[phpBB Debug] PHP Warning: in file [ROOT]/includes/crs/crs_misc_functions.php on line 37: mime_content_type(): Empty filename or path
[phpBB Debug] PHP Warning: in file [ROOT]/includes/crs/crs_misc_functions.php on line 37: mime_content_type(): Empty filename or path
Zen Cart 源代码 init_sanitize.php
立即注册PayPal并开始接受信用卡付款。
分享到:

Zen Cart 源代码 init_sanitize.php




下载文件

文件名: init_sanitize.php
文件类型: PHP文件
文件大小: 5.32 KiB
MD5: 40b50c4e058413cb2b8d58a3a8497417

init_sanitize.php - 关闭高亮
  1. <?php
  2. /**
  3.  * sanitize the GET parameters
  4.  * see {@link  http://www.zen-cart.com/wiki/index.php/Developers_API_Tutorials#InitSystem wikitutorials} for more details.
  5.  *
  6.  * @package initSystem
  7.  * @copyright Copyright 2003-2012 Zen Cart Development Team
  8.  * @copyright Portions Copyright 2003 osCommerce
  9.  * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
  10.  * @version GIT: $Id: Author: DrByte  Thu Aug 2 11:55:32 2012 -0400 Modified in v1.5.1 $
  11.  * @todo move the array process to security class
  12.  */
  13.  
  14.   if (!defined('IS_ADMIN_FLAG')) {
  15.     die('Illegal Access');
  16.   }
  17.   $csrfBlackListLocal = array();
  18.   $csrfBlackList = (isset($csrfBlackListCustom)) ? array_merge($csrfBlackListLocal, $csrfBlackListCustom) : $csrfBlackListLocal;
  19.   if (! isset ( $_SESSION ['securityToken'] ))
  20.   {
  21.     $_SESSION ['securityToken'] = md5 ( uniqid ( rand (), true ) );
  22.   }
  23.   if ((isset ( $_GET ['action'] ) || isset($_POST['action']) ) && $_SERVER['REQUEST_METHOD'] == 'POST')
  24.   {
  25.     $mainPage = isset($_GET['main_page']) ? $_GET['main_page'] : FILENAME_DEFAULT;
  26.     if (!in_array($mainPage, $csrfBlackList))
  27.     {
  28.       if ((! isset ( $_SESSION ['securityToken'] ) || ! isset ( $_POST ['securityToken'] )) || ($_SESSION ['securityToken'] !== $_POST ['securityToken']))
  29.       {
  30.         zen_redirect ( zen_href_link ( FILENAME_TIME_OUT, '', $request_type ) );
  31.       }
  32.     }
  33.   }
  34.   if (isset($_GET['typefilter'])) $_GET['typefilter'] = preg_replace('/[^0-9a-zA-Z_-]/', '', $_GET['typefilter']);
  35.   if (isset($_GET['products_id'])) $_GET['products_id'] = preg_replace('/[^0-9a-f:]/', '', $_GET['products_id']);
  36.   if (isset($_GET['manufacturers_id'])) $_GET['manufacturers_id'] = preg_replace('/[^0-9]/', '', $_GET['manufacturers_id']);
  37.   if (isset($_GET['categories_id'])) $_GET['categories_id'] = preg_replace('/[^0-9]/', '', $_GET['categories_id']);
  38.   if (isset($_GET['cPath'])) $_GET['cPath'] = preg_replace('/[^0-9_]/', '', $_GET['cPath']);
  39.   if (isset($_GET['main_page'])) $_GET['main_page'] = preg_replace('/[^0-9a-zA-Z_]/', '', $_GET['main_page']);
  40.   if (isset($_GET['sort'])) $_GET['sort'] = preg_replace('/[^0-9a-zA-Z]/', '', $_GET['sort']);
  41. /**
  42.  * process all $_GET terms
  43.  */
  44.   $strictReplace = '[<>\']';
  45.  $unStrictReplace = '[<>]';
  46.  if (isset($_GET) && count($_GET) > 0) {
  47.    foreach($_GET as $key=>$value){
  48.      if(is_array($value)){
  49.        foreach($value as $key2 => $val2){
  50.          if ($key2 == 'keyword') {
  51.            $_GET[$key][$key2] = preg_replace('/'.$unStrictReplace.'/', '', $val2);
  52.          } else {
  53.            $_GET[$key][$key2] = preg_replace('/'.$strictReplace.'/', '', $val2);
  54.          }
  55.          unset($GLOBALS[$key]);
  56.        }
  57.      } else {
  58.        if ($key == 'keyword') {
  59.          $_GET[$key] = preg_replace('/'.$unStrictReplace.'/', '', $value);
  60.        } else {
  61.          $_GET[$key] = preg_replace('/'.$strictReplace.'/', '', $value);
  62.        }
  63.        unset($GLOBALS[$key]);
  64.      }
  65.    }
  66.  }
  67. /**
  68. * process all $_POST terms
  69. * @todo move the array process to security class
  70. */
  71.  if (isset($_POST) && count($_POST) > 0) {
  72.    foreach($_POST as $key=>$value){
  73.      if(is_array($value)){
  74.        foreach($value as $key2 => $val2){
  75.          unset($GLOBALS[$key]);
  76.        }
  77.      } else {
  78.        unset($GLOBALS[$key]);
  79.      }
  80.    }
  81.  }
  82. /**
  83. * process all $_COOKIE terms
  84. */
  85.  if (isset($_COOKIE) && count($_COOKIE) > 0) {
  86.    foreach($_COOKIE as $key=>$value){
  87.      if(is_array($value)){
  88.        foreach($value as $key2 => $val2){
  89.          unset($GLOBALS[$key]);
  90.        }
  91.      } else {
  92.        unset($GLOBALS[$key]);
  93.      }
  94.    }
  95.  }
  96. /**
  97. * process all $_SESSION terms
  98. */
  99.  if (isset($_SESSION) && count($_SESSION) > 0) {
  100.    foreach($_SESSION as $key=>$value){
  101.      if(is_array($value)){
  102.        foreach($value as $key2 => $val2){
  103.          unset($GLOBALS[$key]);
  104.        }
  105.      } else {
  106.        unset($GLOBALS[$key]);
  107.      }
  108.    }
  109.  }
  110. /**
  111. * sanitize $_SERVER vars
  112. */
  113.  $_SERVER['REMOTE_ADDR'] = preg_replace('/[^0-9.%]/', '', $_SERVER['REMOTE_ADDR']);
  114.  
  115.  
  116. /**
  117. * validate products_id for search engines and bookmarks, etc.
  118. */
  119.  if (isset($_GET['products_id']) && isset($_SESSION['check_valid']) &&  $_SESSION['check_valid'] != 'false') {
  120.    $check_valid = zen_products_id_valid($_GET['products_id']);
  121.    if (!$check_valid) {
  122.      $_GET['main_page'] = zen_get_info_page($_GET['products_id']);
  123.      /**
  124.       * do not recheck redirect
  125.       */
  126.      $_SESSION['check_valid'] = 'false';
  127.      zen_redirect(zen_href_link($_GET['main_page'], 'products_id=' . $_GET['products_id']));
  128.    }
  129.  } else {
  130.    $_SESSION['check_valid'] = 'true';
  131.  }
  132. /**
  133. * We do some checks here to ensure $_GET['main_page'] has a sane value
  134. */
  135.  if (!isset($_GET['main_page']) || !zen_not_null($_GET['main_page'])) $_GET['main_page'] = 'index';
  136.  
  137.  if (!is_dir(DIR_WS_MODULES .  'pages/' . $_GET['main_page'])) {
  138.    if (MISSING_PAGE_CHECK == 'On' || MISSING_PAGE_CHECK == 'true') {
  139.      $_GET['main_page'] = 'index';
  140.    } elseif (MISSING_PAGE_CHECK == 'Page Not Found') {
  141.      header('HTTP/1.1 404 Not Found');
  142.      $_GET['main_page'] = FILENAME_PAGE_NOT_FOUND;
  143.    }
  144.  }
  145.  $current_page = $_GET['main_page'];
  146.  $current_page_base = $current_page;
  147.  $code_page_directory = DIR_WS_MODULES . 'pages/' . $current_page_base;
  148.  $page_directory = $code_page_directory;
  149.  


  • News News
  • Site map Site map
  • SitemapIndex SitemapIndex
  • RSS Feed RSS Feed
  • Channel list Channel list
版权所有 © Zen Cart 中文论坛 - 网站维护