phpº¯Êýget_magic_quotes_gpcÏê½â
set_magic_quotes_runtimeÊÇÓÃÀ´ÉèÖÃPHP »·¾³ÅäÖõıäÁ¿ magic_quotes_runtime Öµ¡£
0-¹Ø±Õ 1-´ò¿ª
³ÌÐòÖмì²â״̬ÓÃget_magic_quotes_runtime,·µ»Ø 0 ±íʾ¹Ø±Õ±¾¹¦ÄÜ£»·µ»Ø 1 ±íʾ±¾¹¦ÄÜ´ò¿ª¡£Èô
magic_quotes_runtime ´ò¿ªÊ±£¬ËùÓÐÍⲿÒýÈëµÄÊý¾Ý¿â×ÊÁÏ»òÕßÎļþµÈµÈ¶¼»á×Ô¶¯×ªÎªº¬Óз´Ð±ÏßÒç³ö×Ö·ûµÄ×ÊÁÏ¡£
±¾
º¯ÊýÈ¡µÃ PHP »·¾³ÅäÖõıäÁ¿ magic_quotes_gpc (GPC, Get/Post/Cookie) Öµ¡£·µ»Ø 0
±íʾ¹Ø±Õ±¾¹¦ÄÜ£»·µ»Ø 1 ±íʾ±¾¹¦ÄÜ´ò¿ª¡£µ± magic_quotes_gpc ´ò¿ªÊ±£¬ËùÓÐµÄ ' (µ¥ÒýºÅ), " (Ë«ÒýºÅ), \
(·´Ð±Ïß) and ¿Õ×Ö·û»á×Ô¶¯¼ÓÉÏתÒå·û\;
ĬÈÏÇé¿öÏ£¬PHP Ö¸Áîmagic_quotes_gpcΪ on
£¬ËüÖ÷ÒªÊǶÔËùÓÐµÄ GET¡¢POST ºÍ COOKIE (¼´G P C)Êý¾Ý×Ô¶¯ÔËÐÐ addslashes()
¡£²»Òª¶ÔÒѾ±»
magic_quotes_gpc
תÒå¹ýµÄ×Ö·û´®Ê¹Óà addslashes()
£¬ÒòΪÕâÑù»áµ¼ÖÂË«²ãתÒå¡£Óöµ½ÕâÖÖÇé¿öʱ¿ÉÒÔʹÓú¯Êý
get_
magic_quotes_gpc()
½øÐмì²â¡£
ÆäʵÕâ¸öº¯Êý¾ÍÊÇÅжÏÓÐPHPÓÐûÓÐ×Ô¶¯µ÷ÓÃaddslashes
Õâ¸öº¯Êý,
ÏÂÃæÊÇÀý×Ó,ÆäʵҲÊÇ´ÓÊÖ²áÉÏŪÏÂÀ´µÄ,´«¹ýÀ´¾ÍΪ×Ô¼º¿´×Å·½±ã,ÒòΪ×Ô¼º¼ÇÐÔ²»ºÃ..
<
html
>
<!--ÒÔPOST·½Ê½´«¹ýÈ¥Ò»¸ö´øÓе¥ÒýºÅµÄ×Ö·û´® -->
<
body
>
<
form
action
="first.php"
method
="post"
>
<
input
type
="text"
name
="lastname"
value
="Simao'pig"
>
<
input
type
="submit"
value
="Ìá½»"
>
</
form
>
</
body
>
</
html
>
<?php
echo
get_magic_quotes_gpc
(); &nb
Ïà¹ØÎĵµ£º
cookieĬÈϲ»ÄÜ´æÊý×飬ËùÒÔÏÂÃæµÄд·¨ÊÇ´íÎóµÄ¡£
<?php
$arr = array(1,2,3);
setcookie('a',$arr);
$arr = array(1,2,3);
setcookie('a',$arr);
?>
±¨´íÈçÏ£º
Warning: setcookie() expects parameter 2 to be string, array given in
µ«ÊÇPHP¿ÉÒÔ°ÑͬÃûÇÒºóÃæÒÔ[]½áβµÄcookie½âÎöΪÊý×é¡£ÔÚ ......
strtotimeº¯ÊýÊÇÒ»¸öºÜºÃµÄº¯Êý,Áé»îµÄÔËÓÃËü,»á¸øÄãµÄ¹¤×÷´øÀ´²»ÉÙ·½±ã.µ«PHPµÄÊÖ²áÖÐÈ´¶Ô´Ëº¯ÊýµÄ²ÎÊýû×÷Ì«¶à½éÉÜ,¶ÔЩº¯ÊýµÄÆäËû½éÉÜÒ²·Ç³£ÉÙ¡£
ÏÈ¿´ÊÖ²á½éÉÜ£º
strtotime — ½«ÈκÎÓ¢ÎÄÎı¾µÄÈÕÆÚʱ¼äÃèÊö½âÎöΪ Unix ʱ¼ä´Á
¸ñʽ£ºint strtotime ( string $time [, int $now ] )
¡¡¡¡±¾º¯ÊýÔ¤ÆÚ½ÓÊÜÒ ......
Ò»Ö±¶¼ÒÔΪÔÚPHPÖУ¬' ºÍ"ÊÇûÓÐÇø±ðµÄ£¬½ñÌì¿´ÁËÖÐÔ´óѧËïÖÙÔÀÀÏʦµÄÊÓƵ½Ì³Ì£¬²Å·¢ÏÖ£¬ÕâÁ½ÕßÓ÷¨ÊÇÓÐÇø±ðµÄ£¬¾Ù¸ö¼òµ¥µÄÀý×Ó£º
1.php
<?$str='±ù¶³Óã';
echo '$str µÄ²©¿ÍµØÖ·ÊÇhttp://www.webxuexi.net' ;//×¢ÒâÕâÀïÊǵ¥ÒýºÅŶ
?>
2.php
<?
$str='±ù¶³Óã';
echo ......
BUGTRAQ ID: 36555
CVE ID: CVE-2009-3557
PHPÊǹ㷺ʹÓõÄͨÓÃÄ¿µÄ½Å±¾ÓïÑÔ£¬ÌرðÊʺÏÓÚWeb¿ª·¢£¬¿ÉǶÈëµ½HTMLÖС£
PHPµÄtempnam()ÖеĴíÎó¿ÉÄÜÔÊÐíÈƹýsafe_modeÏÞÖÆ¡£ÒÔÏÂÊÇext/standard/file.cÖеÄÓЩ¶´´úÂë¶Î£º
PHP_FUNCTION(tempnam)
{
char *dir, *prefix;
int dir_len, prefix_len;
size_t p_len;
char ......
<?php
#--Config--#
$login_password= '123456'; //ÕâÊÇÃÜÂë
#----------#
error_reporting(E_ALL);
set_time_limit(0);
ini_set("max_execution_time","0");
ini_set("memory_limit","9999M");
set_magic_quotes_runtime(0);
if(!isset($_SERVER))$_SERVER = &$HTTP_SERVER_VARS;
if(!isset($_POST))$_PO ......
