Safe Alert request error step solution

Source: Internet
Author: User

Dedecms is very powerful, but there are always some things that cannot meet our own needs. Therefore, we need to use the <Dede: php> flag when designing the template to write the program, it is also inevitable to query, update, and modify the database. However, the system prompts you safe Alert request error Step 1 or safe Alert request error Step 2 after the program is compiled. The main cause is that dedecms 5.6 enables the Security Detection Function to avoid SQL injection and improve system stability and security! We can implement these functions without disabling security detection!

For example, the following code:
{Dede: PhP runphp = 'yes '}
$ Tag = trim ($ _ server ['query _ string']);
$ Tags = explode ('/', $ tag );
If (isset ($ tags [1])
{
$ Tag = urldecode ($ tags [1]);
}
If (isset ($ tags [2])
{
$ Pageno = intval ($ tags [2]);
}
If (empty ($ pageno) $ pageno = 1;
$ Pageno = ($ PageNo-1 );
$ SQL _tag = "select * From 'dede _ archives 'Where 'id' in (select 'aid' from 'dede _ taglist' where 'tag' like '$ tag ') and 'litpic '<> ''order by click DESC limit $ pageno, 8 ";
If (! Isset ($ dsql) |! Is_object ($ dsql )){
$ Dsql = new dedesql (false );}
$ Dsql-> setquery ($ SQL _tag );
$ Dsql-> execute ();
@ Me = ""
While ($ ROW = $ dsql-> getarray ()){
$ Me = $ me. " ";
}
{/Dede: PhP}
In theory, this section of code is used to query image articles corresponding to a TGA tag, and it can be used to flip pages! (This is just an example !)
However, the message "Safe alert: Request error Step 2" is displayed during actual execution ";
After research, we found that dedecms performs security detection when executing the code written by itself to prevent injection. Database statements such as "select union"
There are two ways to solve this problem:
The first method:
Find the dedesql. Class. php file in the include folder, open the file, and find $ this-> safecheck = true;
Change "true" to "false" to block security detection. Of course, there are certain security risks.
Method 2: unblocking Security Detection
Dedecms is not sensitive to selecet and other statements, so I don't need to use select statements for queries. I created a select substitution, such as using chaxun instead of select, so that the preceding query statement can be written:
$ SQL _tag = "chaxun * From 'dede _ archives 'where 'id' in (chaxun 'aid 'from 'dede _ taglist' where 'tag' like' $ tag ') and 'litpic '<> ''order by click DESC limit $ pageno, 8 ";
You may have to ask, how can this problem be executed normally! Yes, this is definitely not acceptable. We need to modify dedesql. Class. php.
The principle is to correct the previously replaced "select" alias "chaxun" to "select" after security detection.
Find the function checksql ($ db_string, $ querytype = 'select') in dedesql. Class. php ')
Returns the Statement of the function.
Return $ db_string;
Replace
Return str_replace ("dede_database_chaxun", "select", $ db_string );
Then, the checksql () function is called in two places.
If ($ this-> safecheck) checksql ($ this-> querystring, 'update ');
The other is if ($ this-> safecheck)
{
Checksql ($ this-> querystring );
}
Modify the two parts
If ($ this-> safecheck) $ this-> querystring = checksql ($ this-> querystring, 'update ');
And if ($ this-> safecheck)
{
$ This-> querystring = checksql ($ this-> querystring );
}
Okay, you're done! If you want to use Union, update, and other statements, you can modify them accordingly!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.