}
}
public static function getAppHashValue($special = '')
{
$authkey = 'appbyme_key';
// 目前是定死的, 以后应该改成由用户设置
$hash = substr(md5(substr(time(), 0, 5) . $authkey . $special), 8, 8);
return $hash;
}
}
// xss debug fixed
$tempMethod = $_SERVER['REQUEST_METHOD'];
!isset($_GET['apphash']) && ($_GET['apphash'] = isset($_POST['apphash']) ? $_POST['apphash'] : '');
!isset($_GET['sdkVersion']) && ($_GET['sdkVersion'] = isset($_POST['sdkVersion']) ? $_POST['sdkVersion'] : '');
if ($_GET['sdkVersion'] === '') {
unset($_GET['sdkVersion']);
}
if ($_GET['apphash'] == MobcentDiscuz::getAppHashValue() || isset($_GET['hacker_uid']) && MOBCENT_HACKER_UID) {
$_SERVER['REQUEST_METHOD'] = 'POST';
// x2.5的绕过方法
define('DISABLEXSSCHECK', 1);
// x3.0的绕过方法
}
// cc 攻击防御
define('DISABLEDEFENSE', 1);
C::setconstant();
C::creatapp();
C::app()->init_misc = false;
C::app()->init();
$_SERVER['REQUEST_METHOD'] = $tempMethod;
runhooks();
