Ask for security issues with three lines of code
$js = Explode (', ', $_get[' JS ');
foreach ($js as $file) {
Echo file_get_contents ('./public/js/'. $file. JS '). " n ";
}
Copy code attacker has no way to read PHP files on the server
[ ]
I'll answer that.
d8888d Huitie Content-------------------------------------------------------
$js = $_get[' js '];
$js = Explode (', ', $js);
$error = null;
!is_array ($JS) && $error +=1;
$STR = null;
foreach ($js as $file) {
Eregi (' [[:p UNCT:]] ', $file) && $error +=1;
$files = "./public/js/{$file}.js";
if (Is_file ($files))
$str. = file_get_contents ($files). " n ";
}
if ($error!==null)
Exit (' Error ');
Echo $str;
?>
Copy code []
d8888d Huitie Content-------------------------------------------------------
Thanks to Ann.
I don't care what the wrong way to deal with, want to know is the hacker can not bypass the suffix. js restrict access to PHP files
No one else uses it except the hacker.
Error add a error_reporting (0);
I just read this article.
[url=http://www.111cn.cn/html/18/t-3418.html] link marker Http://www.111cn.cn/html/18/t-3418.html[/url]
d8888d Huitie Content-------------------------------------------------------
Habit must develop well. Process Control good.
for maintenance.
d8888d Huitie Content-------------------------------------------------------
nn amount,
Do you think it's easy to bypass the restrictions
d8888d Huitie Content-------------------------------------------------------
Look at your code.
Read the file and also loop to read it. It doesn't feel like what the program needs for this structure.
d8888d Huitie Content-------------------------------------------------------
Not bad
d8888d Huitie Content-------------------------------------------------------
My code is JS loading, put all JS into a file, reduce the number of request
Like what
You need to load jquery,fckeditor pages that don't need Thnikbox js=jquery,fckeditor
The code is simple, and the efficiency should be the same as loading a file directly
d8888d Huitie Content-------------------------------------------------------
A page with more than JS are only script once
d8888d Huitie Content-------------------------------------------------------
Do not include files that come up with $_get
PHP is a file that can contain remote files.
http://www.bkjia.com/PHPjc/632563.html www.bkjia.com true http://www.bkjia.com/PHPjc/632563.html techarticle ask for security issues with three lines of code $JS = Explode (', ', ' $_get[' js '), foreach ($js as $file) {echo file_get_contents ('./public/js/'. $file. JS '). " n "; Copy code attacker has no method ...