/** * 变量检查 * @param $var */ function checkVar(&$var) { if (is_array($var)) { foreach ($var as $key => $value) { S::checkVar($var[$key]); } } elseif (P_W != 'admincp') { $var = str_replace(array('..', ')', '<', '='), array('..', ')', '<', '='), $var); } elseif (str_replace(array('<iframe', '<meta', '<script'), '', $var) != $var) { global $basename; $basename = 'javascript:history.go(-1);'; adminmsg('word_error'); } }
/** * 检查变量 * * @param mixed $var * @return mixed */ function CheckVar(&$var) { S::checkVar($var); }
$bubbleInfo = $rightset['bubble']; $uidForBubble = $rightset['uid']; $admin_gid = $rightset['gid']; if ($db_ifsafecv && strpos($db_safegroup, ",{$admin_gid},") !== false && !$CK[3]) { Cookie('AdminUser', '', 0); adminmsg('safecv_prompt'); } //* include_once pwCache::getPath(D_P.'data/bbscache/level.php'); pwCache::getData(D_P . 'data/bbscache/level.php'); !defined('If_manager') && define('If_manager', 0); if (!If_manager) { Iplimit(); $temp_a = array_merge($_POST, $_GET); foreach ($temp_a as $key => $value) { if ($key != 'module') { S::checkVar($value); } } unset($temp_a); $admin_level = $ltitle[$admin_gid]; } else { $admin_level = getLangInfo('other', 'admin_level'); //'manager'; } $_postdata = $_POST ? PostLog($_POST) : ''; $new_record = '|' . str_replace('|', '|', S::escapeChar($admin_name)) . '||' . str_replace('|', '|', S::escapeChar($REQUEST_URI)) . "|{$onlineip}|{$timestamp}|{$_postdata}|\n"; writeover($bbsrecordfile, $new_record, "ab"); //* pwCache::setData($bbsrecordfile,$new_record, false, "ab"); if ($pwServer['REQUEST_METHOD'] == 'POST') { $referer_a = @parse_url($pwServer['HTTP_REFERER']); if ($referer_a['host']) {
$db_cc = 2; } if ($db_cc && !defined('COL')) { pwDefendCc($db_cc); } if ($db_htmifopen) { $_NGET = parseRewriteQueryString($pwServer['QUERY_STRING']); !empty($_NGET) && ($_GET = $_NGET); } foreach ($_POST as $_key => $_value) { if (!in_array($_key, array('atc_content', 'atc_title', 'quote_content', 'prosign', 'pwuser', 'pwpwd'))) { S::checkVar($_POST[$_key]); } } foreach ($_GET as $_key => $_value) { S::checkVar($_GET[$_key]); } list($wind_version, $wind_repair, $wind_from) = explode(',', WIND_VERSION); $db_olsize = 96; if (false !== ($dirstrpos = strpos($pwServer['SCRIPT_NAME'], $db_dir))) { $tmp = substr($pwServer['SCRIPT_NAME'], 0, $dirstrpos); $pwServer['PHP_SELF'] = "{$tmp}.php"; unset($dirstrpos); } else { $tmp = $pwServer['SCRIPT_NAME']; } $REQUEST_URI = $pwServer['PHP_SELF'] . ($pwServer['QUERY_STRING'] ? '?' . $pwServer['QUERY_STRING'] : ''); //手机跳转 S::gp(array('fromWap'), 'G', 2); isHeaderWap($fromWap); $_mainUrl = $index_url = $db_bbsurl;