post[$f])); } } } array_push($sqlf, 'realm'); array_push($sqlv, _addslashes($signup_realm)); $sqlf = implode(',', $sqlf); $sqlv = implode(',', $sqlv); $sql = "INSERT INTO " . $GLOBALS['ESPCONFIG']['respondent_table'] . " ({$sqlf}) VALUES ({$sqlv})"; /* execute statement */ $res = execute_sql($sql); if (!$res) { $msg = '<font color="red">' . _('Request failed, please choose a different username.') . '</font>'; if ($GLOBALS['ESPCONFIG']['DEBUG']) { $msg .= mkerror(ErrorNo() . ': ' . ErrorMsg()); } break; } $msg = '<font color="blue">' . sprintf(_('Your account, %s, has been created!'), htmlspecialchars($post['username'])) . '</font>'; foreach ($fields as $f) { $post[$f] = null;