ÖØÈ¼ÄãµÄPHP°²È«Ö®»ð
¶ÔÓڽű¾°²È«Õâ¸ö»°ÌâºÃÏñÓÀԶûÍêûÁË£¬Èç¹ûÄã¾³£µ½¹úÍâµÄ¸÷ÖÖ¸÷ÑùµÄbugtraqÉÏ£¬Äã»á·¢ÏÖÓÐÒ»°ëÒÔÉ϶¼ºÍ½Å±¾Ïà¹Ø£¬ÖîÈçSQL
injection£¬XSS£¬Path Disclosure£¬Remote commands
executionÕâÑùµÄ×ÖÑ۱ȱȽÔÊÇ£¬ÎÒÃÇ¿´ÁËÖ®ºóµÄÓÃ;ÄѵÀ½ö½öÊÇ×¥È⼦?¶ÔÓÚÎÒÃÇÏë×öweb°²È«µÄÈËÀ´Ëµ£¬×îºÃ¾ÍÊÇÄÃÀ´Ñ§Ï°£¬¿ÉÊÇÍòÎï×¥¸ùÔ´£¬ÎÒÃÇ
ÒªµÄ²»ÊÇÓã¶øÊÇÓæ¡£ÔÚ¹úÄÚ£¬¸÷ÖÖ¸÷ÑùµÄphp
³ÌÐò1.0°æ£¬2.0°æÏñÓêºó´ºËñÒ»ÑùµÄð³öÀ´£¬
¿ÉÊÇ£¬´ó¼Ò¹Ø×¢µÄ¶¼ÊÇÒ»Ð©ÖøÃûµÄcms£¬ÂÛ̳
£¬blog³ÌÐò£¬ºÜÉÙµÄÈËÔÚ¶ÔÄÇЩ²»³öÃûµÄ³ÌÐò×ö°²
È«¼ì²â£¬¶ÔÓÚÔ½À´Ô½¶àµÄphp³ÌÐòÔ±
ºÍÕ¾³¤À´Ëµ£¬³ýÁËÒÀ¿¿·þÎñÆ÷
µÄ±¤ÀÝÉèÖÃÍ⣬php³ÌÐò±¾ÉíµÄ°²È«¶àÉÙÄã×ܵö®
µã°É¡£
¡¡¡¡ÓÐÈË˵ÄãÃÇ×öphp°²È«Î޷ǾÍÊǸã¸ã×¢ÈëºÍ¿çվʲôʲôµÄ£¬´ó´íÌØ´í£¬Èç¹ûÕâÑùµÄ»°£¬Ò»¸ömagic_quotes_gpc»òÕß·þÎñÆ÷ÀïµÄһЩ°²È«Éè
ÖþÍÈÃÎÒÃÇȫû»î·ÁË£º(¡£ÎÒ½ñÌìҪ˵µÄ²»ÊÇ×¢È룬²»ÊÇ¿çÕ¾£¬¶øÊÇ´æÔÚÓÚphp³ÌÐòÖеÄһЩ°²È«Ï¸½ÚÎÊÌâ¡£OK!ÇÐÈëÕýÌâ¡£
¡¡¡¡×¢ÒâһЩº¯ÊýµÄ¹ýÂËÓÐЩº¯ÊýÔÚ³ÌÐòÖÐÊǾ³£Ê¹Óõģ¬Ïñ
include()£¬require()£¬fopen()£¬fwrite()£¬readfile()£¬unlink()£¬eval()ÒÔ¼°ËüÃǵıäÌ庯Êý
µÈµÈ¡£ÕâЩº¯Êý¶¼ºÜʵÓã¬ÊµÓò¢²»´ú±íÈÃÄã¶àÊ¡ÐÄ£¬Ä㻹µÃΪËüÃǶà·ÑµãÐÄ¡£ £º)
¡¡¡¡1.include()£¬require()ºÍ fopen()£¬include_once()£¬require_once()ÕâЩ¶¼¿ÉÒÔÔ¶³Ìµ÷ÓÃÎļþ
£¬¶ÔÓÚËüÃǵÄΣº¦£¬googleËÑÒ»ÏÂÄã¾Í»áºÜÃ÷
ÁË£¬¶ÔÓÚËù°üº¬µ÷ÓõıäÁ¿Ã»¹ýÂ˺㬾ͿÉÒÔÈÎÒâ°üº¬Îļþ´Ó¶øÈ¥Ö´ÐС£¾Ù¸öÀý×Ó£¬¿´print.php……
¡¡¡¡if (empty ($bn) ) { //¼ì²éÊDZäÁ¿$bnÊÇ·ñΪ¿Õinclude
("$cfg_dir/site_${site}.php"); //°Ñ$cfg_dirÕâ¸ö·¾¶ÀïµÄsite_${site}.php°üº¬½øÀ´……
¡¡¡¡²»¹Ü´æ²»´æÔÚ$cfg_dirĿ¼£¬$siteÕâ¸ö±äÁ¿Äã¿ÉÒÔºÜ×ÔÈ»µÄȥʹÓã¬ÒòΪËû¸ù±¾Ã»¼ì²é$site±äÁ¿°¡¡£¿ÉÒ԰ѱäÁ¿$siteÖ¸¶¨Ô¶³ÌÎļþ
È¥µ÷Óã¬Ò²¿ÉÒÔÊDZ¾µØµÄÒ»¸öÎļþ£¬ÄãËùÖ¸¶¨µÄÎļþÀïдÉÏphpµÄÓï¾ä£¬È»ºóËü¾ÍÈ¥°üº¬Ö´ÐÐÕâ¸öº¬ÓÐphpÓï¾äµÄÎļþÁË¡£¾ÍÏñÕâÑùÁгöÎļþĿ¼ÉõÖÁ¿ÉÒÔÀ©Õ¹
µ½°üº¬Ò»Ð©¹ÜÀíÔ±Îļþ£¬ÌáÉýȨÏÞ£¬µäÐ͵ÄÏñÒÔǰphpwind£¬bo-blogµÄ©¶´Ò»Ñù¡£³ýÁËÒÀ¿¿php.iniÀïµÄallow_url_fopenÉè
Ϊ off½ûÖ¹Ô¶³ÌʹÓÃÎļþºÍopen_base_dir½ûֹʹÓÃĿ¼ÒÔÍâµÄÎļþÍ⣬Ä㻹µÃÊÂÏÈÉùÃ÷ºÃÖ»Äܰüº¬ÄÄЩÎļþ£¬ÕâÀï¾Í²»¶à˵·Ï»°ÁË¡£
¡¡¡¡2.fopen()£¬file()£¬readfile()£¬openfile()£¬µÈÒ²ÊǸÃÌØ±ðÁ
Ïà¹ØÎĵµ£º
PHPµÄÒ»¸öÊý¾Ý¿â²Ù×÷Àà,ÒÔUTF8¸ñʽдÈë,Êý¾Ý¿âÄÚÖ±½ÓÏÔʾÕý³£ÖÐÎÄ,·ÀÖ¹²éѯ³ö´í
/**
* @author xggxnn
* ±¾ÀàÓÃÓÚʵÏÖÓйØÊý¾Ý¿âµÄ·ÃÎÊ
*
*/
class DBConnection {
private $host = "";
private $user = "";
private $pass = "";
private $DBname = "";
public $isConnected = false;
/**
* ¹¹Ôìº ......
header()º¯ÊýÓÃÀ´×ªÏò(redirect page)ʱ£¬Èç¹ûµ÷ÓÃǰÓÐÊä³ö£¬±ÈÈçecho»òhtml±êÇ©£¬¾Í»áתÏòʧ°Ü¡£
Èç¹ûµ÷ÓÃǰÓпÕÐÐÒ²»áתÏòʧ°Ü¡£
»¹ÓÐÒ»¸öÔÒò£¬¾ÍÊÇ×¢ÒâÄãµÄphpÎļþµÄ×Ö·û±àÂë¡£ÎÒÓöµ½µÄÇé¿öÊÇ£¬µ±×Ö·û±àÂëΪUTF-8ʱ£¬×ªÏòʧ°Ü£¬¸ÄΪANSIʱ³É¹¦¡£¾ßÌåÔÒò²»Ã÷£¬½ö¹©²Î¿¼¡£ ......
¿´µ½Í¬Ñ§ÃÇÓв»ÉÙÔÚÓÃphp¿ª·¢ÏîÄ¿µÄ£¬»òÐíÏÂÃæµÄ×ÊÁ϶Դó¼ÒÓÐÓðɣ¬ÓÃÀ´Ñ§Ï°Ò»ÏÂÒ²ºÃ¡£
ÊÕ¼¯µÄ×ÊÁÏÏà¹ØµØÖ·£º
cubi demo site£ºhttp://dev.openbiz.cn/cubi/user/login
openBiz app cubi£ºhttp://docs.google.com/View?id=df5ktjv9_64f9fd88gf
openbiz architecture overview:
http: ......
GyPSiiÀûÓÃXML-RPC£¬PHPÀïXML-RPCµÄÏà¹ØÓ¦ÓÃʾÀýºÜ¶à£¬²é²éÊֲᡢGOOGLEһϾͿÉÒÔÕÒµ½ºÜ¶à¡£GyPSii APIÀïÌṩÁËÒ»¸ö²Ù×÷ÀàÓÃÀ´ÇëÇó·þÎñ£¬²¢ÌṩÁËÒ»¸öÇëÇóº¯Êý£¬Ö»Òª½«´Ëº¯Êý·Å½ø²Ù×÷ÀàÀ¾Í¿ÉÒÔ·½±ãµÄʹÓÃÁË£¬º¯ÊýÈçÏ£º
function GyPSiiXMLRPC( $uri, $host, $pid, $body="" ) {
$this->addHeader( 'Content-T ......
PHPÔÚÔËÐеÄʱºò£¬Ö±½Ókillµô£¬ÓпÏÄÜÔì³ÉÊý¾ÝµÄ¶ªÊ§¡£ÐÒºÃphpÄ£¿é£¬ÓÐÕë¶ÔsignalµÄ´¦Àí¡£
´¦Àí·½Ê½£¬Ê×Ïȼì²éÓÐûÓа²×° PCNTL Ä£¿é
È»ºó¿ÉÒÔÔÚÒ»¸ö°üº¬ÎļþÖУ¬Ìí¼ÓÒÔÏ´úÂë
global $exitFlag;
$exitFlag = false;
// Ôö¼ÓlinuxÐźÅÁ¿´¦Àí
if (DIRECTORY_SEPARATOR != '\\') {
pcntl_signal(SI ......