Пример #1
0
    function __construct() {
    	if(preg_match('/(\'|")/', $_POST['username']) || preg_match('/(\'|")/', $_GET['username']) || preg_match('/(\'|")/', $_COOKIE['login_username'])){
    		exit('非法参数');
    	}
        self::$args=$_GET['args'];
        unset($_GET['args']);
        if($_GET['case'] == 'file'){@$_GET['admin_dir'] = config::get('admin_dir');}
        if (@$_GET['admin_dir'] == config::get('admin_dir'))
            $admin=1;
        if (@$_GET['m'] &&is_numeric(@$_GET['m'])) {
            header('location:?case=user&act=space&mid='.$_GET['m']);
        }
        if (@$_GET['g'] &&is_numeric(@$_GET['g'])) {
            header('location: ?case=manage&act=guestadd&manage=archive&guest=1');
        }
        if (@$admin) {
            include_once ROOT.'/'.config::get('admin_dir').'/init.php';
        }
        
        if (@$_GET['clean_login']) {
            $event=new event();
            $event->rec_delete("event='loginfalse'");
            cookie::del('loginfalse');
        }
        self::$admin=defined('ADMIN');
        self::$debug=defined('DEBUG');
        if(is_mobile()) $_GET['t']='wap';
        if (strtolower(config::get('template_dir')) == 'admin'||strtolower(config::get('template_dir')) == 'debug')
            exit(__CLASS__.','.__LINE__);
        if (!config::get('template_dir'))
            config::set('template_dir','default');
        if (isset($_SERVER['HTTP_REFERER']))
            self::$from=$_SERVER['HTTP_REFERER'];
        self::$host=isset($_SERVER['HTTP_X_FORWARDED_HOST']) ?$_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ?$_SERVER['HTTP_HOST'] : '');
        preg_match('/[\w-]+(\.(org|net|com|gov))?\.(\w+)$/',self::$host,$match);
        if (isset($match[0]))
            self::$domain=$match[0];
        else
            self::$domain=self::$host;
        self::$uri=$_SERVER['REQUEST_URI'];
        self::route();
        
        define('MAGIC_QUOTES_GPC', function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc());
        if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
        	exit('request_tainting');
        }
        
        if (!MAGIC_QUOTES_GPC) {
        	$_GET = daddslashes($_GET);
        	$_POST = daddslashes($_POST);
        	$_COOKIE = daddslashes($_COOKIE);
        }
        
        $dfile = htmlspecialchars($_GET['dfile']);
        foreach ($_GET as $key=>$value) {
            unset($_GET[$key]);
            if ($key == 'host'||$key == 'ftpip'||$key == 'request'||$key == 'notify_id'||$key == 'real_name') {
                $_GET[$key]=$value;
                continue;
            }
            $key=preg_replace('/[^\w-].*/','',$key);
            if ($key == 'tag'||$key == 'keyword') {
                $value=strip_tags(urldecode($value));
                $value=str_replace(' ','+',$value);
				if(preg_match('/union/i',$value) || preg_match('/"/i',$value) ||preg_match('/\'/i',$value)){
                	exit('非法参数');
                }
            }
            else
                $value=preg_replace('/[^\w-].*/','',$value);
            $_GET[$key]=$value;
        }
        
        self::$get=$_GET;
        self::$post=$_POST;
        self::$get['dfile'] = $dfile;
        if (isset(self::$post['verify']))
            self::$post['verify']=strtoupper(self::$post['verify']);
        self::$case=isset(self::$get['case']) ?self::$get['case'] : (self::$admin ?'index': 'index');
        self::$act=isset(self::$get['act']) ?self::$get['act'] : 'index';
        if (preg_match("%".self::$host."%i",self::$from))
            self::$from=preg_replace('%http://'.self::$host.'%','',self::$from);
        if (!front::$admin ||front::$html ||self::$rewrite)
            config::set('base_url',preg_replace('%/index.php%i','',$_SERVER['PHP_SELF']));
        else {
            $_url=preg_replace('/'.THIS_URL.'$/i','',rtrim(preg_replace('/(index\.php|\?).*/i','',self::$uri),'/'));
            config::set('base_url',str_replace(ROOT,'',$_url));
        }
        
        new stsession(new sessionox());//初始化DB 存储SESSION
        
        if (self::$admin)
            $this->admin();
    }