提交

chengkun

2025-05-23 0d8e263c22903234efea68fd13a27d8b7b59aac1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
<?php
 
function quotesGPC() {
    
    if(version_compare(PHP_VERSION,'5.4.0','<')) {
        ini_set('magic_quotes_runtime',0);
        define('MAGIC_QUOTES_GPC',get_magic_quotes_gpc()? true : false);
    }else{
        define('MAGIC_QUOTES_GPC',false);
    }
 
 
    if(!MAGIC_QUOTES_GPC){
        $_POST        =    array_map("addSlash", $_POST);
        $_GET        =    array_map("addSlash", $_GET);
        $_COOKIE    =    array_map("addSlash", $_COOKIE);
    }
}
function addSlash($el) {
    if (is_array($el))
        return array_map("addSlash", $el);
    else
        return addslashes($el);
}
function gpc2sql($str,$str2) {
 
    $arr=array("sleep"=>"Ｓleep"," and "=>" an d "," or "=>" Ｏr ","xor"=>"xＯr","%20"=>" ","select"=>"Ｓelect","update"=>"Ｕpdate","count"=>"Ｃount","chr"=>"Ｃhr","truncate"=>"Ｔruncate","union"=>"Ｕnion","delete"=>"Ｄelete","insert"=>"Ｉnsert","load_file"=>"Ｌoad_file","outfile"=>"Ｏutfile","\""=>"“","'"=>"“","--"=>"- -","\("=>"（","\)"=>"）","00000000"=>"OOOOOOOO","0x"=>"Ox");
 
    foreach($arr as $key=>$v){
        $str = preg_replace('/'.$key.'/isU',$v,$str);
    }
    return $str;
}
function safeid($v){
    if(strstr($v,",")){
        $arr=explode(',',$v);
        foreach($arr as $val){
            $value[]=(int)$val;
        }
        $v=implode(',',$value);
    }elseif(is_array($v)){
        foreach($v as $val){
            $value[]=(int)$val;
        }
        $v=$value;
    }else{
        $v=intval($v);    
    }
    return $v;
}
function safesql($StrFiltKey,$StrFiltValue,$type){
    $getfilter = "\\<.+javascript:window\\[.{1}\\\\x|<.*=(&#\\d+?;?)+?>|<.*(data|src)=data:text\\/html.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\\(\d+?|sleep\s*?\(.*\)|load_file\s*?\\()|<[a-z]+?\\b[^>]*?\\bon([a-z]{4,})\s*?=|^\\+\\/v(8|9)|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\/\\*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    $postfilter = "<.*=(&#\\d+?;?)+?>|<.*data=data:text\\/html.*>|<.*svg.*>|\\b(alert\\(|confirm\\(|expression\\(|prompt\\(|benchmark\s*?\\(\d+?|sleep\s*?\(.*\)|load_file\s*?\\()|<[^>]*?\\b(onerror|onmousemove|onload|onclick|onmouseover)\\b|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\/\\*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    $cookiefilter = "benchmark\s*?\\(\d+?|sleep\s*?\(.*\)|load_file\s*?\\(|\\b(and|or)\\b\\s*?([\\(\\)'\"\\d]+?=[\\(\\)'\"\\d]+?|[\\(\\)'\"a-zA-Z]+?=[\\(\\)'\"a-zA-Z]+?|>|<|\s+?[\\w]+?\\s+?\\bin\\b\\s*?\(|\\blike\\b\\s+?[\"'])|\\/\\*.+?\\*\\/|\\/\\*\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT(\\(.+\\)|\\s+?.+?)|UPDATE(\\(.+\\)|\\s+?.+?)SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE)(\\(.+\\)|\\s+?.+?\\s+?)FROM(\\(.+\\)|\\s+?.+?)|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    if($type=="GET"){
        $ArrFiltReq = $getfilter;
    }elseif($type=="POST"){        
        $ArrFiltReq = $postfilter;        
    }elseif($type=="COOKIE"){
        $ArrFiltReq = $cookiefilter;
    }
    if(is_array($StrFiltValue)){
        foreach($StrFiltValue as $key=>$value){
            safesql($key,$value,$type);
        }
    }else{
        if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
            exit(safe_pape());
        }
    }
    if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){
        exit(safe_pape());
    }
}
function common_htmlspecialchars($key,$str,$str2,$config){    
 
    if(is_array($str)){
        
        foreach($str as $str_k=>$str_v){
            $str[$str_k] = common_htmlspecialchars($str_k,$str_v,$str2,$config);
 
        }
    }else{
        $str = preg_replace('/([\x00-\x08\x0b-\x0c\x0e-\x19])/', '', $str);
        
        if(!in_array((string)$key,array('content','config','group_power','description','body','job_desc','eligible','other','code','intro','doc','traffic','media','packages','booth','participate','expinfo','eduinfo','skillinfo','projectinfo'))){
            
            $str = strip_tags($str);
            
            $str = gpc2sql($str,$str2);
            
        }else{
            
            $str = RemoveXSS(urldecode($str));
                
            
        }
    }
    return $str;
}
function RemoveXSS($val) {
    $val = preg_replace('/([\x00-\x08\x0b-\x0c\x0e-\x19])/', '', $val);
    
    $search = 'abcdefghijklmnopqrstuvwxyz';
    $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $search .= '1234567890!@#$%^&*()';   
    $search .= '~`";:?+/={}[]-_|\'\\';   
    for ($i = 0; $i < strlen($search); $i++) {   
        $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;   
        $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;   
    }
    
    $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'base');   
    $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
    $ra = array_merge($ra1, $ra2);   
    
    $found = true; 
    while ($found == true) {   
        $val_before = $val;   
        for ($i = 0; $i < sizeof($ra); $i++) {   
            $pattern = '/';   
            for ($j = 0; $j < strlen($ra[$i]); $j++) {
                if ($j > 0) {   
                    $pattern .= '(';
                    $pattern .= '(&#[xX]0{0,8}([9ab]);)';   
                    $pattern .= '|';
                    $pattern .= '|(&#0{0,8}([9|10|13]);)';   
                    $pattern .= ')*';
                }   
                $pattern .= $ra[$i][$j];   
            }   
            $pattern .= '/i';    
            $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);
            $val = preg_replace($pattern, $replacement, $val);
            if ($val_before == $val) {    
                $found = false;    
            }
        }    
    }
    $val = preg_replace('/ on/isU'," Ｏn",$val);
    return $val;    
}  
function sfkeyword($v,$config){    
    if($config['sy_fkeyword']){        
        $fkey = @explode(",",$config['sy_fkeyword']);        
        $safe_keyword = $config['sy_fkeyword_all'];        
        return str_replace($fkey, $safe_keyword, $v);
    }
    return $v;
}
 
quotesGPC();
 
if(!empty($config['sy_useragent'])){
    $userAgent = explode("\n",$config['sy_useragent']);
    
    foreach($userAgent as $key => $value){
        if(stripos($_SERVER['HTTP_USER_AGENT'],trim($value))!==false){
        
            safe_pape('网站升级中，暂停访问....');
        }
    }
}
 
 
if(!empty($_POST)){
    
  
    
    if(empty($config['sy_safekey']) || $_SESSION['xsstooken'] != sha1($config['sy_safekey']))
    {
        // 前台
        foreach($_POST  as $id=>$v){
 
            if(!in_array($id,array('preview','wt_cert','owner_cert','other_cert','base','base_wt_cert','base_owner_cert','base_other_cert','uimage','safekey','notify_data','token','deviceToken','xcxCode','rsaSign','sign','fund_bill_list','buyer_logon_id','openid','unionid','code'))){
                $str = html_entity_decode($v,ENT_QUOTES);
                
                $v = common_htmlspecialchars($id,$v,$str,$config);
                safesql($id,$v,"POST",$config);
                $id = sfkeyword($id,$config);
                $v = sfkeyword($v,$config);
            }else{
                
                $v = strip_tags($v);
            }
            if(trim($id)){
              $_POST[$id] = $v;
            }
        }
    }else{
        // 后台
        $arr=array("sleep"=>"Ｓleep"," and "=>" an d "," or "=>" Ｏr ","xor"=>"xＯr","%20"=>" ","select"=>"Ｓelect","update"=>"Ｕpdate","count"=>"Ｃount","chr"=>"Ｃhr","truncate"=>"Ｔruncate","union"=>"Ｕnion","delete"=>"Ｄelete","insert"=>"Ｉnsert","--"=>"- -","\("=>"（","\)"=>"）","00000000"=>"OOOOOOOO","0x"=>"Ox","\*"=>"＊");
        
        foreach($_POST  as $id=>$v){
            if (preg_match('/^[_0-9a-z]{1,30}$/i',$id)){
                foreach($arr as $arrkey=>$arrv){
                    if(!in_array($id,array('preview','wt_cert','owner_cert','other_cert','uimage','content','config','group_power','description','body','job_desc','eligible','other','code','intro','doc','traffic','media','packages','booth','participate','expinfo','eduinfo','skillinfo','projectinfo','sy_publicKey','sy_privateKey','verify_token','wx_qy_secret','header','body','footer','sy_alipayprivatekey','sy_alipaypublickey','preview_man','preview_woman', 'sy_weburl','wx_welcom'))){
                        $v = preg_replace('/'.$arrkey.'/isU',$arrv,$v);
                        
                    }
                }
                $_POST[$id] = $v;
            }else{
                unset($_POST[$id]);
            }
        }
 
    }
    
}
 
foreach($_COOKIE  as $id=>$v){    
    $str = html_entity_decode($v,ENT_QUOTES);
    if(!in_array($id,array('wxid','unionid'))){
        $v = common_htmlspecialchars($id,$v,$str,$config);
    }
    safesql($id,$v,"COOKIE",$config);
    $id  =  sfkeyword($id,$config);
    $v   =  sfkeyword($v,$config);
    $v   =  mb_substr(strip_tags($v),0,200,'utf8');
    $_COOKIE[$id]=$v;
}
 
 
$serverArray = array('HTTP_REFERER','HTTP_HOST','REQUEST_URI');
 
foreach($serverArray as $v){
    $_SERVER[$v] = common_htmlspecialchars($v,$_SERVER[$v],$_SERVER[$v],$config);
}
 
function safe_pape($msg = '您提交的数据存在安全隐患，已被禁止！'){
    
   
    echo $msg;
    exit();
}
?>