ホームページ >バックエンド開発 >PHPチュートリアル >PHP程序漏洞产生的原因和防范方法_PHP
...
$includepage=$_GET["includepage"];
include($includepage);
...
$pagelist=array("test1.php","test2.php","test3.php"); //这里规定可进行include的文件
if(isset($_GET["includepage"])) //判断是否有$includepage
{
$includepage=$_GET["includepage"];
foreach($pagelist as $prepage)
{
if($includepage==$prepage) //检查文件是否在允许列表中
{
include($prepage);
$checkfind=true;
break;
}
}
if($checkfind==true){ unset($checkfind); }
else{ die("无效引用页!"); }
}
$id=$_GET["id"];
$query="SELECT * FROM my_table where id='".$id."'"; //很经典的SQL注入漏洞
$result=mysql_query($query);
$text1=$_POST["text1"];
$text2=$_POST["text2"];
$text3=$_POST["text3"];
$fd=fopen("test.php","a");
fwrite($fd,"\r\n$text1&line;$text2&line;$text3");
fclose($fd);
//构造过滤函数
function flt_tags($text)
{
$badwords=array("操你妈","fuck"); //词汇过滤列表
$text=rtrim($text);
foreach($badwords as $badword) //这里进行词汇的过滤
{
if(stristr($text,$badword)==true){ die("错误:你提交的内容含有敏感字眼,请不要提交敏感内容。"); }
}
$text=htmlspecialchars($text); //HTML替换
//这两行把回车替换为
$text=str_replace("\r"," ",$text);
$text=str_replace("\n","",$text);
$text=str_replace("&line;","│",$text); //文本数据库分隔符"&line;"替换为全角的"│"
$text=preg_replace("/\s{ 2 }/"," ",$text); //空格替换
$text=preg_replace("/\t/"," ",$text); //还是空格替换
if(get_magic_quotes_gpc()){ $text=stripslashes($text); } //如果magic_quotes开启,则进行\'的替换
return $text;
}
$text1=$_POST["text1"];
$text2=$_POST["text2"];
$text3=$_POST["text3"];
//过滤全部输入
$text1=flt_tags($text1);
$text2=flt_tags($text2);
$text3=flt_tags($text3);
$fd=fopen("test.php","a");
fwrite($fd,"\r\n$text1&line;$text2&line;$text3");
fclose($fd);
$cookiesign="admincookiesign"; //判断是否Admin的cookie变量
$adminsign=$_COOKIE["sign"]; //获取用户的cookie变量
if($adminsign==$cookiesign)
{
$admin=true;
}
if($admin){ echo "现在是管理员状态。"; }
$cookiesign="admincookiesign"; //判断是否Admin的cookie变量
$adminsign=$_COOKIE["sign"]; //获取用户的cookie变量
if($adminsign==$cookiesign)
{
$admin=true;
}
else
{
$admin=false;
}
if($admin){ echo "现在是管理员状态。"; }
$cookiesign="admincookiesign"; //判断是否Admin的cookie变量
$adminsign=$_COOKIE["sign"]; //获取用户的cookie变量
if($adminsign==$cookiesign)
{
define(admin,true);
}
else
{
define(admin,false);
}
if(admin){ echo "现在是管理员状态。"; }
Notice: Use of undefined constant test - assumed 'test' in D:\interpub\bigfly\test.php on line 3
string set_error_handler ( callback error_handler [, int error_types])
//admin为管理员的身份判定,true为管理员。
//自定义的错误处理函数一定要有这4个输入变量$errno,$errstr,$errfile,$errline,否则无效。
function my_error_handler($errno,$errstr,$errfile,$errline)
{
//如果不是管理员就过滤实际路径
if(!admin)
{
$errfile=str_replace(getcwd(),"",$errfile);
$errstr=str_replace(getcwd(),"",$errstr);
}
switch($errno)
{
case E_ERROR:
echo "ERROR: [ID $errno] $errstr (Line: $errline of $errfile)
\n";
echo "程序已经停止运行,请联系管理员。";
//遇到Error级错误时退出脚本
exit;
break;
case E_WARNING:
echo "WARNING: [ID $errno] $errstr (Line: $errline of $errfile)
\n";
break;
default:
//不显示Notice级的错误
break;
}
}
//把错误处理设置为my_error_handler函数
set_error_handler("my_error_handler");
…
...
$text1=flt_tags($text1);
$text2=flt_tags($text2);
$text3=flt_tags($text3);
$fd=fopen("data.php","a");
fwrite($fd,"\r\n$text1&line;$text2&line;$text3");
fclose($fd);
...
$_SESSION["allowgbookpost"]=time(); //登记填写时的时间
if(strtoupper($_SERVER["REQUEST_METHOD"])!=”POST”){ die("错误:请勿在外部提交。"); } //检查页面获得方法是否为POST
if(!isset($_SESSION["allowgbookpost"]) or (time()-$_SESSION["allowgbookpost"] if(isset($_SESSION["gbookposttime"]) and (time()-$_SESSION["gbookposttime"]
unset($_SESSION["allowgbookpost"]); //注销allowgbookpost变量以防止一次进入填写页面多次进行提交
$_SESSION["gbookposttime"]=time(); //登记发送留言的时间,防止灌水或恶意攻击
...
数据处理及保存
...