#1 skyzong
检测出网站有严重漏洞,但是不知道是哪里,请大神帮忙测试一下?? 网站地址: [url]www.shtan.org[/url]2015-03-10 15:01:22
2015-03-10 15:01:22
2015-03-11 08:19:46
2015-03-11 10:34:17
function s(){
$tag = $this->spArgs("tag");
$rep=array("," , "." , "(" , ")" , "|" , "," , "。" , "<" , ">" , "?"); //非法字符过滤
$tag=str_replace($rep," ",$tag); //用空格替换非法字符
$tag=trim($tag);
$tag=preg_replace('/\s(?=\s)/', '', $tag); //去掉重复的空格
$tag = urldecode(mb_convert_encoding($tag,'utf-8','gb2312'));
$articleObj = spClass("lib_file");
$sql .= 'title like '.$articleObj->escape('%'.$tag.'%');
$this->rs = $articleObj ->spLinker()->spPager($this->spArgs('p', 1), 20)->findAll($sql,'id desc');
$this->pager = $articleObj ->spPager()->getPager();
}
2015-03-11 11:59:30
2015-03-25 11:58:19