/**
$a[0] = $_SERVER['REQUEST_URI'];
//$a[1] = '<script>alert(12313)</script>';
//$a[2] = '<script>alert(12313)</script>';
//$a[3] = '<script>alert(12313)</script>';
echo "<pre>";
echo $a[0];
print_r(DetectXSS($a));
echo "</pre>";
**/
function DetectXSS($val)
{
if (!is_array($val)) {
if (RemoveXSS($val) != $val) {
log(htmlspecialchars($val));
die('warning:found xss attack !');
}
} else {
foreach ($val as $k => $v) {
DetectXSS($v);
}
}
}
/*
* 自动缩略图 参数 url|w|h|type="cut/full"|mark="text/image|r"
* thumb.php?url=/thinksns/data/userface/000/00/00/41_middle_face.jpg?1247718988&w=20&h=20
*/
error_reporting(0);
//全局定义文件
require 'define.inc.php';
//临时目录
$tempDir = "./data/thumb_temp/";
checkDir($tempDir);
//分析URL
$url = urldecode($_GET['url']);
//XSS脚本攻击探测
include THINK_PATH . '/Vendor/xss.php';
DetectXSS($url);
//2009-10-7 修改 将本地图片修改成相对地址,避免file_get_contents不能读取远程文件时出错(可修改php.ini 设置 allow_fopen_url 为 true)
$url = str_ireplace(SITE_URL, '.', $url);
if (file_exists($url)) {
$url = $url;
} elseif ($result = GrabImage($url, $tempDir)) {
$url = $result;
$grab_temp_file = $result;
} else {
$url = "./public/images/noface/noface_yuan_face.jpg";
}
//解析参数
$w = $_GET['w'] ? $_GET['w'] : '100';
//宽度
$h = $_GET['h'] ? $_GET['h'] : '100';
//高度