/**
* 模板隐藏安全检测
只是匹配一些敏感函数
*/
function m__safe_check()
{
global $page, $words;
$template = $_GET['file'];
$dir = dirname(__FILE__) . '/../templates/' . $template;
$files = get_file_list($dir);
$saferes = '';
// 遍历所有模板页
foreach ($files as $f) {
$filecont = strtolower(helper::get_contents($dir . "/" . $f['name']));
/**
* 判断模板文件中是否有敏感变量或方法名
*/
foreach ($words as $sa) {
if (preg_match('~(<\\?|<%)[\\w\\W]*?' . strtolower($sa) . '[\\w\\W]*?(%|\\?>)~', $filecont)) {
$saferes .= '模板文件 ' . $f['name'] . " 代码中有敏感字符 " . $sa . ",可能存在安全隐患\\r\\n";
}
}
if (!empty($saferes)) {
die('{"code":"100","msg":"' . $saferes . '请仔细检查模板中存在该字符的代码,本提示不保证绝对准确!"}');
}
if (is_file($f['name'])) {
/**
* 判断是否包含其他文件
*/
if (preg_match_all('~(require_once|include_once|require|include)(.*?)(;|\\?>)~', $filecont, $arr)) {
$arrs = $arr[2];
foreach ($arrs as $fileurl) {
$count1 = substr_count($fileurl, '"');
$count2 = substr_count($fileurl, "'");
if ($count1 > 2 || $count2 > 2) {
die('{"code":"100","msg":"模板 ' . $f['name'] . ' 的包含了其他目录的文件 ' . $fileurl . ',可能存在安全隐患"}');
}
if (count(explode('/', $fileurl)) > 1) {
die('{"code":"100","msg":"模板 ' . $f['name'] . ' 的包含了其他目录的文件 ' . $fileurl . ',可能存在安全隐患"}');
}
}
}
/**
* 判断是否又实例化对象(模板是不需要实例化任何东西的)
*/
if (preg_match('~<\\?[\\w\\W]*?new [\\w\\W]*?\\?>~', $filecont)) {
die('{"code":"100","msg":"模板文件 ' . $f['name'] . ' 实例化了一个对象,可能存在安全隐患"}');
}
}
// echo $f['name'].'<br>';
}
die('{"code":"0","msg":"我们不保证文件绝对安全"}');
}
/**
* 根据百度搜索结果自动提取关键词
* @param $title 要提取关键词的标题
* @param $filter_words1 精准过滤词数组 array('过滤词1','过滤词2')
* @param $filetr_words2 模糊过滤词数组 array('过滤词1','过滤词2')
*/
public static function get_tags_baidu($title, $filter_words1 = array(), $filter_words2 = array())
{
if (strlen($title) <= 4) {
die('{"code":1,"msg":"","data":["' . $title . '"]}');
}
$ret = helper::get_contents('http://www.baidu.com/s?wd=' . urlencode($title));
preg_match_all('~<em>(.*?)</em>~', $ret, $keys);
//过滤字符
for ($i = 0; $i < count($keys[1]); $i++) {
$keys[1][$i] = preg_replace('~"|\'|“|”|【|】|\\(|\\)|(|)|:|:|\\-|—~', '', $keys[1][$i]);
}
//去重并过滤
$nkeys = array();
foreach ($keys[1] as $a) {
//去重
$is_key = 0;
for ($b = 0; $b < count($nkeys); $b++) {
if ($a == $nkeys[$b]['k']) {
$is_key = 1;
$nkeys[$b]['t'] = 1 + $nkeys[$b]['t'];
break;
}
}
//过滤
$is_k1 = 0;
foreach ($filter_words1 as $b) {
if ($b == $a) {
$is_k1 = 1;
break;
}
}
$is_k2 = 0;
foreach ($filter_words2 as $b) {
if (strstr($a, $b)) {
$is_k2 = 1;
break;
}
}
if ($is_key == 0 && $is_k1 == 0 && $is_k2 == 0) {
array_push($nkeys, array('k' => $a, 't' => 1, 'l' => strlen($a)));
}
}
//过滤字符长度
$tags = array();
for ($i = 0; $i < count($nkeys); $i++) {
if (strlen($nkeys[$i]['k']) >= 9 && strlen($nkeys[$i]['k']) <= 18) {
array_push($tags, $nkeys[$i]);
}
}
//排序
$tags = helper::array_sort($tags, 'l');
//print_r($info_tags);
$ntags = array();
//重做数组
foreach ($tags as $a) {
array_push($ntags, $a);
}
return $ntags;
}
public function get_geo($addr)
{
$ret = helper::get_contents('http://api.map.baidu.com/geocoder/v2/?address=' . $addr . '&output=json&ak=9f2feaa6d4a8a3eaae63d3b6d212fd13&callback=');
$json = json_decode($ret, 1);
$arr = array('status' => '1');
if ($json['status'] == '0') {
$arr['status'] = $json['status'];
if (isset($json['result']['location'])) {
$arr['longitude'] = $json['result']['location']['lng'];
$arr['latitude'] = $json['result']['location']['lat'];
} else {
$arr['status'] = '2';
}
}
return $arr;
}
function m__del()
{
global $page, $dbm;
check_level("E0202");
$_POST = helper::sqlxss($_POST);
// 直接传过来的删除动作
if (isset($_POST['flink_id'])) {
//单个删除值传递
$_POST['params'] = array($_POST['flink_id']);
}
//循环删除数据
foreach ($_POST['params'] as $id) {
$id = intval($id);
$where = " flink_id = '" . $id . "'";
$sql = "select * from " . TB_PREFIX . "flink where flink_id=" . $id;
$rs = $dbm->query($sql);
if ($rs['error'] == '' && $rs['list'] == '') {
continue;
} elseif ($rs['list'][0]['flink_type'] == 1) {
//是云链接 告知服务器此链接已被删除
$path = AUTH_URL;
$last_char = substr($path, -1);
if ($last_char == '/') {
$path = substr($path, 0, -1);
}
$url = $path . '/api/yunflink.php?m=del_url&auth_code=' . AUTH_CODE . '&flink_url=' . $rs['list'][0]['flink_url'];
$data = helper::get_contents($url);
}
$dbm->single_del(TB_PREFIX . "flink", $where);
}
logs("成功删除了友情链接");
die('{"code":"0","msg":"删除成功"}');
}
