您当前的位置:首页 > 网站建设笔记 >

discuz_application类的_init_input()方法

0
<?php
private function _init_input() {
	//当register_globals打开以后,各种变量都被注入代码,例如来自HTML表单的请求变量。再加上PHP在使用变量之前是无需进行初始化的,这就使得更容易写出不安全的代码。
	//这是个很艰难的抉择,但PHP社区还是决定默认关闭此选项。当打开时,人们使用变量时确实不知道变量是哪里来的,只能想当然。但是register_globals的关闭改变了这种代码内部变量和客户端发送的变量混杂在一起的糟糕情况。
	if (isset($_GET['GLOBALS']) || isset($_POST['GLOBALS']) || isset($_COOKIE['GLOBALS']) || isset($_FILES['GLOBALS'])) {
		system_error('request_tainting');
	}
	//如果开启了get_magic_quotes_gpc(),就给$_GET、$_POST、$_COOKIE全局变量stripslashes一下
	if (MAGIC_QUOTES_GPC) {
		$_GET = dstripslashes($_GET);
		$_POST = dstripslashes($_POST);
		$_COOKIE = dstripslashes($_COOKIE);
	}
	//cookie前缀的长度
	$prelength = strlen($this->config['cookie']['cookiepre']);
	foreach ($_COOKIE as $key => $val) {
		//设置合法的cookie的键名/变量名必须以 $this->config['cookie']['cookiepre'] 这个开头的,在配置文件中有。这样做应该是防止非法cookie变量
		if (substr($key, 0, $prelength) == $this->config['cookie']['cookiepre']) {
		//在$this->var["cookie"]里保存的cookie的键名/变量名没有cookie前缀
		$this->var['cookie'][substr($key, $prelength)] = $val;
		}
	}
	//返回用于访问页面的请求方法
	//如果访问页面的请求方法为POST,就把$_POST的值合并到$_GET变量中
	if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST)) {
		$_GET = array_merge($_GET, $_POST);
	}
	if (isset($_GET['page'])) {
		//按照 RFC 3986 对URL进行编码
		//返回字符串,此字符串中除了-_.之外的所有非字母数字字符都将被替换成百分号后跟两位十六进制数。这是在RFC 3986中描述的编码,是为了保护原义字符以免其被解释为特殊的URL定界符,同时保护URL格式以免其被传输媒体(像一些邮件系统)使用字符转换时弄乱。
		$_GET['page'] = rawurlencode($_GET['page']);
	}
	//\w匹配字母或数字或下划线
	if (!(!empty($_GET['handlekey']) && preg_match('/^\w+$/', $_GET['handlekey']))) {
		unset($_GET['handlekey']);
	}
	//$_GET|$_POST的兼容处理, 0为关闭, 1为开启
	//开启后即可使用$_G["gp_xx"](xx为变量名, $_GET和$_POST集合的所有变量名), 值为已经addslashes()处理过
	if (!empty($this->var['config']['input']['compatible'])) {
		foreach ($_GET as $k => $v) {
			$this->var['gp_'.$k] = daddslashes($v);
		}
	}
	$this->var['mod'] = empty($_GET['mod']) ? '' : dhtmlspecialchars($_GET['mod']);

	//$this->var["config"]["output"]["ajaxvalidate"]是否严格验证Ajax页面的真实性, 0=关闭, 1=打开
	$this->var['inajax'] = empty($_GET['inajax']) ? 0 : (empty($this->var['config']['output']['ajaxvalidate']) ? 1 : ($_SERVER['REQUEST_METHOD'] == 'GET' && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest' || $_SERVER['REQUEST_METHOD'] == 'POST' ? 1 : 0));

	$this->var['page'] = empty($_GET['page']) ? 1 : max(1, intval($_GET['page']));
	$this->var['sid'] = $this->var['cookie']['sid'] = isset($this->var['cookie']['sid']) ? dhtmlspecialchars($this->var['cookie']['sid']) : '';

	if (empty($this->var['cookie']['saltkey'])) {
		$this->var['cookie']['saltkey'] = random(8);
		dsetcookie('saltkey', $this->var['cookie']['saltkey'], 86400 * 30, 1, 1);
	}
	$this->var['authkey'] = md5($this->var['config']['security']['authkey'].$this->var['cookie']['saltkey']);
}
?>
<?php
//_init_input()方法执行结束后打印$_G全局变量

$_G = array (
  'uid' => 0,
  'username' => '',
  'adminid' => 0,
  'groupid' => 1,

  //$this->var["sid"] = $this->var["cookie"]["sid"] = isset($this->var["cookie"]["sid"]) ? dhtmlspecialchars($this->var["cookie"]["sid"]) : "";
  'sid' => '',

  'formhash' => '',
  'connectguest' => 0,
  'timestamp' => 1498533885,
  'starttime' => 1498533885.6414,
  'clientip' => '127.0.0.1',
  'remoteport' => '62959',
  'referer' => '',
  'charset' => '',
  'gzipcompress' => '',

  //$_config["security"]["authkey"] = "asdfasfas"; //站点加密密钥
  //$this->var["authkey"] = md5($this->var["config"]["security"]["authkey"].$this->var["cookie"]["saltkey"]);
  'authkey' => '2e548bcd05aa204f2a9ef922684dcb8e',
  'timenow' => array (),
  'widthauto' => 0,
  'disabledwidthauto' => 0,
  'PHP_SELF' => '/forum.php',
  'siteurl' => 'http://www.pcool.com/',
  'siteroot' => '/',
  'siteport' => '',
  'pluginrunlist' => array (),
  'config' => array (
    'db' => array (
        1 => array (
            'dbhost'=>'localhost',
            'dbuser'=>'root',
            'dbpw'=>'root',
            'dbcharset'=>'utf8',
            'pconnect'=>'0',
            'dbname'=>'pinku',
            'tablepre'=>'bbs_',
        ),
        'slave' => '',
        'common' => array ('slave_except_table'=>'',),
    ),
    'memory' => array (
        'prefix' => 'qUR9F2_',
        'redis' => array (
            'server' => '',
            'port' => 6379,
            'pconnect' => 1,
            'timeout' => '0',
            'requirepass' => '',
            'serializer' => 1,
        ),
        'memcache' => array (
            'server' => '',
            'port' => 11211,
            'pconnect' => 1,
            'timeout' => 1,
        ),
        'apc' => '0',
        'apcu' => '0',
        'xcache' => '0',
        'eaccelerator' => '0',
        'wincache' => '0',
        'yac' => '0',
        'file' => array ('server' => 'data/cache/filecache',),
    ),
    'server' => array ('id' => 1,),
    'download' => array (
        'readmod' => 2,
        'xsendfile' => array (
            'type' => '0',
            'dir' => '/down/',
        ),
    ),
    'output' => array (
        'charset' => 'utf-8',
        'forceheader' => 1,
        'gzip' => '0',
        'tplrefresh' => 1,
        'language' => 'zh_cn',
        'staticurl' => 'static/',
        'ajaxvalidate' => '0',
        'iecompatible' => '0',
    ),
    'cookie' => array (
        'cookiepre' => 'hYFg_2132_',
        'cookiedomain' => '',
        'cookiepath' => '/',
    ),
    'security' => array (
        'authkey' => '2618faN3hpIEZoCr',
        'urlxssdefend' => 1,
        'attackevasive' => '0',
        'querysafe' => array (
            'status' => 1,
            'dfunction' => array (
                0 => 'load_file',
                1 => 'hex',
                2 => 'substring',
                3 => 'if',
                4 => 'ord',
                5 => 'char',
            ),
            'daction' => array (
                0 => '@',
                1 => 'intooutfile',
                2 => 'intodumpfile',
                3 => 'unionselect',
                4 => '(select',
                5 => 'unionall',
                6 => 'uniondistinct',
            ),
            'dnote' => array (
                0 => '/*',
                1 => '*/',
                2 => '#',
                3 => '--',
                4 => '"',
            ),
            'dlikehex' => 1,
            'afullnote' => '0',
        ),
    ),
    'admincp' => array (
        'founder' => '1',
        'forcesecques' => '0',
        'checkip' => 1,
        'runquery' => '0',
        'dbimport' => 1,
    ),
    'remote' => array (
        'on' => '0',
        'dir' => 'remote',
        'appkey' => '62cf0b3c3e6a4c9468e7216839721d8e',
        'cron' => '0',
    ),
    'input' => array (
        'compatible' => 1,
    ),
  ),
  'setting' => array (),
  'member' => array (),
  'group' => array (),

  //以下为discuz_application类的_init_input()方法执行结束后设置的
  'cookie' => array (
    //$this->var["sid"] = $this->var["cookie"]["sid"] = isset($this->var["cookie"]["sid"]) ? dhtmlspecialchars($this->var["cookie"]["sid"]) : "";
    'sid' => '',
    'saltkey' => 'XtqKLzW2',//值为random(8)
  ),
  'style' => array (),
  'cache' => array (),
  'session' => array (),
  'lang' => array (),
  'my_app' => array (),
  'my_userapp' => array (),
  'fid' => 0,
  'tid' => 0,
  'forum' => array (),
  'thread' => array (),
  'rssauth' => '',
  'home' => array (),
  'space' => array (),
  'block' => array (),
  'article' => array (),
  'action' => array (
    'action' => 2,
    'fid' => 0,
    'tid' => 0,
  ),
  'mobile' => '',
  'notice_structure' => array (
    'mypost' => array (
        0 => 'post',
        1 => 'pcomment',
        2 => 'activity',
        3 => 'reward',
        4 => 'goods',
        5 => 'at',
    ),
    'interactive' => array (
        0 => 'poke',
        1 => 'friend',
        2 => 'wall',
        3 => 'comment',
        4 => 'click',
        5 => 'sharenotice',
    ),
    'system' => array (
        0 => 'system',
        1 => 'myapp',
        2 => 'credit',
        3 => 'group',
        4 => 'verify',
        5 => 'magic',
        6 => 'task',
        7 => 'show',
        8 => 'group',
        9 => 'pusearticle',
        10 => 'mod_member',
        11 => 'blog',
        12 => 'article',
    ),
    'manage' => array (
        0 => 'mod_member',
        1 => 'report',
        2 => 'pmreport',
    ),
    'app' => array (),
  ),
  'mobiletpl' => array (
    1 => 'mobile',
    2 => 'touch',
    3 => 'wml',
    'yes' => 'mobile',
  ),
  'basescript' => 'forum',
  'basefilename' => 'forum.php',
  'isHTTPS' => false,
  'scheme' => 'http',
  'staticurl' => 'static/',

  //以下为discuz_application类的_init_input()方法执行结束后新增的
  //$this->var["mod"] = empty($_GET["mod"]) ? "" : dhtmlspecialchars($_GET["mod"]);
  'mod' => '',

  //$this->var["inajax"] = empty($_GET["inajax"]) ? 0 : (empty($this->var["config"]["output"]["ajaxvalidate"]) ? 1 : ($_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest" || $_SERVER["REQUEST_METHOD"] == "POST" ? 1 : 0));

  //$this->var["config"]["output"]["ajaxvalidate"]是否严格验证Ajax页面的真实性, 0=关闭, 1=打开
  'inajax' => 0,

  //$this->var["page"] = empty($_GET["page"]) ? 1 : max(1, intval($_GET["page"]));
  'page' => 1,
);
?>

建站咨询

在线咨询真诚为您提供专业解答服务

咨询热线

137 1731 25507×24小时服务热线

微信交流

二维码终于等到你,还好我没放弃
返回顶部