PHP tempname()º¯ÊýÈƹýsafe_mode°²È«ÏÞÖÆ©¶´
BUGTRAQ ID: 36555
CVE ID: CVE-2009-3557
PHPÊǹ㷺ʹÓõÄͨÓÃÄ¿µÄ½Å±¾ÓïÑÔ£¬ÌرðÊʺÏÓÚWeb¿ª·¢£¬¿ÉǶÈëµ½HTMLÖС£
PHPµÄtempnam()ÖеĴíÎó¿ÉÄÜÔÊÐíÈƹýsafe_modeÏÞÖÆ¡£ÒÔÏÂÊÇext/standard/file.cÖеÄÓЩ¶´´úÂë¶Î£º
PHP_FUNCTION(tempnam)
{
char *dir, *prefix;
int dir_len, prefix_len;
size_t p_len;
char *opened_path;
char *p;
int fd;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "ss", &dir, &dir_len,
&prefix, &prefix_len) == FAILURE) {
return;
}
if (php_check_open_basedir(dir TSRMLS_CC)) { [1]
RETURN_FALSE;
}
php_basename(prefix, prefix_len, NULL, 0, &p, &p_len TSRMLS_CC);
if (p_len > 64) {
p[63] = '\0';mud pump
}
if ((fd = php_open_temporary_fd(dir, p, &opened_path TSRMLS_CC)) >= 0) {
close(fd);
RETVAL_STRING(opened_path, 0);
}
efree(p);
}
ÔÚ[1]´¦tempnam()º¯Êý½ö¼ì²éÁËopen_basedirÖµ¡£
<*²Î¿¼
http://securityreason.com/securityalert/6601
http://secunia.com/advisories/37412/
*>
SEBUG°²È«½¨Òé:
³§É̲¹¶¡£º
PHP
---
Ä¿Ç°³§ÉÌÒѾ·¢²¼ÁËÉý¼¶²¹¶¡ÒÔÐÞ¸´Õâ¸ö°²È«ÎÊÌ⣬Çëµ½³§É̵ÄÖ÷Ò³ÏÂÔØ£º
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/standard/file.c?view=log
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_3/ext/standard/file.c?view=log
ÖýÂÁ¼þ ĥúÅç·Û»ú ·ç»úÒ¶ÂÖ Öýͼþ
Ïà¹ØÎĵµ£º
cookieĬÈϲ»ÄÜ´æÊý×飬ËùÒÔÏÂÃæµÄд·¨ÊÇ´íÎóµÄ¡£
<?php
$arr = array(1,2,3);
setcookie('a',$arr);
$arr = array(1,2,3);
setcookie('a',$arr);
?>
±¨´íÈçÏ£º
Warning: setcookie() expects parameter 2 to be string, array given in
µ«ÊÇPHP¿ÉÒÔ°ÑͬÃûÇÒºóÃæÒÔ[]½áβµÄcookie½âÎöΪÊý×é¡£ÔÚ ......
SQLite Tutorial in PHP
SQLite is an SQL database manager used locally or on a website, and compatible
in particularly with PHP.
Summary
Installing SQLite and creating a database
.
Installing SQLite. Verifying the installation by creating a base.
Creating and using a SQLite tabl ......
javaµÄд·¨
/**
*
* @param location
* @param nameList±£´æ½á¹ûµÄ£¡
*/
public void listDict(String location, List<String> nameList) {
File fileList = new File(location);
if (fileList.isDirectory()) {
File[] files = fileList.listFiles();
for (File f : files) {
i ......
1.Èç¹ûÒ»¸ö·½·¨¿É¾²Ì¬»¯£¬¾Í¶ÔËü×ö¾²Ì¬ÉùÃ÷¡£ËÙÂÊ¿ÉÌáÉýÖÁ4±¶¡£
2.echo ±È print ¿ì¡£
3.ʹÓÃechoµÄ¶àÖزÎÊý£¨Òë×¢£ºÖ¸ÓöººÅ¶ø²»ÊǾäµã£©´úÌæ×Ö·û´®Á¬½Ó¡£
4.ÔÚÖ´ÐÐforÑ»·Ö®Ç°È·¶¨×î´óÑ»·Êý£¬²»ÒªÃ¿Ñ»·Ò»´Î¶¼¼ÆËã×î´óÖµ¡£
5.×¢ÏúÄÇЩ²»ÓõıäÁ¿ÓÈÆäÊÇ´óÊý×飬ÒÔ±ãÊÍ·ÅÄÚ´æ¡£
6.¾¡Á¿±ÜÃâʹÓÃ__get£¬__se ......
ÍøÉϹØÓÚÕâÀàµÄÌû×ÓÕæµÄºÜ¶à£¬µ«ÊÇÎÒÊÔÁ˺ܶ࣬ÀýÈç°Ñphp plus for eclipse ÏÂÔØÏÂÀ´£¬½âѹºó·Åµ½EclipseµÄpluginÀïÃ棬µ«ÊDz»ÖªµÀΪʲô£¬¶¼²»¹ÜÓá£
ÎÒ´ÓÍøÉÏÕÒµ½ÁËÒ»ÖֱȽϼòµ¥µÄ·½·¨£ºÄǾÍÊÇÓÉEclipse×Ô¼ºÀ´¸üÐÂ×Ô¼ºµÄ×é¼þ£¬ÕâÑùµÄ·½·¨Ê¡È¥Á˺ܶàµÄÅäÖ㬿ÉÒÔÖ±½ÓÄ ......
