Yaf中map路由下delimiter的问题，yafdelimiter-php手册-php.cn

Home

php教程

php手册

Yaf中map路由下delimiter的问题，yafdelimiter

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 08:57 AM

DEmapyafDownofroutingquestion

Yaf中map路由下delimiter的问题，yafdelimiter

　　由于map路由下用户请求的url会按照"/"分级对应到controllers下的目录下的Controller上，action则默认为indexAction，所以想要实现/key1/param1/key2/param2这种形式进行传参，就要通过delimiter来讲url分割成req_uri和query_str两个部分。

　　在实践中，定义了delimiter（尽管并没有用到它的功能），这时，如果用户的请求（更多的是爬虫或扫站）无意中包含以下形式：/aaa/bbb[delimiter](xxx)?/key1/param1/key2/param2...，会造成程序崩溃。

　　将这个问题提给鸟哥后，鸟哥迅速给出了修复(18~19行)：

<span> 1</span> <span>if</span> (Z_TYPE_P(delimer) == <span>IS_STRING</span>
<span> 2</span>             &&<span> Z_STRLEN_P(delimer)) {
</span><span> 3</span>         <span>if</span> ((query_str = <span>strstr</span>(req_uri, Z_STRVAL_P(delimer))) != <span>NULL</span>
<span> 4</span>             && *(query_str - 1) == '/'<span>) {
</span><span> 5</span>             tmp  =<span> req_uri;
</span><span> 6</span>             rest = query_str +<span> Z_STRLEN_P(delimer);
</span><span> 7</span>             <span>if</span> (*rest == '\0'<span>) {
</span><span> 8</span>                 req_uri     = estrndup(req_uri, query_str -<span> req_uri);
</span><span> 9</span>                 query_str     = <span>NULL</span><span>;
</span><span>10</span> <span>                efree(tmp);
</span><span>11</span>             } <span>else</span> <span>if</span> (*rest == '/'<span>) {
</span><span>12</span>                 req_uri     = estrndup(req_uri, query_str -<span> req_uri);
</span><span>13</span>                 query_str   =<span> estrdup(rest);
</span><span>14</span> <span>                efree(tmp);
</span><span>15</span>             } <span>else</span><span> {
</span><span>16</span>                 query_str = <span>NULL</span><span>;
</span><span>17</span> <span>            }
</span><span>18</span>         } <span>else</span><span> {
</span><span>19</span>             query_str = <span>NULL</span><span>;
</span><span>20</span>         }

通过delimer获取了query_str后，判断delimer的前一个字符是"/"的情况，却没有判断不是的情况，导致不符合/aaa/bbb/[delimer]/key1/param1/...形式的urk被截断成req_uri和query_str去解析，所以程序出现了问题。

　　感谢鸟哥快速的答复！

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055612 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Nordhold: Fusion System, Explained

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software