【修复】 加强安全
This commit is contained in:
parent
9103a22339
commit
f759f176c4
|
@ -310,7 +310,7 @@ if($operation == 'export') {
|
||||||
@unlink($dumpfile);
|
@unlink($dumpfile);
|
||||||
|
|
||||||
$mysqlbin = $mysql_base == '/' ? '' : addslashes($mysql_base).'bin/';
|
$mysqlbin = $mysql_base == '/' ? '' : addslashes($mysql_base).'bin/';
|
||||||
@shell_exec($mysqlbin.'mysqldump --force --quick '.($db->version() > '4.1' ? '--skip-opt --create-options' : '-all').' --add-drop-table'.($_GET['extendins'] == 1 ? ' --extended-insert' : '').''.($db->version() > '4.1' && $_GET['sqlcompat'] == 'MYSQL40' ? ' --compatible=mysql40' : '').' --host="'.$dbhost.($dbport ? (is_numeric($dbport) ? ' --port='.$dbport : ' --socket="'.$dbport.'"') : '').'" --user="'.$dbuser.'" --password="'.$dbpw.'" "'.$dbname.'" '.$tablesstr.' > '.$dumpfile);
|
@shell_exec($mysqlbin.'mysqldump --force --quick '.($db->version() > '4.1' ? '--skip-opt --create-options' : '-all').' --add-drop-table'.($_GET['extendins'] == 1 ? ' --extended-insert' : '').''.($db->version() > '4.1' && $_GET['sqlcompat'] == 'MYSQL40' ? ' --compatible=mysql40' : '').' --host="'.$dbhost.($dbport ? (is_numeric($dbport) ? ' --port='.$dbport : ' --socket="'.$dbport.'"') : '').'" --user="'.$dbuser.'" --password="'.$dbpw.'" "'.$dbname.'" '.escapeshellarg($tablesstr).' > '.$dumpfile);
|
||||||
|
|
||||||
if(@file_exists($dumpfile)) {
|
if(@file_exists($dumpfile)) {
|
||||||
|
|
||||||
|
@ -1235,4 +1235,4 @@ function slowcheck($type1, $type2) {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -368,7 +368,7 @@ class discuz_database_safecheck {
|
||||||
private static function _do_query_safe($sql) {
|
private static function _do_query_safe($sql) {
|
||||||
$sql = str_replace(array('\\\\', '\\\'', '\\"', '\'\''), '', $sql);
|
$sql = str_replace(array('\\\\', '\\\'', '\\"', '\'\''), '', $sql);
|
||||||
$mark = $clean = '';
|
$mark = $clean = '';
|
||||||
if (strpos($sql, '/') === false && strpos($sql, '#') === false && strpos($sql, '-- ') === false && strpos($sql, '@') === false && strpos($sql, '`') === false) {
|
if (strpos($sql, '/') === false && strpos($sql, '#') === false && strpos($sql, '-- ') === false && strpos($sql, '@') === false && strpos($sql, '`') === false && strpos($sql, '"') === false) {
|
||||||
$clean = preg_replace("/'(.+?)'/s", '', $sql);
|
$clean = preg_replace("/'(.+?)'/s", '', $sql);
|
||||||
} else {
|
} else {
|
||||||
$len = strlen($sql);
|
$len = strlen($sql);
|
||||||
|
|
|
@ -729,7 +729,7 @@ class table_forum_post extends discuz_table
|
||||||
for($i = 0; $i < count($keywords); $i++) {
|
for($i = 0; $i < count($keywords); $i++) {
|
||||||
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
||||||
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
||||||
$sqlkeywords .= " $or p.subject REGEXP '".$keywords[$i]."' OR p.message REGEXP '".$keywords[$i]."'";
|
$sqlkeywords .= " $or p.subject REGEXP '".$keywords[$i]."' OR p.message REGEXP '".addslashes(stripsearchkey($keywords[$i]))."'";
|
||||||
} else {
|
} else {
|
||||||
$keywords[$i] = addslashes($keywords[$i]);
|
$keywords[$i] = addslashes($keywords[$i]);
|
||||||
$sqlkeywords .= " $or p.subject LIKE '%".$keywords[$i]."%' OR p.message LIKE '%".$keywords[$i]."%'";
|
$sqlkeywords .= " $or p.subject LIKE '%".$keywords[$i]."%' OR p.message LIKE '%".$keywords[$i]."%'";
|
||||||
|
@ -776,7 +776,7 @@ class table_forum_post extends discuz_table
|
||||||
for($i = 0; $i < count($keywords); $i++) {
|
for($i = 0; $i < count($keywords); $i++) {
|
||||||
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
||||||
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
||||||
$sqlkeywords .= " $or p.subject REGEXP '".$keywords[$i]."' OR p.message REGEXP '".$keywords[$i]."'";
|
$sqlkeywords .= " $or p.subject REGEXP '".$keywords[$i]."' OR p.message REGEXP '".addslashes(stripsearchkey($keywords[$i]))."'";
|
||||||
} else {
|
} else {
|
||||||
$keywords[$i] = addslashes($keywords[$i]);
|
$keywords[$i] = addslashes($keywords[$i]);
|
||||||
$sqlkeywords .= " $or p.subject LIKE '%".$keywords[$i]."%' OR p.message LIKE '%".$keywords[$i]."%'";
|
$sqlkeywords .= " $or p.subject LIKE '%".$keywords[$i]."%' OR p.message LIKE '%".$keywords[$i]."%'";
|
||||||
|
|
|
@ -218,7 +218,7 @@ class table_home_blog extends discuz_table
|
||||||
$keywords[$i] = daddslashes($keywords[$i]);
|
$keywords[$i] = daddslashes($keywords[$i]);
|
||||||
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
||||||
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
||||||
$sqlkeywords .= " $or b.subject REGEXP '".$keywords[$i]."' OR bf.message REGEXP '".$keywords[$i]."'";
|
$sqlkeywords .= " $or b.subject REGEXP '".$keywords[$i]."' OR bf.message REGEXP '".addslashes(stripsearchkey($keywords[$i]))."'";
|
||||||
} else {
|
} else {
|
||||||
$sqlkeywords .= " $or b.subject LIKE '%".$keywords[$i]."%' OR bf.message LIKE '%".$keywords[$i]."%'";
|
$sqlkeywords .= " $or b.subject LIKE '%".$keywords[$i]."%' OR bf.message LIKE '%".$keywords[$i]."%'";
|
||||||
}
|
}
|
||||||
|
|
|
@ -83,7 +83,7 @@ class table_home_doing extends discuz_table
|
||||||
$keywords[$i] = addslashes(stripsearchkey($keywords[$i]));
|
$keywords[$i] = addslashes(stripsearchkey($keywords[$i]));
|
||||||
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
if(preg_match("/\{(\d+)\}/", $keywords[$i])) {
|
||||||
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
$keywords[$i] = preg_replace("/\\\{(\d+)\\\}/", ".{0,\\1}", preg_quote($keywords[$i], '/'));
|
||||||
$sqlkeywords .= " $or message REGEXP '".$keywords[$i]."'";
|
$sqlkeywords .= " $or message REGEXP '".addslashes(stripsearchkey($keywords[$i]))."'";
|
||||||
} else {
|
} else {
|
||||||
$sqlkeywords .= " $or message LIKE '%".$keywords[$i]."%'";
|
$sqlkeywords .= " $or message LIKE '%".$keywords[$i]."%'";
|
||||||
}
|
}
|
||||||
|
|
|
@ -115,7 +115,7 @@ class notemodel {
|
||||||
}
|
}
|
||||||
$this->base->load('misc');
|
$this->base->load('misc');
|
||||||
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
||||||
if($app['extra']['apppath'] && @include $app['extra']['apppath'].'./api/'.$apifilename) {
|
if($app['extra']['apppath'] && substr(strrchr($apifilename, '.'), 1, 10) == 'php' && @include $app['extra']['apppath'].'./api/'.$apifilename) {
|
||||||
$uc_note = new uc_note();
|
$uc_note = new uc_note();
|
||||||
$method = $note['operation'];
|
$method = $note['operation'];
|
||||||
if(is_string($method) && !empty($method)) {
|
if(is_string($method) && !empty($method)) {
|
||||||
|
|
|
@ -130,7 +130,7 @@ class control extends adminbase {
|
||||||
}
|
}
|
||||||
if($app = $this->cache['apps'][$appid]) {
|
if($app = $this->cache['apps'][$appid]) {
|
||||||
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
||||||
if($app['extra']['apppath'] && @include $app['extra']['apppath'].'./api/'.$apifilename) {
|
if($app['extra']['apppath'] && substr(strrchr($apifilename, '.'), 1, 10) == 'php' && @include $app['extra']['apppath'].'./api/'.$apifilename) {
|
||||||
$uc_note = new uc_note();
|
$uc_note = new uc_note();
|
||||||
$data = trim($uc_note->getcreditsettings('', ''));
|
$data = trim($uc_note->getcreditsettings('', ''));
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -291,7 +291,7 @@ class usercontrol extends base {
|
||||||
$this->load('misc');
|
$this->load('misc');
|
||||||
$app = $this->cache['apps'][$appid];
|
$app = $this->cache['apps'][$appid];
|
||||||
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
||||||
if($app['extra']['apppath'] && @include $app['extra']['apppath'].'./api/'.$apifilename) {
|
if($app['extra']['apppath'] && substr(strrchr($apifilename, '.'), 1, 10) == 'php' && @include $app['extra']['apppath'].'./api/'.$apifilename) {
|
||||||
$uc_note = new uc_note();
|
$uc_note = new uc_note();
|
||||||
return $uc_note->getcredit(array('uid' => $uid, 'credit' => $credit), '');
|
return $uc_note->getcredit(array('uid' => $uid, 'credit' => $credit), '');
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -139,7 +139,7 @@ class notemodel {
|
||||||
}
|
}
|
||||||
$this->base->load('misc');
|
$this->base->load('misc');
|
||||||
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
$apifilename = isset($app['apifilename']) && $app['apifilename'] ? $app['apifilename'] : 'uc.php';
|
||||||
if($app['extra']['apppath'] && @include_once $app['extra']['apppath'].'./api/'.$apifilename) {
|
if($app['extra']['apppath'] && substr(strrchr($apifilename, '.'), 1, 10) == 'php' && @include_once $app['extra']['apppath'].'./api/'.$apifilename) {
|
||||||
$uc_note = new uc_note();
|
$uc_note = new uc_note();
|
||||||
$method = $note['operation'];
|
$method = $note['operation'];
|
||||||
if(is_string($method) && !empty($method)) {
|
if(is_string($method) && !empty($method)) {
|
||||||
|
|
Loading…
Reference in New Issue