chip.phar check ".\\" -o "emlog.html" -r html
2019-08-24 18:16:57 ~ 2019-08-24 18:16:59
扫描PHP文件128个,发现182处隐患。
文件名 | 总数 | 严重 | 高危 | 警告 | 信息 |
---|---|---|---|---|---|
.\admin\admin_log.php | 3 | 0 | 3 | 0 | 0 |
.\admin\attachment.php | 2 | 0 | 2 | 0 | 0 |
.\admin\blogger.php | 3 | 0 | 3 | 0 | 0 |
.\admin\comment.php | 9 | 0 | 9 | 0 | 0 |
.\admin\configure.php | 3 | 0 | 3 | 0 | 0 |
.\admin\data.php | 3 | 0 | 3 | 0 | 0 |
.\admin\index.php | 3 | 0 | 3 | 0 | 0 |
.\admin\link.php | 6 | 0 | 6 | 0 | 0 |
.\admin\navbar.php | 6 | 0 | 6 | 0 | 0 |
.\admin\page.php | 9 | 0 | 9 | 0 | 0 |
.\admin\plugin.php | 8 | 0 | 8 | 0 | 0 |
.\admin\seo.php | 3 | 0 | 3 | 0 | 0 |
.\admin\sort.php | 6 | 0 | 6 | 0 | 0 |
.\admin\store.php | 9 | 0 | 9 | 0 | 0 |
.\admin\style.php | 3 | 0 | 3 | 0 | 0 |
.\admin\tag.php | 6 | 0 | 6 | 0 | 0 |
.\admin\template.php | 12 | 0 | 12 | 0 | 0 |
.\admin\twitter.php | 3 | 0 | 3 | 0 | 0 |
.\admin\user.php | 6 | 0 | 6 | 0 | 0 |
.\admin\widgets.php | 3 | 0 | 3 | 0 | 0 |
.\admin\write_log.php | 6 | 0 | 6 | 0 | 0 |
.\content\templates\default\echo_log.php | 2 | 0 | 2 | 0 | 0 |
.\content\templates\default\header.php | 1 | 0 | 1 | 0 | 0 |
.\content\templates\default\log_list.php | 2 | 0 | 2 | 0 | 0 |
.\content\templates\default\page.php | 2 | 0 | 2 | 0 | 0 |
.\content\templates\default\side.php | 2 | 0 | 2 | 0 | 0 |
.\content\templates\default\t.php | 2 | 0 | 2 | 0 | 0 |
.\include\controller\author_controller.php | 2 | 0 | 2 | 0 | 0 |
.\include\controller\log_controller.php | 5 | 0 | 5 | 0 | 0 |
.\include\controller\record_controller.php | 2 | 0 | 2 | 0 | 0 |
.\include\controller\search_controller.php | 2 | 0 | 2 | 0 | 0 |
.\include\controller\sort_controller.php | 2 | 0 | 2 | 0 | 0 |
.\include\controller\tag_controller.php | 2 | 0 | 2 | 0 | 0 |
.\include\lib\cache.php | 4 | 0 | 4 | 0 | 0 |
.\include\lib\dispatcher.php | 2 | 0 | 1 | 1 | 0 |
.\include\lib\function.base.php | 6 | 0 | 6 | 0 | 0 |
.\include\lib\loginauth.php | 1 | 0 | 1 | 0 | 0 |
.\include\model\plugin_model.php | 2 | 0 | 2 | 0 | 0 |
.\init.php | 1 | 0 | 1 | 0 | 0 |
.\m\index.php | 24 | 0 | 24 | 0 | 0 |
.\t\index.php | 2 | 0 | 2 | 0 | 0 |
.\xmlrpc.php | 2 | 0 | 2 | 0 | 0 |
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码70: foreach ($_GET as $key=>$val) {
71: $subPage .= $key != 'page' ? "&$key=$val" : '';
72: }
73: $pageurl = pagination($logNum, Option::get('admin_perpage_num'), $page, "admin_log.php?{$subPage}&page=");
74:
75: include View::getView('header');
76: require_once View::getView('admin_log');
77: include View::getView('footer');View::output();
78:}
79:
80://操作文章
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码71: $subPage .= $key != 'page' ? "&$key=$val" : '';
72: }
73: $pageurl = pagination($logNum, Option::get('admin_perpage_num'), $page, "admin_log.php?{$subPage}&page=");
74:
75: include View::getView('header');
76: require_once View::getView('admin_log');
77: include View::getView('footer');View::output();
78:}
79:
80://操作文章
81:if ($action == 'operate_log') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码72: }
73: $pageurl = pagination($logNum, Option::get('admin_perpage_num'), $page, "admin_log.php?{$subPage}&page=");
74:
75: include View::getView('header');
76: require_once View::getView('admin_log');
77: include View::getView('footer');View::output();
78:}
79:
80://操作文章
81:if ($action == 'operate_log') {
82: $operate = isset($_REQUEST['operate']) ? $_REQUEST['operate'] : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码26: foreach (Option::getAttType() as $val) {
27: $att_type_str .= " $val";
28: $att_type_for_muti .= '*.'.$val.';';
29: }
30: $view_tpl = $multi ? 'upload_multi' : 'upload';
31: require_once(View::getView($view_tpl));
32: View::output();
33:}
34:
35://上传附件
36:if ($action == 'upload') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码113: $attach[$row['aid']]['thum_width'] = $thum['width'];
114: $attach[$row['aid']]['thum_height'] = $thum['height'];
115: }
116: }
117: $attachnum = count($attach);
118: include View::getView('attlib');
119: View::output();
120:}
121:
122://删除附件
123:if ($action == 'del_attach') {
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码17: $icon = "<img src=\"{$photo}\" width=\"{$imgsize['w']}\" height=\"{$imgsize['h']}\" style=\"border:1px solid #CCCCCC;padding:1px;\" />
18: <br /><a href=\"javascript: em_confirm(0, 'avatar', '$token');\">删除头像</a>";
19: } else {
20: $icon = '<img src="./views/images/avatar.jpg" />';
21: }
22: include View::getView('header');
23: require_once(View::getView('blogger'));
24: include View::getView('footer');
25: View::output();
26:}
27:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码18: <br /><a href=\"javascript: em_confirm(0, 'avatar', '$token');\">删除头像</a>";
19: } else {
20: $icon = '<img src="./views/images/avatar.jpg" />';
21: }
22: include View::getView('header');
23: require_once(View::getView('blogger'));
24: include View::getView('footer');
25: View::output();
26:}
27:
28:if ($action == 'update') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码19: } else {
20: $icon = '<img src="./views/images/avatar.jpg" />';
21: }
22: include View::getView('header');
23: require_once(View::getView('blogger'));
24: include View::getView('footer');
25: View::output();
26:}
27:
28:if ($action == 'update') {
29: LoginAuth::checkToken();
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码20: $comment = $Comment_Model->getComments(1, $blogId, $hide, $page);
21: $cmnum = $Comment_Model->getCommentNum($blogId, $hide);
22: $hideCommNum = $Comment_Model->getCommentNum($blogId, 'y');
23: $pageurl = pagination($cmnum, Option::get('admin_perpage_num'), $page, "comment.php?{$addUrl}page=");
24:
25: include View::getView('header');
26: require_once(View::getView('comment'));
27: include View::getView('footer');
28: View::output();
29:}
30:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码21: $cmnum = $Comment_Model->getCommentNum($blogId, $hide);
22: $hideCommNum = $Comment_Model->getCommentNum($blogId, 'y');
23: $pageurl = pagination($cmnum, Option::get('admin_perpage_num'), $page, "comment.php?{$addUrl}page=");
24:
25: include View::getView('header');
26: require_once(View::getView('comment'));
27: include View::getView('footer');
28: View::output();
29:}
30:
31:if ($action== 'del') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码22: $hideCommNum = $Comment_Model->getCommentNum($blogId, 'y');
23: $pageurl = pagination($cmnum, Option::get('admin_perpage_num'), $page, "comment.php?{$addUrl}page=");
24:
25: include View::getView('header');
26: require_once(View::getView('comment'));
27: include View::getView('footer');
28: View::output();
29:}
30:
31:if ($action== 'del') {
32: $id = isset($_GET['id']) ? intval($_GET['id']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码88: emDirect("./comment.php?active_show=1");
89: }
90:}
91:
92:if ($action== 'reply_comment') {
93: include View::getView('header');
94: $commentId = isset($_GET['cid']) ? intval($_GET['cid']) : '';
95: $commentArray = $Comment_Model->getOneComment($commentId);
96: extract($commentArray);
97:
98: require_once(View::getView('comment_reply'));
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码93: include View::getView('header');
94: $commentId = isset($_GET['cid']) ? intval($_GET['cid']) : '';
95: $commentArray = $Comment_Model->getOneComment($commentId);
96: extract($commentArray);
97:
98: require_once(View::getView('comment_reply'));
99: include View::getView('footer');
100: View::output();
101:}
102:
103:if ($action== 'edit_comment') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码94: $commentId = isset($_GET['cid']) ? intval($_GET['cid']) : '';
95: $commentArray = $Comment_Model->getOneComment($commentId);
96: extract($commentArray);
97:
98: require_once(View::getView('comment_reply'));
99: include View::getView('footer');
100: View::output();
101:}
102:
103:if ($action== 'edit_comment') {
104: $commentId = isset($_GET['cid']) ? intval($_GET['cid']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码106: if (!$commentArray) {
107: emMsg('不存在该评论!', './comment.php');
108: }
109: extract($commentArray);
110:
111: include View::getView('header');
112: require_once(View::getView('comment_edit'));
113: include View::getView('footer');
114: View::output();
115:}
116:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码107: emMsg('不存在该评论!', './comment.php');
108: }
109: extract($commentArray);
110:
111: include View::getView('header');
112: require_once(View::getView('comment_edit'));
113: include View::getView('footer');
114: View::output();
115:}
116:
117:if ($action=='doreply') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码108: }
109: extract($commentArray);
110:
111: include View::getView('header');
112: require_once(View::getView('comment_edit'));
113: include View::getView('footer');
114: View::output();
115:}
116:
117:if ($action=='doreply') {
118: $reply = isset($_POST['reply']) ? trim(addslashes($_POST['reply'])) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码37: $ex3 = 'selected="selected"';
38: } else {
39: $ex4 = 'selected="selected"';
40: }
41:
42: include View::getView('header');
43: require_once(View::getView('configure'));
44: include View::getView('footer');
45: View::output();
46:}
47:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码38: } else {
39: $ex4 = 'selected="selected"';
40: }
41:
42: include View::getView('header');
43: require_once(View::getView('configure'));
44: include View::getView('footer');
45: View::output();
46:}
47:
48:if ($action == 'mod_config') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码39: $ex4 = 'selected="selected"';
40: }
41:
42: include View::getView('header');
43: require_once(View::getView('configure'));
44: include View::getView('footer');
45: View::output();
46:}
47:
48:if ($action == 'mod_config') {
49: LoginAuth::checkToken();
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码11: $bakfiles = $retval ? $retval : array();
12: $timezone = Option::get('timezone');
13: $tables = array('attachment', 'blog', 'comment', 'options', 'navi', 'reply', 'sort', 'link','tag','twitter','user');
14: doAction('data_prebakup');
15:
16: include View::getView('header');
17: require_once(View::getView('data'));
18: include View::getView('footer');
19: View::output();
20:}
21:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码12: $timezone = Option::get('timezone');
13: $tables = array('attachment', 'blog', 'comment', 'options', 'navi', 'reply', 'sort', 'link','tag','twitter','user');
14: doAction('data_prebakup');
15:
16: include View::getView('header');
17: require_once(View::getView('data'));
18: include View::getView('footer');
19: View::output();
20:}
21:
22:if ($action == 'bakstart') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码13: $tables = array('attachment', 'blog', 'comment', 'options', 'navi', 'reply', 'sort', 'link','tag','twitter','user');
14: doAction('data_prebakup');
15:
16: include View::getView('header');
17: require_once(View::getView('data'));
18: include View::getView('footer');
19: View::output();
20:}
21:
22:if ($action == 'bakstart') {
23: LoginAuth::checkToken();
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码26: }
27: } else{
28: $gd_ver = '不支持';
29: }
30:
31: include View::getView('header');
32: require_once(View::getView('index'));
33: include View::getView('footer');
34: View::output();
35:}
36:if ($action == 'update' && ROLE == ROLE_ADMIN) {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码27: } else{
28: $gd_ver = '不支持';
29: }
30:
31: include View::getView('header');
32: require_once(View::getView('index'));
33: include View::getView('footer');
34: View::output();
35:}
36:if ($action == 'update' && ROLE == ROLE_ADMIN) {
37: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码28: $gd_ver = '不支持';
29: }
30:
31: include View::getView('header');
32: require_once(View::getView('index'));
33: include View::getView('footer');
34: View::output();
35:}
36:if ($action == 'update' && ROLE == ROLE_ADMIN) {
37: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
38: $upsql = isset($_GET['upsql']) ? trim($_GET['upsql']) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码8:
9:$Link_Model = new Link_Model();
10:
11:if ($action == '') {
12: $links = $Link_Model->getLinks();
13: include View::getView('header');
14: require_once(View::getView('links'));
15: include View::getView('footer');
16: View::output();
17:}
18:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9:$Link_Model = new Link_Model();
10:
11:if ($action == '') {
12: $links = $Link_Model->getLinks();
13: include View::getView('header');
14: require_once(View::getView('links'));
15: include View::getView('footer');
16: View::output();
17:}
18:
19:if ($action== 'link_taxis') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码10:
11:if ($action == '') {
12: $links = $Link_Model->getLinks();
13: include View::getView('header');
14: require_once(View::getView('links'));
15: include View::getView('footer');
16: View::output();
17:}
18:
19:if ($action== 'link_taxis') {
20: $link = isset($_POST['link']) ? $_POST['link'] : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码52: $linkId = isset($_GET['linkid']) ? intval($_GET['linkid']) : '';
53:
54: $linkData = $Link_Model->getOneLink($linkId);
55: extract($linkData);
56:
57: include View::getView('header');
58: require_once(View::getView('linkedit'));
59: include View::getView('footer');View::output();
60:}
61:
62:if ($action=='update_link') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码53:
54: $linkData = $Link_Model->getOneLink($linkId);
55: extract($linkData);
56:
57: include View::getView('header');
58: require_once(View::getView('linkedit'));
59: include View::getView('footer');View::output();
60:}
61:
62:if ($action=='update_link') {
63: $sitename = isset($_POST['sitename']) ? addslashes(trim($_POST['sitename'])) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码54: $linkData = $Link_Model->getOneLink($linkId);
55: extract($linkData);
56:
57: include View::getView('header');
58: require_once(View::getView('linkedit'));
59: include View::getView('footer');View::output();
60:}
61:
62:if ($action=='update_link') {
63: $sitename = isset($_POST['sitename']) ? addslashes(trim($_POST['sitename'])) : '';
64: $siteurl = isset($_POST['siteurl']) ? addslashes(trim($_POST['siteurl'])) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码13:
14: $navis = $Navi_Model->getNavis();
15: $sorts = $CACHE->readCache('sort');
16: $pages = $emPage->getAllPageList();
17:
18: include View::getView('header');
19: require_once(View::getView('navbar'));
20: include View::getView('footer');
21: View::output();
22:}
23:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码14: $navis = $Navi_Model->getNavis();
15: $sorts = $CACHE->readCache('sort');
16: $pages = $emPage->getAllPageList();
17:
18: include View::getView('header');
19: require_once(View::getView('navbar'));
20: include View::getView('footer');
21: View::output();
22:}
23:
24:if ($action== 'taxis') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码15: $sorts = $CACHE->readCache('sort');
16: $pages = $emPage->getAllPageList();
17:
18: include View::getView('header');
19: require_once(View::getView('navbar'));
20: include View::getView('footer');
21: View::output();
22:}
23:
24:if ($action== 'taxis') {
25: $navi = isset($_POST['navi']) ? $_POST['navi'] : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码102: }
103:
104: $conf_newtab = $newtab == 'y' ? 'checked="checked"' : '';
105: $conf_isdefault = $type != Navi_Model::navitype_custom ? 'disabled="disabled"' : '';
106:
107: include View::getView('header');
108: require_once(View::getView('naviedit'));
109: include View::getView('footer');View::output();
110:}
111:
112:if ($action=='update') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码103:
104: $conf_newtab = $newtab == 'y' ? 'checked="checked"' : '';
105: $conf_isdefault = $type != Navi_Model::navitype_custom ? 'disabled="disabled"' : '';
106:
107: include View::getView('header');
108: require_once(View::getView('naviedit'));
109: include View::getView('footer');View::output();
110:}
111:
112:if ($action=='update') {
113: $naviname = isset($_POST['naviname']) ? addslashes(trim($_POST['naviname'])) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码104: $conf_newtab = $newtab == 'y' ? 'checked="checked"' : '';
105: $conf_isdefault = $type != Navi_Model::navitype_custom ? 'disabled="disabled"' : '';
106:
107: include View::getView('header');
108: require_once(View::getView('naviedit'));
109: include View::getView('footer');View::output();
110:}
111:
112:if ($action=='update') {
113: $naviname = isset($_POST['naviname']) ? addslashes(trim($_POST['naviname'])) : '';
114: $url = isset($_POST['url']) ? addslashes(trim($_POST['url'])) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码15: $pages = $emPage->getLogsForAdmin('', '', $page, 'page');
16: $pageNum = $emPage->getLogNum('','','page', 1);
17:
18: $pageurl = pagination($pageNum, Option::get('admin_perpage_num'), $page, "./page.php?page=");
19:
20: include View::getView('header');
21: require_once(View::getView('admin_page'));
22: include View::getView('footer');
23: View::output();
24:}
25://显示新建页面表单
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码16: $pageNum = $emPage->getLogNum('','','page', 1);
17:
18: $pageurl = pagination($pageNum, Option::get('admin_perpage_num'), $page, "./page.php?page=");
19:
20: include View::getView('header');
21: require_once(View::getView('admin_page'));
22: include View::getView('footer');
23: View::output();
24:}
25://显示新建页面表单
26:if ($action == 'new') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码17:
18: $pageurl = pagination($pageNum, Option::get('admin_perpage_num'), $page, "./page.php?page=");
19:
20: include View::getView('header');
21: require_once(View::getView('admin_page'));
22: include View::getView('footer');
23: View::output();
24:}
25://显示新建页面表单
26:if ($action == 'new') {
27: include View::getView('header');
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码22: include View::getView('footer');
23: View::output();
24:}
25://显示新建页面表单
26:if ($action == 'new') {
27: include View::getView('header');
28: require_once(View::getView('add_page'));
29: include View::getView('footer');
30: View::output();
31:}
32://显示编辑页面表单
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码23: View::output();
24:}
25://显示新建页面表单
26:if ($action == 'new') {
27: include View::getView('header');
28: require_once(View::getView('add_page'));
29: include View::getView('footer');
30: View::output();
31:}
32://显示编辑页面表单
33:if ($action == 'mod') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码24:}
25://显示新建页面表单
26:if ($action == 'new') {
27: include View::getView('header');
28: require_once(View::getView('add_page'));
29: include View::getView('footer');
30: View::output();
31:}
32://显示编辑页面表单
33:if ($action == 'mod') {
34: $emPage = new Log_Model();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码41: $blank = isset($navibar[$pageId]['is_blank']) ? $navibar[$pageId]['is_blank'] : '' ;
42:
43: $is_allow_remark = $allow_remark == 'y' ? 'checked="checked"' : '';
44: $is_blank = $blank == '_blank' ? 'checked="checked"' : '';
45:
46: include View::getView('header');
47: require_once(View::getView('edit_page'));
48: include View::getView('footer');
49: View::output();
50:}
51://保存页面
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码42:
43: $is_allow_remark = $allow_remark == 'y' ? 'checked="checked"' : '';
44: $is_blank = $blank == '_blank' ? 'checked="checked"' : '';
45:
46: include View::getView('header');
47: require_once(View::getView('edit_page'));
48: include View::getView('footer');
49: View::output();
50:}
51://保存页面
52:if ($action == 'add' || $action == 'edit' || $action == 'autosave') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码43: $is_allow_remark = $allow_remark == 'y' ? 'checked="checked"' : '';
44: $is_blank = $blank == '_blank' ? 'checked="checked"' : '';
45:
46: include View::getView('header');
47: require_once(View::getView('edit_page'));
48: include View::getView('footer');
49: View::output();
50:}
51://保存页面
52:if ($action == 'add' || $action == 'edit' || $action == 'autosave') {
53: $emPage = new Log_Model();
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码10:
11:if ($action == '' && !$plugin) {
12: $Plugin_Model = new Plugin_Model();
13: $plugins = $Plugin_Model->getPlugins();
14:
15: include View::getView('header');
16: require_once(View::getView('plugin'));
17: include View::getView('footer');
18: View::output();
19:}
20:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码11:if ($action == '' && !$plugin) {
12: $Plugin_Model = new Plugin_Model();
13: $plugins = $Plugin_Model->getPlugins();
14:
15: include View::getView('header');
16: require_once(View::getView('plugin'));
17: include View::getView('footer');
18: View::output();
19:}
20:
21://激活
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码12: $Plugin_Model = new Plugin_Model();
13: $plugins = $Plugin_Model->getPlugins();
14:
15: include View::getView('header');
16: require_once(View::getView('plugin'));
17: include View::getView('footer');
18: View::output();
19:}
20:
21://激活
22:if ($action == 'active') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码39: emDirect("./plugin.php?inactive=1");
40:}
41:
42://加载插件配置页面
43:if ($action == '' && $plugin) {
44: include View::getView('header');
45: require_once "../content/plugins/{$plugin}/{$plugin}_setting.php";
46: plugin_setting_view();
47: include View::getView('footer');
48:}
49:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码42://加载插件配置页面
43:if ($action == '' && $plugin) {
44: include View::getView('header');
45: require_once "../content/plugins/{$plugin}/{$plugin}_setting.php";
46: plugin_setting_view();
47: include View::getView('footer');
48:}
49:
50://保存插件设置
51:if ($action == 'setting') {
52: if (!empty($_POST)) {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码61: }
62:}
63:
64://安装插件
65:if ($action == 'install') {
66: include View::getView('header');
67: require_once View::getView('plugin_install');
68: include View::getView('footer');
69: View::output();
70:}
71:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码62:}
63:
64://安装插件
65:if ($action == 'install') {
66: include View::getView('header');
67: require_once View::getView('plugin_install');
68: include View::getView('footer');
69: View::output();
70:}
71:
72://删除插件
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码63:
64://安装插件
65:if ($action == 'install') {
66: include View::getView('header');
67: require_once View::getView('plugin_install');
68: include View::getView('footer');
69: View::output();
70:}
71:
72://删除插件
73:if ($action == 'del') {
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码19: $$t = 'selected="selected"';
20:
21: $isalias = $isalias == 'y' ? 'checked="checked"' : '';
22: $isalias_html = $isalias_html == 'y' ? 'checked="checked"' : '';
23:
24: include View::getView('header');
25: require_once(View::getView('seo'));
26: include View::getView('footer');
27: View::output();
28:}
29:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码20:
21: $isalias = $isalias == 'y' ? 'checked="checked"' : '';
22: $isalias_html = $isalias_html == 'y' ? 'checked="checked"' : '';
23:
24: include View::getView('header');
25: require_once(View::getView('seo'));
26: include View::getView('footer');
27: View::output();
28:}
29:
30:if ($action == 'update') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码21: $isalias = $isalias == 'y' ? 'checked="checked"' : '';
22: $isalias_html = $isalias_html == 'y' ? 'checked="checked"' : '';
23:
24: include View::getView('header');
25: require_once(View::getView('seo'));
26: include View::getView('footer');
27: View::output();
28:}
29:
30:if ($action == 'update') {
31: LoginAuth::checkToken();
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码8:
9:$Sort_Model = new Sort_Model();
10:$sorts = $CACHE->readCache('sort');
11:
12:if ($action == '') {
13: include View::getView('header');
14: require_once View::getView('sort');
15: include View::getView('footer');
16: View::output();
17:}
18:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9:$Sort_Model = new Sort_Model();
10:$sorts = $CACHE->readCache('sort');
11:
12:if ($action == '') {
13: include View::getView('header');
14: require_once View::getView('sort');
15: include View::getView('footer');
16: View::output();
17:}
18:
19:if ($action == 'taxis') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码10:$sorts = $CACHE->readCache('sort');
11:
12:if ($action == '') {
13: include View::getView('header');
14: require_once View::getView('sort');
15: include View::getView('footer');
16: View::output();
17:}
18:
19:if ($action == 'taxis') {
20: $sort = isset($_POST['sort']) ? $_POST['sort'] : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码71: $sid = isset($_GET['sid']) ? intval($_GET['sid']) : '';
72:
73: $sortData = $Sort_Model->getOneSortById($sid);
74: extract($sortData);
75:
76: include View::getView('header');
77: require_once(View::getView('sortedit'));
78: include View::getView('footer');
79: View::output();
80:}
81:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码72:
73: $sortData = $Sort_Model->getOneSortById($sid);
74: extract($sortData);
75:
76: include View::getView('header');
77: require_once(View::getView('sortedit'));
78: include View::getView('footer');
79: View::output();
80:}
81:
82:if ($action == 'update') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码73: $sortData = $Sort_Model->getOneSortById($sid);
74: extract($sortData);
75:
76: include View::getView('header');
77: require_once(View::getView('sortedit'));
78: include View::getView('footer');
79: View::output();
80:}
81:
82:if ($action == 'update') {
83: $sid = isset($_POST['sid']) ? intval($_POST['sid']) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码6:
7:require_once 'globals.php';
8:
9:if ($action == '') {
10: $site_url_encode = rawurlencode(base64_encode(BLOG_URL));
11: include View::getView('header');
12: require_once(View::getView('store'));
13: include View::getView('footer');
14: View::output();
15:}
16:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码7:require_once 'globals.php';
8:
9:if ($action == '') {
10: $site_url_encode = rawurlencode(base64_encode(BLOG_URL));
11: include View::getView('header');
12: require_once(View::getView('store'));
13: include View::getView('footer');
14: View::output();
15:}
16:
17:if ($action == 'instpl') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码8:
9:if ($action == '') {
10: $site_url_encode = rawurlencode(base64_encode(BLOG_URL));
11: include View::getView('header');
12: require_once(View::getView('store'));
13: include View::getView('footer');
14: View::output();
15:}
16:
17:if ($action == 'instpl') {
18: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码17:if ($action == 'instpl') {
18: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
19: $source_type = 'tpl';
20: $source_typename = '模板';
21: $source_typeurl = '<a href="template.php">查看模板</a>';
22: include View::getView('header');
23: require_once(View::getView('store_install'));
24: include View::getView('footer');
25:}
26:
27:if ($action == 'insplu') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码18: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
19: $source_type = 'tpl';
20: $source_typename = '模板';
21: $source_typeurl = '<a href="template.php">查看模板</a>';
22: include View::getView('header');
23: require_once(View::getView('store_install'));
24: include View::getView('footer');
25:}
26:
27:if ($action == 'insplu') {
28: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码19: $source_type = 'tpl';
20: $source_typename = '模板';
21: $source_typeurl = '<a href="template.php">查看模板</a>';
22: include View::getView('header');
23: require_once(View::getView('store_install'));
24: include View::getView('footer');
25:}
26:
27:if ($action == 'insplu') {
28: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
29: $source_type = 'plu';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码27:if ($action == 'insplu') {
28: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
29: $source_type = 'plu';
30: $source_typename = '插件';
31: $source_typeurl = '<a href="plugin.php">查看插件</a>';
32: include View::getView('header');
33: require_once(View::getView('store_install'));
34: include View::getView('footer');
35:}
36:
37:if ($action == 'addon') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码28: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
29: $source_type = 'plu';
30: $source_typename = '插件';
31: $source_typeurl = '<a href="plugin.php">查看插件</a>';
32: include View::getView('header');
33: require_once(View::getView('store_install'));
34: include View::getView('footer');
35:}
36:
37:if ($action == 'addon') {
38: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码29: $source_type = 'plu';
30: $source_typename = '插件';
31: $source_typeurl = '<a href="plugin.php">查看插件</a>';
32: include View::getView('header');
33: require_once(View::getView('store_install'));
34: include View::getView('footer');
35:}
36:
37:if ($action == 'addon') {
38: $source = isset($_GET['source']) ? trim($_GET['source']) : '';
39: $source_type = isset($_GET['type']) ? trim($_GET['type']) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码32: }
33: }
34: closedir($handle);
35: $stylenums = count($styles);
36:
37: include View::getView('header');
38: require_once(View::getView('style'));
39: include View::getView('footer');
40: View::output();
41:}
42:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码33: }
34: closedir($handle);
35: $stylenums = count($styles);
36:
37: include View::getView('header');
38: require_once(View::getView('style'));
39: include View::getView('footer');
40: View::output();
41:}
42:
43://update
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码34: closedir($handle);
35: $stylenums = count($styles);
36:
37: include View::getView('header');
38: require_once(View::getView('style'));
39: include View::getView('footer');
40: View::output();
41:}
42:
43://update
44:if ($action == 'usestyle') {
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码8:
9:$Tag_Model = new Tag_Model();
10:
11:if ($action == '') {
12: $tags = $Tag_Model->getTag();
13: include View::getView('header');
14: require_once View::getView('tag');
15: include View::getView('footer');
16: View::output();
17:}
18:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9:$Tag_Model = new Tag_Model();
10:
11:if ($action == '') {
12: $tags = $Tag_Model->getTag();
13: include View::getView('header');
14: require_once View::getView('tag');
15: include View::getView('footer');
16: View::output();
17:}
18:
19:if ($action== "mod_tag") {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码10:
11:if ($action == '') {
12: $tags = $Tag_Model->getTag();
13: include View::getView('header');
14: require_once View::getView('tag');
15: include View::getView('footer');
16: View::output();
17:}
18:
19:if ($action== "mod_tag") {
20: $tagId = isset($_GET['tid']) ? intval($_GET['tid']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码18:
19:if ($action== "mod_tag") {
20: $tagId = isset($_GET['tid']) ? intval($_GET['tid']) : '';
21: $tag = $Tag_Model->getOneTag($tagId);
22: extract($tag);
23: include View::getView('header');
24: require_once View::getView('tagedit');
25: include View::getView('footer');View::output();
26:}
27:
28://标签修改
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码19:if ($action== "mod_tag") {
20: $tagId = isset($_GET['tid']) ? intval($_GET['tid']) : '';
21: $tag = $Tag_Model->getOneTag($tagId);
22: extract($tag);
23: include View::getView('header');
24: require_once View::getView('tagedit');
25: include View::getView('footer');View::output();
26:}
27:
28://标签修改
29:if ($action=='update_tag') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码20: $tagId = isset($_GET['tid']) ? intval($_GET['tid']) : '';
21: $tag = $Tag_Model->getOneTag($tagId);
22: extract($tag);
23: include View::getView('header');
24: require_once View::getView('tagedit');
25: include View::getView('footer');View::output();
26:}
27:
28://标签修改
29:if ($action=='update_tag') {
30: $tagName = isset($_POST['tagname']) ? addslashes($_POST['tagname']) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码42: }
43: closedir($handle);
44:
45: $tplnums = count($tpls);
46:
47: include View::getView('header');
48: require_once View::getView('template');
49: include View::getView('footer');
50: View::output();
51:}
52:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码43: closedir($handle);
44:
45: $tplnums = count($tpls);
46:
47: include View::getView('header');
48: require_once View::getView('template');
49: include View::getView('footer');
50: View::output();
51:}
52:
53://使用模板
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码44:
45: $tplnums = count($tpls);
46:
47: include View::getView('header');
48: require_once View::getView('template');
49: include View::getView('footer');
50: View::output();
51:}
52:
53://使用模板
54:if ($action == 'usetpl')
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码93: }
94: $custom_topimgs = Option::get('custom_topimgs');
95: $topimgs = array_merge($default_topimgs, $custom_topimgs);
96: closedir($handle);
97:
98: include View::getView('header');
99: require_once View::getView('template_top');
100: include View::getView('footer');
101: View::output();
102:}
103:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码94: $custom_topimgs = Option::get('custom_topimgs');
95: $topimgs = array_merge($default_topimgs, $custom_topimgs);
96: closedir($handle);
97:
98: include View::getView('header');
99: require_once View::getView('template_top');
100: include View::getView('footer');
101: View::output();
102:}
103:
104://使用顶部图片
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码95: $topimgs = array_merge($default_topimgs, $custom_topimgs);
96: closedir($handle);
97:
98: include View::getView('header');
99: require_once View::getView('template_top');
100: include View::getView('footer');
101: View::output();
102:}
103:
104://使用顶部图片
105:if ($action == 'update_top')
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码144: }
145: } else{
146: emDirect("./template.php?action=custom-top");
147: }
148:
149: include View::getView('header');
150: require_once View::getView('template_crop');
151: include View::getView('footer');
152: View::output();
153:}
154:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码145: } else{
146: emDirect("./template.php?action=custom-top");
147: }
148:
149: include View::getView('header');
150: require_once View::getView('template_crop');
151: include View::getView('footer');
152: View::output();
153:}
154:
155://裁剪图片
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码146: emDirect("./template.php?action=custom-top");
147: }
148:
149: include View::getView('header');
150: require_once View::getView('template_crop');
151: include View::getView('footer');
152: View::output();
153:}
154:
155://裁剪图片
156:if ($action == 'crop') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码188:}
189:
190://安装模板
191:if ($action == 'install')
192:{
193: include View::getView('header');
194: require_once View::getView('template_install');
195: include View::getView('footer');
196: View::output();
197:}
198:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码189:
190://安装模板
191:if ($action == 'install')
192:{
193: include View::getView('header');
194: require_once View::getView('template_install');
195: include View::getView('footer');
196: View::output();
197:}
198:
199://上传zip模板
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码190://安装模板
191:if ($action == 'install')
192:{
193: include View::getView('header');
194: require_once View::getView('template_install');
195: include View::getView('footer');
196: View::output();
197:}
198:
199://上传zip模板
200:if ($action == 'upload_zip') {
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码16: $tws = $Twitter_Model->getTwitters($page,1);
17: $twnum = $Twitter_Model->getTwitterNum(1);
18: $pageurl = pagination($twnum, Option::get('admin_perpage_num'), $page, 'twitter.php?page=');
19: $avatar = empty($user_cache[UID]['avatar']) ? './views/images/avatar.jpg' : '../' . $user_cache[UID]['avatar'];
20:
21: include View::getView('header');
22: require_once View::getView('twitter');
23: include View::getView('footer');
24: View::output();
25:}
26:// 发布微语.
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码17: $twnum = $Twitter_Model->getTwitterNum(1);
18: $pageurl = pagination($twnum, Option::get('admin_perpage_num'), $page, 'twitter.php?page=');
19: $avatar = empty($user_cache[UID]['avatar']) ? './views/images/avatar.jpg' : '../' . $user_cache[UID]['avatar'];
20:
21: include View::getView('header');
22: require_once View::getView('twitter');
23: include View::getView('footer');
24: View::output();
25:}
26:// 发布微语.
27:if ($action == 'post') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码18: $pageurl = pagination($twnum, Option::get('admin_perpage_num'), $page, 'twitter.php?page=');
19: $avatar = empty($user_cache[UID]['avatar']) ? './views/images/avatar.jpg' : '../' . $user_cache[UID]['avatar'];
20:
21: include View::getView('header');
22: require_once View::getView('twitter');
23: include View::getView('footer');
24: View::output();
25:}
26:// 发布微语.
27:if ($action == 'post') {
28: $t = isset($_POST['t']) ? addslashes(trim($_POST['t'])) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码13: $page = isset($_GET['page']) ? intval($_GET['page']) : 1;
14: $users = $User_Model->getUsers($page);
15: $usernum = $User_Model->getUserNum();
16: $pageurl = pagination($usernum, Option::get('admin_perpage_num'), $page, "./user.php?page=");
17:
18: include View::getView('header');
19: require_once View::getView('user');
20: include View::getView('footer');
21: View::output();
22:}
23:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码14: $users = $User_Model->getUsers($page);
15: $usernum = $User_Model->getUserNum();
16: $pageurl = pagination($usernum, Option::get('admin_perpage_num'), $page, "./user.php?page=");
17:
18: include View::getView('header');
19: require_once View::getView('user');
20: include View::getView('footer');
21: View::output();
22:}
23:
24:if ($action== 'new') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码15: $usernum = $User_Model->getUserNum();
16: $pageurl = pagination($usernum, Option::get('admin_perpage_num'), $page, "./user.php?page=");
17:
18: include View::getView('header');
19: require_once View::getView('user');
20: include View::getView('footer');
21: View::output();
22:}
23:
24:if ($action== 'new') {
25: $login = isset($_POST['login']) ? addslashes(trim($_POST['login'])) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码71: $ex3 = 'selected="selected"';
72: } elseif ($ischeck == 'y') {
73: $ex4 = 'selected="selected"';
74: }
75:
76: include View::getView('header');
77: require_once View::getView('useredit');
78: include View::getView('footer');View::output();
79:}
80:
81:if ($action=='update') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码72: } elseif ($ischeck == 'y') {
73: $ex4 = 'selected="selected"';
74: }
75:
76: include View::getView('header');
77: require_once View::getView('useredit');
78: include View::getView('footer');View::output();
79:}
80:
81:if ($action=='update') {
82: $login = isset($_POST['username']) ? addslashes(trim($_POST['username'])) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码73: $ex4 = 'selected="selected"';
74: }
75:
76: include View::getView('header');
77: require_once View::getView('useredit');
78: include View::getView('footer');View::output();
79:}
80:
81:if ($action=='update') {
82: $login = isset($_POST['username']) ? addslashes(trim($_POST['username'])) : '';
83: $nickname = isset($_POST['nickname']) ? addslashes(trim($_POST['nickname'])) : '';
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码26: } else {
27: $customWgTitle[$key] = $val;
28: }
29: }
30:
31: include View::getView('header');
32: require_once View::getView('widgets');
33: include View::getView('footer');
34: View::output();
35:}
36:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码27: $customWgTitle[$key] = $val;
28: }
29: }
30:
31: include View::getView('header');
32: require_once View::getView('widgets');
33: include View::getView('footer');
34: View::output();
35:}
36:
37://修改组件设置
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码28: }
29: }
30:
31: include View::getView('header');
32: require_once View::getView('widgets');
33: include View::getView('footer');
34: View::output();
35:}
36:
37://修改组件设置
38:if ($action == 'setwg') {
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码15: $tags = $Tag_Model->getTag();
16:
17: $localtime = time() + Option::get('timezone') * 3600;
18: $postDate = gmdate('Y-m-d H:i:s', $localtime);
19:
20: include View::getView('header');
21: require_once View::getView('add_log');
22: include View::getView('footer');
23: View::output();
24:}
25:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码16:
17: $localtime = time() + Option::get('timezone') * 3600;
18: $postDate = gmdate('Y-m-d H:i:s', $localtime);
19:
20: include View::getView('header');
21: require_once View::getView('add_log');
22: include View::getView('footer');
23: View::output();
24:}
25:
26://显示编辑文章页面
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码17: $localtime = time() + Option::get('timezone') * 3600;
18: $postDate = gmdate('Y-m-d H:i:s', $localtime);
19:
20: include View::getView('header');
21: require_once View::getView('add_log');
22: include View::getView('footer');
23: View::output();
24:}
25:
26://显示编辑文章页面
27:if ($action == 'edit') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码46:
47: $is_top = $top == 'y' ? 'checked="checked"' : '';
48: $is_sortop = $sortop == 'y' ? 'checked="checked"' : '';
49: $is_allow_remark = $allow_remark == 'y' ? 'checked="checked"' : '';
50:
51: include View::getView('header');
52: require_once View::getView('edit_log');
53: include View::getView('footer');View::output();
54:}
55:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码47: $is_top = $top == 'y' ? 'checked="checked"' : '';
48: $is_sortop = $sortop == 'y' ? 'checked="checked"' : '';
49: $is_allow_remark = $allow_remark == 'y' ? 'checked="checked"' : '';
50:
51: include View::getView('header');
52: require_once View::getView('edit_log');
53: include View::getView('footer');View::output();
54:}
55:
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码48: $is_sortop = $sortop == 'y' ? 'checked="checked"' : '';
49: $is_allow_remark = $allow_remark == 'y' ? 'checked="checked"' : '';
50:
51: include View::getView('header');
52: require_once View::getView('edit_log');
53: include View::getView('footer');View::output();
54:}
55:
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码15: <?php blog_comments($comments); ?>
16: <?php blog_comments_post($logid,$ckname,$ckmail,$ckurl,$verifyCode,$allow_remark); ?>
17: <div style="clear:both;"></div>
18:</div><!--end #contentleft-->
19:<?php
20: include View::getView('side');
21: include View::getView('footer');
22:?>
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码16: <?php blog_comments_post($logid,$ckname,$ckmail,$ckurl,$verifyCode,$allow_remark); ?>
17: <div style="clear:both;"></div>
18:</div><!--end #contentleft-->
19:<?php
20: include View::getView('side');
21: include View::getView('footer');
22:?>
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码6:Author:emlog
7:Author Url:http://www.emlog.net
8:Sidebar Amount:1
9:*/
10:if(!defined('EMLOG_ROOT')) {exit('error!');}
11:require_once View::getView('module');
12:?>
13:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
14:<html xmlns="http://www.w3.org/1999/xhtml">
15:<head>
16:<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码36: <?php echo $page_url;?>
37:</div>
38:
39:</div><!-- end #contentleft-->
40:<?php
41: include View::getView('side');
42: include View::getView('footer');
43:?>
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码37:</div>
38:
39:</div><!-- end #contentleft-->
40:<?php
41: include View::getView('side');
42: include View::getView('footer');
43:?>
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码11: <?php blog_comments($comments); ?>
12: <?php blog_comments_post($logid,$ckname,$ckmail,$ckurl,$verifyCode,$allow_remark); ?>
13: <div style="clear:both;"></div>
14:</div><!--end #contentleft-->
15:<?php
16: include View::getView('side');
17: include View::getView('footer');
18:?>
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码12: <?php blog_comments_post($logid,$ckname,$ckmail,$ckurl,$verifyCode,$allow_remark); ?>
13: <div style="clear:both;"></div>
14:</div><!--end #contentleft-->
15:<?php
16: include View::getView('side');
17: include View::getView('footer');
18:?>
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | call_user_func第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码15: if(strpos($val, 'custom_wg_') === 0)
16: {
17: $callback = 'widget_custom_text';
18: if(function_exists($callback))
19: {
20: call_user_func($callback, htmlspecialchars($custom_widget[$val]['title']), $custom_widget[$val]['content']);
21: }
22: }else{
23: $callback = 'widget_'.$val;
24: if(function_exists($callback))
25: {
|
||
danger | - | call_user_func第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码23: $callback = 'widget_'.$val;
24: if(function_exists($callback))
25: {
26: preg_match("/^.*\s\((.*)\)/", $widget_title[$val], $matchs);
27: $wgTitle = isset($matchs[1]) ? $matchs[1] : $widget_title[$val];
28: call_user_func($callback, htmlspecialchars($wgTitle));
29: }
30: }
31:}
32:?>
33:<?php if (Option::get('rss_output_num')):?>
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码45: <li id="pagenavi"><?php echo $pageurl;?><span></span></li>
46: </ul>
47:</div><!--end #tw-->
48:</div><!--end #contentleft-->
49:<?php
50: include View::getView('side');
51: include View::getView('footer');
52:?>
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码46: </ul>
47:</div><!--end #tw-->
48:</div><!--end #contentleft-->
49:<?php
50: include View::getView('side');
51: include View::getView('footer');
52:?>
|
等级 | 函数 | 说明 |
---|---|---|
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $CACHE = Cache::getInstance();
12: $options_cache = Option::getAll();
13: extract($options_cache);
14:
15: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
16: $author = isset($params[1]) && $params[1] == 'author' ? intval($params[2]) : '' ;
17:
18:
19: $pageurl = '';
20:
21: $user_cache = $CACHE->readCache('user');
22: if (!isset($user_cache[$author])) {
23: show_404_page();
24: }
25:
26: $author_name = $user_cache[$author]['name'];
27: //page meta
28: $site_title = $author_name . ' - ' . $site_title;
29:
30: $sqlSegment = "and author=$author order by date desc";
31: $sta_cache = $CACHE->readCache('sta');
32: $lognum = $sta_cache[$author]['lognum'];
33:
34: $total_pages = ceil($lognum / $index_lognum);
35: if ($page > $total_pages) {
36: $page = $total_pages;
37: }
38: $start_limit = ($page - 1) * $index_lognum;
39: $pageurl .= Url::author($author, 'page');
40:
41: $Log_Model = new Log_Model();
42: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
43: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
44:
45: include View::getView('header');
46: include View::getView('log_list');
47: }
|
||
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $CACHE = Cache::getInstance();
12: $options_cache = Option::getAll();
13: extract($options_cache);
14:
15: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
16: $author = isset($params[1]) && $params[1] == 'author' ? intval($params[2]) : '' ;
17:
18:
19: $pageurl = '';
20:
21: $user_cache = $CACHE->readCache('user');
22: if (!isset($user_cache[$author])) {
23: show_404_page();
24: }
25:
26: $author_name = $user_cache[$author]['name'];
27: //page meta
28: $site_title = $author_name . ' - ' . $site_title;
29:
30: $sqlSegment = "and author=$author order by date desc";
31: $sta_cache = $CACHE->readCache('sta');
32: $lognum = $sta_cache[$author]['lognum'];
33:
34: $total_pages = ceil($lognum / $index_lognum);
35: if ($page > $total_pages) {
36: $page = $total_pages;
37: }
38: $start_limit = ($page - 1) * $index_lognum;
39: $pageurl .= Url::author($author, 'page');
40:
41: $Log_Model = new Log_Model();
42: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
43: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
44:
45: include View::getView('header');
46: include View::getView('log_list');
47: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $CACHE = Cache::getInstance();
12:
13: $options_cache = Option::getAll();
14: extract($options_cache);
15:
16: $page = isset($params[1]) && $params[1] == 'page' ? abs(intval($params[2])) : 1;
17:
18: $pageurl = '';
19: $sqlSegment ='ORDER BY top DESC ,date DESC';
20: $sta_cache = $CACHE->readCache('sta');
21: $lognum = $sta_cache['lognum'];
22: $pageurl .= Url::logPage();
23: $total_pages = ceil($lognum / $index_lognum);
24: if ($page > $total_pages) {
25: $page = $total_pages;
26: }
27: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
28: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
29:
30: include View::getView('header');
31: include View::getView('log_list');
32: }
|
||
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $CACHE = Cache::getInstance();
12:
13: $options_cache = Option::getAll();
14: extract($options_cache);
15:
16: $page = isset($params[1]) && $params[1] == 'page' ? abs(intval($params[2])) : 1;
17:
18: $pageurl = '';
19: $sqlSegment ='ORDER BY top DESC ,date DESC';
20: $sta_cache = $CACHE->readCache('sta');
21: $lognum = $sta_cache['lognum'];
22: $pageurl .= Url::logPage();
23: $total_pages = ceil($lognum / $index_lognum);
24: if ($page > $total_pages) {
25: $page = $total_pages;
26: }
27: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
28: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
29:
30: include View::getView('header');
31: include View::getView('log_list');
32: }
|
||
danger | displayContent | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码34: function displayContent($params) {
35: $comment_page = isset($params[4]) && $params[4] == 'comment-page' ? intval($params[5]) : 1;
36:
37: $Log_Model = new Log_Model();
38: $CACHE = Cache::getInstance();
39:
40: $options_cache = $CACHE->readCache('options');
41: extract($options_cache);
42:
43: $logid = 0 ;
44: if (isset($params[1])) {
45: if ($params[1] == 'post') {
46: $logid = isset($params[2]) ? intval($params[2]) : 0;
47: } elseif (is_numeric($params[1])) {
48: $logid = intval($params[1]);
49: } else {
50: $logalias_cache = $CACHE->readCache('logalias');
51: if (!empty($logalias_cache)) {
52: $alias = addslashes(urldecode(trim($params[1])));
53: $logid = array_search($alias, $logalias_cache);
54: if (!$logid) {
55: show_404_page();
56: }
57: }
58: }
59: }
60:
61: $Comment_Model = new Comment_Model();
62:
63: $logData = $Log_Model->getOneLogForHome($logid);
64: if ($logData === false) {
65: show_404_page();
66: }
67: extract($logData);
68:
69: if (!empty($password)) {
70: $postpwd = isset($_POST['logpwd']) ? addslashes(trim($_POST['logpwd'])) : '';
71: $cookiepwd = isset($_COOKIE['em_logpwd_'.$logid]) ? addslashes(trim($_COOKIE['em_logpwd_'.$logid])) : '';
72: $Log_Model->AuthPassword($postpwd, $cookiepwd, $password, $logid);
73: }
74: //meta
75: switch ($log_title_style) {
76: case '0':
77: $site_title = $log_title;
78: break;
79: case '1':
80: $site_title = $log_title . ' - ' . $blogname;
81: break;
82: case '2':
83: $site_title = $log_title . ' - ' . $site_title;
84: break;
85: }
86: $site_description = extractHtmlData($log_content, 90);
87: $log_cache_tags = $CACHE->readCache('logtags');
88: if (!empty($log_cache_tags[$logid])) {
89: foreach ($log_cache_tags[$logid] as $value) {
90: $site_key .= ','.$value['tagname'];
91: }
92: }
93: //comments
94: $verifyCode = ISLOGIN == false && $comment_code == 'y' ? "<img src=\"".BLOG_URL."include/lib/checkcode.php\" align=\"absmiddle\" /><input name=\"imgcode\" type=\"text\" class=\"input\" size=\"5\" tabindex=\"5\" />" : '';
95: $ckname = isset($_COOKIE['commentposter']) ? htmlspecialchars(stripslashes($_COOKIE['commentposter'])) : '';
96: $ckmail = isset($_COOKIE['postermail']) ? htmlspecialchars($_COOKIE['postermail']) : '';
97: $ckurl = isset($_COOKIE['posterurl']) ? htmlspecialchars($_COOKIE['posterurl']) : '';
98: $comments = $Comment_Model->getComments(0, $logid, 'n', $comment_page);
99:
100: include View::getView('header');
101: if ($type == 'blog') {
102: $Log_Model->updateViewCount($logid);
103: $neighborLog = $Log_Model->neighborLog($timestamp);
104: $tb = array();$tb_url = '';//兼容未删除引用模板
105: include View::getView('echo_log');
106: }elseif ($type == 'page') {
107: $template = !empty($template) && file_exists(TEMPLATE_PATH . $template . '.php') ? $template : 'page';
108: include View::getView($template);
109: }
110: }
|
||
danger | displayContent | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码34: function displayContent($params) {
35: $comment_page = isset($params[4]) && $params[4] == 'comment-page' ? intval($params[5]) : 1;
36:
37: $Log_Model = new Log_Model();
38: $CACHE = Cache::getInstance();
39:
40: $options_cache = $CACHE->readCache('options');
41: extract($options_cache);
42:
43: $logid = 0 ;
44: if (isset($params[1])) {
45: if ($params[1] == 'post') {
46: $logid = isset($params[2]) ? intval($params[2]) : 0;
47: } elseif (is_numeric($params[1])) {
48: $logid = intval($params[1]);
49: } else {
50: $logalias_cache = $CACHE->readCache('logalias');
51: if (!empty($logalias_cache)) {
52: $alias = addslashes(urldecode(trim($params[1])));
53: $logid = array_search($alias, $logalias_cache);
54: if (!$logid) {
55: show_404_page();
56: }
57: }
58: }
59: }
60:
61: $Comment_Model = new Comment_Model();
62:
63: $logData = $Log_Model->getOneLogForHome($logid);
64: if ($logData === false) {
65: show_404_page();
66: }
67: extract($logData);
68:
69: if (!empty($password)) {
70: $postpwd = isset($_POST['logpwd']) ? addslashes(trim($_POST['logpwd'])) : '';
71: $cookiepwd = isset($_COOKIE['em_logpwd_'.$logid]) ? addslashes(trim($_COOKIE['em_logpwd_'.$logid])) : '';
72: $Log_Model->AuthPassword($postpwd, $cookiepwd, $password, $logid);
73: }
74: //meta
75: switch ($log_title_style) {
76: case '0':
77: $site_title = $log_title;
78: break;
79: case '1':
80: $site_title = $log_title . ' - ' . $blogname;
81: break;
82: case '2':
83: $site_title = $log_title . ' - ' . $site_title;
84: break;
85: }
86: $site_description = extractHtmlData($log_content, 90);
87: $log_cache_tags = $CACHE->readCache('logtags');
88: if (!empty($log_cache_tags[$logid])) {
89: foreach ($log_cache_tags[$logid] as $value) {
90: $site_key .= ','.$value['tagname'];
91: }
92: }
93: //comments
94: $verifyCode = ISLOGIN == false && $comment_code == 'y' ? "<img src=\"".BLOG_URL."include/lib/checkcode.php\" align=\"absmiddle\" /><input name=\"imgcode\" type=\"text\" class=\"input\" size=\"5\" tabindex=\"5\" />" : '';
95: $ckname = isset($_COOKIE['commentposter']) ? htmlspecialchars(stripslashes($_COOKIE['commentposter'])) : '';
96: $ckmail = isset($_COOKIE['postermail']) ? htmlspecialchars($_COOKIE['postermail']) : '';
97: $ckurl = isset($_COOKIE['posterurl']) ? htmlspecialchars($_COOKIE['posterurl']) : '';
98: $comments = $Comment_Model->getComments(0, $logid, 'n', $comment_page);
99:
100: include View::getView('header');
101: if ($type == 'blog') {
102: $Log_Model->updateViewCount($logid);
103: $neighborLog = $Log_Model->neighborLog($timestamp);
104: $tb = array();$tb_url = '';//兼容未删除引用模板
105: include View::getView('echo_log');
106: }elseif ($type == 'page') {
107: $template = !empty($template) && file_exists(TEMPLATE_PATH . $template . '.php') ? $template : 'page';
108: include View::getView($template);
109: }
110: }
|
||
danger | displayContent | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码34: function displayContent($params) {
35: $comment_page = isset($params[4]) && $params[4] == 'comment-page' ? intval($params[5]) : 1;
36:
37: $Log_Model = new Log_Model();
38: $CACHE = Cache::getInstance();
39:
40: $options_cache = $CACHE->readCache('options');
41: extract($options_cache);
42:
43: $logid = 0 ;
44: if (isset($params[1])) {
45: if ($params[1] == 'post') {
46: $logid = isset($params[2]) ? intval($params[2]) : 0;
47: } elseif (is_numeric($params[1])) {
48: $logid = intval($params[1]);
49: } else {
50: $logalias_cache = $CACHE->readCache('logalias');
51: if (!empty($logalias_cache)) {
52: $alias = addslashes(urldecode(trim($params[1])));
53: $logid = array_search($alias, $logalias_cache);
54: if (!$logid) {
55: show_404_page();
56: }
57: }
58: }
59: }
60:
61: $Comment_Model = new Comment_Model();
62:
63: $logData = $Log_Model->getOneLogForHome($logid);
64: if ($logData === false) {
65: show_404_page();
66: }
67: extract($logData);
68:
69: if (!empty($password)) {
70: $postpwd = isset($_POST['logpwd']) ? addslashes(trim($_POST['logpwd'])) : '';
71: $cookiepwd = isset($_COOKIE['em_logpwd_'.$logid]) ? addslashes(trim($_COOKIE['em_logpwd_'.$logid])) : '';
72: $Log_Model->AuthPassword($postpwd, $cookiepwd, $password, $logid);
73: }
74: //meta
75: switch ($log_title_style) {
76: case '0':
77: $site_title = $log_title;
78: break;
79: case '1':
80: $site_title = $log_title . ' - ' . $blogname;
81: break;
82: case '2':
83: $site_title = $log_title . ' - ' . $site_title;
84: break;
85: }
86: $site_description = extractHtmlData($log_content, 90);
87: $log_cache_tags = $CACHE->readCache('logtags');
88: if (!empty($log_cache_tags[$logid])) {
89: foreach ($log_cache_tags[$logid] as $value) {
90: $site_key .= ','.$value['tagname'];
91: }
92: }
93: //comments
94: $verifyCode = ISLOGIN == false && $comment_code == 'y' ? "<img src=\"".BLOG_URL."include/lib/checkcode.php\" align=\"absmiddle\" /><input name=\"imgcode\" type=\"text\" class=\"input\" size=\"5\" tabindex=\"5\" />" : '';
95: $ckname = isset($_COOKIE['commentposter']) ? htmlspecialchars(stripslashes($_COOKIE['commentposter'])) : '';
96: $ckmail = isset($_COOKIE['postermail']) ? htmlspecialchars($_COOKIE['postermail']) : '';
97: $ckurl = isset($_COOKIE['posterurl']) ? htmlspecialchars($_COOKIE['posterurl']) : '';
98: $comments = $Comment_Model->getComments(0, $logid, 'n', $comment_page);
99:
100: include View::getView('header');
101: if ($type == 'blog') {
102: $Log_Model->updateViewCount($logid);
103: $neighborLog = $Log_Model->neighborLog($timestamp);
104: $tb = array();$tb_url = '';//兼容未删除引用模板
105: include View::getView('echo_log');
106: }elseif ($type == 'page') {
107: $template = !empty($template) && file_exists(TEMPLATE_PATH . $template . '.php') ? $template : 'page';
108: include View::getView($template);
109: }
110: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $options_cache = Option::getAll();
12: extract($options_cache);
13:
14: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
15: $record = isset($params[1]) && $params[1] == 'record' ? intval($params[2]) : '' ;
16:
17: $GLOBALS['record'] = $record;//for sidebar calendar
18:
19:
20: $pageurl = '';
21:
22: //page meta
23: $site_title = $record . ' - ' . $site_title;
24:
25: if (preg_match("/^([\d]{4})([\d]{2})$/", $record, $match)) {
26: $days = getMonthDayNum($match[2], $match[1]);
27: $record_stime = emStrtotime($record . '01');
28: $record_etime = $record_stime + 3600 * 24 * $days;
29: } else {
30: $record_stime = emStrtotime($record);
31: $record_etime = $record_stime + 3600 * 24;
32: }
33: $sqlSegment = "and date>=$record_stime and date<$record_etime order by date desc";
34: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
35:
36: $total_pages = ceil($lognum / $index_lognum);
37: if ($page > $total_pages) {
38: $page = $total_pages;
39: }
40: $start_limit = ($page - 1) * $index_lognum;
41:
42: $pageurl .= Url::record($record, 'page');
43:
44: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
45: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
46:
47: include View::getView('header');
48: include View::getView('log_list');
49: }
|
||
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $options_cache = Option::getAll();
12: extract($options_cache);
13:
14: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
15: $record = isset($params[1]) && $params[1] == 'record' ? intval($params[2]) : '' ;
16:
17: $GLOBALS['record'] = $record;//for sidebar calendar
18:
19:
20: $pageurl = '';
21:
22: //page meta
23: $site_title = $record . ' - ' . $site_title;
24:
25: if (preg_match("/^([\d]{4})([\d]{2})$/", $record, $match)) {
26: $days = getMonthDayNum($match[2], $match[1]);
27: $record_stime = emStrtotime($record . '01');
28: $record_etime = $record_stime + 3600 * 24 * $days;
29: } else {
30: $record_stime = emStrtotime($record);
31: $record_etime = $record_stime + 3600 * 24;
32: }
33: $sqlSegment = "and date>=$record_stime and date<$record_etime order by date desc";
34: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
35:
36: $total_pages = ceil($lognum / $index_lognum);
37: if ($page > $total_pages) {
38: $page = $total_pages;
39: }
40: $start_limit = ($page - 1) * $index_lognum;
41:
42: $pageurl .= Url::record($record, 'page');
43:
44: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
45: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
46:
47: include View::getView('header');
48: include View::getView('log_list');
49: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $options_cache = Option::getAll();
12: extract($options_cache);
13:
14: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
15: $keyword = isset($params[1]) && $params[1] == 'keyword' ? trim($params[2]) : '';
16: $keyword = addslashes(htmlspecialchars(urldecode($keyword)));
17: $keyword = str_replace(array('%', '_'), array('\%', '\_'), $keyword);
18:
19:
20: $pageurl = '';
21:
22: $sqlSegment = "and title like '%{$keyword}%' order by date desc";
23: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
24: $total_pages = ceil($lognum / $index_lognum);
25: if ($page > $total_pages) {
26: $page = $total_pages;
27: }
28:
29: $pageurl .= BLOG_URL.'?keyword='.urlencode($keyword).'&page=';
30:
31: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
32: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
33:
34: include View::getView('header');
35: include View::getView('log_list');
36: }
|
||
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $options_cache = Option::getAll();
12: extract($options_cache);
13:
14: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
15: $keyword = isset($params[1]) && $params[1] == 'keyword' ? trim($params[2]) : '';
16: $keyword = addslashes(htmlspecialchars(urldecode($keyword)));
17: $keyword = str_replace(array('%', '_'), array('\%', '\_'), $keyword);
18:
19:
20: $pageurl = '';
21:
22: $sqlSegment = "and title like '%{$keyword}%' order by date desc";
23: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
24: $total_pages = ceil($lognum / $index_lognum);
25: if ($page > $total_pages) {
26: $page = $total_pages;
27: }
28:
29: $pageurl .= BLOG_URL.'?keyword='.urlencode($keyword).'&page=';
30:
31: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
32: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
33:
34: include View::getView('header');
35: include View::getView('log_list');
36: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $CACHE = Cache::getInstance();
12: $options_cache = Option::getAll();
13: extract($options_cache);
14:
15: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
16:
17: $sortid = '';
18: if (!empty($params[2])) {
19: if (is_numeric($params[2])) {
20: $sortid = intval($params[2]);
21: } else {
22: $sort_cache = $CACHE->readCache('sort');
23: foreach ($sort_cache as $key => $value) {
24: $alias = addslashes(urldecode(trim($params[2])));
25: if (array_search($alias, $value, true)){
26: $sortid = $key;
27: break;
28: }
29: }
30: }
31: }
32:
33:
34: $pageurl = '';
35:
36: $sort_cache = $CACHE->readCache('sort');
37: if (!isset($sort_cache[$sortid])) {
38: show_404_page();
39: }
40: $sort = $sort_cache[$sortid];
41: $sortName = $sort['sortname'];
42: //page meta
43: $site_title = $sortName . ' - ' . $site_title;
44: if (!empty($sort_cache[$sortid]['description'])) {
45: $site_description = $sort_cache[$sortid]['description'];
46: }
47: if ($sort['pid'] != 0 || empty($sort['children'])) {
48: $sqlSegment = "and sortid=$sortid";
49: } else {
50: $sortids = array_merge(array($sortid), $sort['children']);
51: $sqlSegment = "and sortid in (" . implode(',', $sortids) . ")";
52: }
53: $sqlSegment .= " order by sortop desc, date desc";
54: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
55: $total_pages = ceil($lognum / $index_lognum);
56: if ($page > $total_pages) {
57: $page = $total_pages;
58: }
59: $pageurl .= Url::sort($sortid, 'page');
60:
61: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
62: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
63:
64: $template = !empty($sort['template']) && file_exists(TEMPLATE_PATH . $sort['template'] . '.php') ? $sort['template'] : 'log_list';
65:
66: include View::getView('header');
67: include View::getView($template);
68: }
|
||
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $CACHE = Cache::getInstance();
12: $options_cache = Option::getAll();
13: extract($options_cache);
14:
15: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
16:
17: $sortid = '';
18: if (!empty($params[2])) {
19: if (is_numeric($params[2])) {
20: $sortid = intval($params[2]);
21: } else {
22: $sort_cache = $CACHE->readCache('sort');
23: foreach ($sort_cache as $key => $value) {
24: $alias = addslashes(urldecode(trim($params[2])));
25: if (array_search($alias, $value, true)){
26: $sortid = $key;
27: break;
28: }
29: }
30: }
31: }
32:
33:
34: $pageurl = '';
35:
36: $sort_cache = $CACHE->readCache('sort');
37: if (!isset($sort_cache[$sortid])) {
38: show_404_page();
39: }
40: $sort = $sort_cache[$sortid];
41: $sortName = $sort['sortname'];
42: //page meta
43: $site_title = $sortName . ' - ' . $site_title;
44: if (!empty($sort_cache[$sortid]['description'])) {
45: $site_description = $sort_cache[$sortid]['description'];
46: }
47: if ($sort['pid'] != 0 || empty($sort['children'])) {
48: $sqlSegment = "and sortid=$sortid";
49: } else {
50: $sortids = array_merge(array($sortid), $sort['children']);
51: $sqlSegment = "and sortid in (" . implode(',', $sortids) . ")";
52: }
53: $sqlSegment .= " order by sortop desc, date desc";
54: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
55: $total_pages = ceil($lognum / $index_lognum);
56: if ($page > $total_pages) {
57: $page = $total_pages;
58: }
59: $pageurl .= Url::sort($sortid, 'page');
60:
61: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
62: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
63:
64: $template = !empty($sort['template']) && file_exists(TEMPLATE_PATH . $sort['template'] . '.php') ? $sort['template'] : 'log_list';
65:
66: include View::getView('header');
67: include View::getView($template);
68: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $options_cache = Option::getAll();
12: extract($options_cache);
13:
14: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
15: $tag = isset($params[1]) && $params[1] == 'tag' ? addslashes(urldecode(trim($params[2]))) : '';
16:
17:
18: $pageurl = '';
19:
20: //page meta
21: $site_title = stripslashes($tag) . ' - ' . $site_title;
22:
23: $Tag_Model = new Tag_Model();
24: $blogIdStr = $Tag_Model->getTagByName($tag);
25:
26: if ($blogIdStr === false) {
27: show_404_page();
28: }
29: $sqlSegment = "and gid IN ($blogIdStr) order by date desc";
30: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
31: $total_pages = ceil($lognum / $index_lognum);
32: if ($page > $total_pages) {
33: $page = $total_pages;
34: }
35: $pageurl .= Url::tag(urlencode($tag), 'page');
36:
37: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
38: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
39:
40: include View::getView('header');
41: include View::getView('log_list');
42: }
|
||
danger | display | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码9: function display($params) {
10: $Log_Model = new Log_Model();
11: $options_cache = Option::getAll();
12: extract($options_cache);
13:
14: $page = isset($params[4]) && $params[4] == 'page' ? abs(intval($params[5])) : 1;
15: $tag = isset($params[1]) && $params[1] == 'tag' ? addslashes(urldecode(trim($params[2]))) : '';
16:
17:
18: $pageurl = '';
19:
20: //page meta
21: $site_title = stripslashes($tag) . ' - ' . $site_title;
22:
23: $Tag_Model = new Tag_Model();
24: $blogIdStr = $Tag_Model->getTagByName($tag);
25:
26: if ($blogIdStr === false) {
27: show_404_page();
28: }
29: $sqlSegment = "and gid IN ($blogIdStr) order by date desc";
30: $lognum = $Log_Model->getLogNum('n', $sqlSegment);
31: $total_pages = ceil($lognum / $index_lognum);
32: if ($page > $total_pages) {
33: $page = $total_pages;
34: }
35: $pageurl .= Url::tag(urlencode($tag), 'page');
36:
37: $logs = $Log_Model->getLogsForHome($sqlSegment, $page, $index_lognum);
38: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
39:
40: include View::getView('header');
41: include View::getView('log_list');
42: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | updateCache | call_user_func第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码49: function updateCache($cacheMethodName = null) {
50: // 更新单个缓存
51: if (is_string($cacheMethodName)) {
52: if (method_exists($this, 'mc_' . $cacheMethodName)) {
53: call_user_func(array($this, 'mc_' . $cacheMethodName));
54: }
55: return;
56: }
57: // 更新多个缓存
58: if (is_array($cacheMethodName)) {
59: foreach ($cacheMethodName as $name) {
60: if (method_exists($this, 'mc_' . $name)) {
61: call_user_func(array($this, 'mc_' . $name));
62: }
63: }
64: return;
65: }
66: // 更新全部缓存
67: if ($cacheMethodName == null) {
68: // 自动运行本类所有更新缓存的方法(此类方法的名称必须由mc_开头)
69: $cacheMethodNames = get_class_methods($this);
70: foreach ($cacheMethodNames as $method) {
71: if (preg_match('/^mc_/', $method)) {
72: call_user_func(array($this, $method));
73: }
74: }
75: }
76: }
|
||
danger | updateCache | call_user_func第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码49: function updateCache($cacheMethodName = null) {
50: // 更新单个缓存
51: if (is_string($cacheMethodName)) {
52: if (method_exists($this, 'mc_' . $cacheMethodName)) {
53: call_user_func(array($this, 'mc_' . $cacheMethodName));
54: }
55: return;
56: }
57: // 更新多个缓存
58: if (is_array($cacheMethodName)) {
59: foreach ($cacheMethodName as $name) {
60: if (method_exists($this, 'mc_' . $name)) {
61: call_user_func(array($this, 'mc_' . $name));
62: }
63: }
64: return;
65: }
66: // 更新全部缓存
67: if ($cacheMethodName == null) {
68: // 自动运行本类所有更新缓存的方法(此类方法的名称必须由mc_开头)
69: $cacheMethodNames = get_class_methods($this);
70: foreach ($cacheMethodNames as $method) {
71: if (preg_match('/^mc_/', $method)) {
72: call_user_func(array($this, $method));
73: }
74: }
75: }
76: }
|
||
danger | updateCache | call_user_func第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码49: function updateCache($cacheMethodName = null) {
50: // 更新单个缓存
51: if (is_string($cacheMethodName)) {
52: if (method_exists($this, 'mc_' . $cacheMethodName)) {
53: call_user_func(array($this, 'mc_' . $cacheMethodName));
54: }
55: return;
56: }
57: // 更新多个缓存
58: if (is_array($cacheMethodName)) {
59: foreach ($cacheMethodName as $name) {
60: if (method_exists($this, 'mc_' . $name)) {
61: call_user_func(array($this, 'mc_' . $name));
62: }
63: }
64: return;
65: }
66: // 更新全部缓存
67: if ($cacheMethodName == null) {
68: // 自动运行本类所有更新缓存的方法(此类方法的名称必须由mc_开头)
69: $cacheMethodNames = get_class_methods($this);
70: foreach ($cacheMethodNames as $method) {
71: if (preg_match('/^mc_/', $method)) {
72: call_user_func(array($this, $method));
73: }
74: }
75: }
76: }
|
||
danger | readCache | call_user_func第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码519: function readCache($cacheName) {
520: if ($this->{$cacheName.'_cache'} != null) {
521: return $this->{$cacheName.'_cache'};
522: } else {
523: $cachefile = EMLOG_ROOT . '/content/cache/' . $cacheName . '.php';
524: // 如果缓存文件不存在则自动生成缓存文件
525: if (!is_file($cachefile) || filesize($cachefile) <= 0) {
526: if (method_exists($this, 'mc_' . $cacheName)) {
527: call_user_func(array($this, 'mc_' . $cacheName));
528: }
529: }
530: if ($fp = fopen($cachefile, 'r')) {
531: $data = fread($fp, filesize($cachefile));
532: fclose($fp);
533: clearstatcache();
534: $this->{$cacheName.'_cache'} = unserialize(str_replace("<?php exit;//", '', $data));
535: return $this->{$cacheName.'_cache'};
536: }
537: }
538: }
|
等级 | 函数 | 说明 |
---|---|---|
warning | dispatch | 动态创建类对象,可能存在远程代码执行的隐患 |
代码74: public function dispatch(){
75: $module = new $this->_model();
76: $method = $this->_method;
77: $module->$method($this->_params);
78: }
|
||
danger | dispatch | 动态调用方法,可能存在远程代码执行的隐患 |
代码74: public function dispatch(){
75: $module = new $this->_model();
76: $method = $this->_method;
77: $module->$method($this->_params);
78: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | extractHtmlData | preg_replace第一个参数不是静态字符串,可能存在远程代码执行的隐患 |
代码176:function extractHtmlData($data, $len) {
177: $data = strip_tags(subString($data, 0, $len + 30));
178: $search = array("/([\r\n])[\s]+/", // 去掉空白字符
179: "/&(quot|#34);/i", // 替换 HTML 实体
180: "/&(amp|#38);/i",
181: "/&(lt|#60);/i",
182: "/&(gt|#62);/i",
183: "/&(nbsp|#160);/i",
184: "/&(iexcl|#161);/i",
185: "/&(cent|#162);/i",
186: "/&(pound|#163);/i",
187: "/&(copy|#169);/i",
188: "/\"/i",
189: );
190: $replace = array(" ", "\"", "&", " ", " ", "", chr(161), chr(162), chr(163), chr(169), "");
191: $data = trim(subString(preg_replace($search, $replace, $data), 0, $len));
192: return $data;
193:}
|
||
danger | doAction | call_user_func_array第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码272:function doAction($hook) {
273: global $emHooks;
274: $args = array_slice(func_get_args(), 1);
275: if (isset($emHooks[$hook])) {
276: foreach ($emHooks[$hook] as $function) {
277: $string = call_user_func_array($function, $args);
278: }
279: }
280:}
|
||
danger | show_404_page | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码926:function show_404_page() {
927: if (is_file(TEMPLATE_PATH . '404.php')) {
928: header("HTTP/1.1 404 Not Found");
929: include View::getView('404');
930: exit;
931: } else {
932: emMsg('404', BLOG_URL);
933: }
934:}
|
||
danger | hash_hmac | 动态调用函数,可能存在远程代码执行的隐患 |
代码962: function hash_hmac($algo, $data, $key) {
963: $packs = array('md5' => 'H32', 'sha1' => 'H40');
964:
965: if (!isset($packs[$algo])) {
966: return false;
967: }
968:
969: $pack = $packs[$algo];
970:
971: if (strlen($key) > 64) {
972: $key = pack($pack, $algo($key));
973: } elseif (strlen($key) < 64) {
974: $key = str_pad($key, 64, chr(0));
975: }
976:
977: $ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));
978: $opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));
979:
980: return $algo($opad . pack($pack, $algo($ipad . $data)));
981: }
|
||
danger | hash_hmac | 动态调用函数,可能存在远程代码执行的隐患 |
代码962: function hash_hmac($algo, $data, $key) {
963: $packs = array('md5' => 'H32', 'sha1' => 'H40');
964:
965: if (!isset($packs[$algo])) {
966: return false;
967: }
968:
969: $pack = $packs[$algo];
970:
971: if (strlen($key) > 64) {
972: $key = pack($pack, $algo($key));
973: } elseif (strlen($key) < 64) {
974: $key = str_pad($key, 64, chr(0));
975: }
976:
977: $ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));
978: $opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));
979:
980: return $algo($opad . pack($pack, $algo($ipad . $data)));
981: }
|
||
danger | hash_hmac | 动态调用函数,可能存在远程代码执行的隐患 |
代码962: function hash_hmac($algo, $data, $key) {
963: $packs = array('md5' => 'H32', 'sha1' => 'H40');
964:
965: if (!isset($packs[$algo])) {
966: return false;
967: }
968:
969: $pack = $packs[$algo];
970:
971: if (strlen($key) > 64) {
972: $key = pack($pack, $algo($key));
973: } elseif (strlen($key) < 64) {
974: $key = str_pad($key, 64, chr(0));
975: }
976:
977: $ipad = (substr($key, 0, 64) ^ str_repeat(chr(0x36), 64));
978: $opad = (substr($key, 0, 64) ^ str_repeat(chr(0x5C), 64));
979:
980: return $algo($opad . pack($pack, $algo($ipad . $data)));
981: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | loginPage | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码68: public static function loginPage($errorCode = NULL) {
69: Option::get('login_code') == 'y' ?
70: $ckcode = "<span>验证码</span>
71: <div class=\"val\"><input name=\"imgcode\" id=\"imgcode\" type=\"text\" />
72: <img src=\"../include/lib/checkcode.php\" align=\"absmiddle\"></div>" :
73: $ckcode = '';
74: $error_msg = '';
75: if ($errorCode) {
76: switch ($errorCode) {
77: case self::LOGIN_ERROR_AUTHCODE:
78: $error_msg = '验证错误,请重新输入';
79: break;
80: case self::LOGIN_ERROR_USER:
81: $error_msg = '用户名错误,请重新输入';
82: break;
83: case self::LOGIN_ERROR_PASSWD:
84: $error_msg = '密码错误,请重新输入';
85: break;
86: }
87: }
88: require_once View::getView('login');
89: View::output();
90: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | activePlugin | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码19: function activePlugin($plugin) {
20: $active_plugins = Option::get('active_plugins');
21:
22: $ret = false;
23:
24: if (in_array($plugin, $active_plugins)) {
25: $ret = true;
26: } elseif(true === checkPlugin($plugin)) {
27: $active_plugins[] = $plugin;
28: $active_plugins = serialize($active_plugins);
29: Option::updateOption('active_plugins', $active_plugins);
30: $ret = true;
31: } else {
32: $ret = false;
33: }
34:
35: //run init callback functions
36: $r = explode('/', $plugin, 2);
37: $plugin = $r[0];
38: $callback_file = "../content/plugins/$plugin/{$plugin}_callback.php";
39: if (true === $ret && file_exists($callback_file)) {
40: require_once $callback_file;
41: if (function_exists('callback_init')) {
42: callback_init();
43: }
44: }
45: return $ret;
46: }
|
||
danger | inactivePlugin | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码51: function inactivePlugin($plugin) {
52: $active_plugins = Option::get('active_plugins');
53: if (in_array($plugin, $active_plugins)) {
54: $key = array_search($plugin, $active_plugins);
55: unset($active_plugins[$key]);
56: } else {
57: return;
58: }
59: $active_plugins = serialize($active_plugins);
60: Option::updateOption('active_plugins', $active_plugins);
61:
62: //run remove callback functions
63: $r = explode('/', $plugin, 2);
64: $plugin = $r[0];
65: $callback_file = "../content/plugins/$plugin/{$plugin}_callback.php";
66: if (file_exists($callback_file)) {
67: require_once $callback_file;
68: if (function_exists('callback_rm')) {
69: callback_rm();
70: }
71: }
72: }
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码43:$active_plugins = Option::get('active_plugins');
44:$emHooks = array();
45:if ($active_plugins && is_array($active_plugins)) {
46: foreach($active_plugins as $plugin) {
47: if(true === checkPlugin($plugin)) {
48: include_once(EMLOG_ROOT . '/content/plugins/' . $plugin);
49: }
50: }
51:}
52:
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码32: $lognum = $sta_cache['lognum'];
33: $pageurl = './?page=';
34: $logs = $Log_Model->getLogsForHome ($sqlSegment, $page, $index_lognum);
35: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
36:
37: include View::getView('header');
38: include View::getView('log');
39: include View::getView('footer');
40: View::output();
41:}
42:// 文章
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码33: $pageurl = './?page=';
34: $logs = $Log_Model->getLogsForHome ($sqlSegment, $page, $index_lognum);
35: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
36:
37: include View::getView('header');
38: include View::getView('log');
39: include View::getView('footer');
40: View::output();
41:}
42:// 文章
43:if (!empty ($logid)) {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码34: $logs = $Log_Model->getLogsForHome ($sqlSegment, $page, $index_lognum);
35: $page_url = pagination($lognum, $index_lognum, $page, $pageurl);
36:
37: include View::getView('header');
38: include View::getView('log');
39: include View::getView('footer');
40: View::output();
41:}
42:// 文章
43:if (!empty ($logid)) {
44: $Log_Model = new Log_Model();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码61: $verifyCode = ISLOGIN == false && Option::get('comment_code') == 'y' ? "<img src=\"../include/lib/checkcode.php\" /><br /><input name=\"imgcode\" type=\"text\" />" : '';
62: $comments = $Comment_Model->getComments(2, $logid, 'n', $commentPage);
63: extract($comments);
64:
65: $Log_Model->updateViewCount($logid);
66: include View::getView('header');
67: include View::getView('single');
68: include View::getView('footer');
69: View::output();
70:}
71:if (ISLOGIN === true && $action == 'write') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码62: $comments = $Comment_Model->getComments(2, $logid, 'n', $commentPage);
63: extract($comments);
64:
65: $Log_Model->updateViewCount($logid);
66: include View::getView('header');
67: include View::getView('single');
68: include View::getView('footer');
69: View::output();
70:}
71:if (ISLOGIN === true && $action == 'write') {
72: $logid = isset($_GET['id']) ? intval($_GET['id']) : '';
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码63: extract($comments);
64:
65: $Log_Model->updateViewCount($logid);
66: include View::getView('header');
67: include View::getView('single');
68: include View::getView('footer');
69: View::output();
70:}
71:if (ISLOGIN === true && $action == 'write') {
72: $logid = isset($_GET['id']) ? intval($_GET['id']) : '';
73: $Sort_Model = new Sort_Model();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码91: $tagStr = '';
92: $logid = -1;
93: $author = UID;
94: $date = '';
95: }
96: include View::getView('header');
97: include View::getView('write');
98: include View::getView('footer');
99: View::output();
100:}
101:if (ISLOGIN === true && $action == 'savelog') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码92: $logid = -1;
93: $author = UID;
94: $date = '';
95: }
96: include View::getView('header');
97: include View::getView('write');
98: include View::getView('footer');
99: View::output();
100:}
101:if (ISLOGIN === true && $action == 'savelog') {
102: $Log_Model = new Log_Model();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码93: $author = UID;
94: $date = '';
95: }
96: include View::getView('header');
97: include View::getView('write');
98: include View::getView('footer');
99: View::output();
100:}
101:if (ISLOGIN === true && $action == 'savelog') {
102: $Log_Model = new Log_Model();
103: $Tag_Model = new Tag_Model();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码232: if(!$commentArray) {
233: mMsg('参数错误', './');
234: }
235: extract($commentArray);
236: $verifyCode = ISLOGIN == false && Option::get('comment_code') == 'y' ? "<img src=\"../include/lib/checkcode.php\" /><br /><input name=\"imgcode\" type=\"text\" />" : '';
237: include View::getView('header');
238: include View::getView('reply');
239: include View::getView('footer');
240: View::output();
241:}
242:// 微语
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码233: mMsg('参数错误', './');
234: }
235: extract($commentArray);
236: $verifyCode = ISLOGIN == false && Option::get('comment_code') == 'y' ? "<img src=\"../include/lib/checkcode.php\" /><br /><input name=\"imgcode\" type=\"text\" />" : '';
237: include View::getView('header');
238: include View::getView('reply');
239: include View::getView('footer');
240: View::output();
241:}
242:// 微语
243:if ($action == 'tw' && Option::get('istwitter') == 'y') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码234: }
235: extract($commentArray);
236: $verifyCode = ISLOGIN == false && Option::get('comment_code') == 'y' ? "<img src=\"../include/lib/checkcode.php\" /><br /><input name=\"imgcode\" type=\"text\" />" : '';
237: include View::getView('header');
238: include View::getView('reply');
239: include View::getView('footer');
240: View::output();
241:}
242:// 微语
243:if ($action == 'tw' && Option::get('istwitter') == 'y') {
244: $Twitter_Model = new Twitter_Model();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码246: $tws = $Twitter_Model->getTwitters($page);
247: $twnum = $Twitter_Model->getTwitterNum();
248: $pageurl = pagination($twnum, Option::get('index_twnum'), $page, './?action=tw&page=');
249: $site_title = '微语';
250:
251: include View::getView('header');
252: include View::getView('twitter');
253: include View::getView('footer');
254: View::output();
255:}
256:if (ROLE === ROLE_ADMIN && $action == 't') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码247: $twnum = $Twitter_Model->getTwitterNum();
248: $pageurl = pagination($twnum, Option::get('index_twnum'), $page, './?action=tw&page=');
249: $site_title = '微语';
250:
251: include View::getView('header');
252: include View::getView('twitter');
253: include View::getView('footer');
254: View::output();
255:}
256:if (ROLE === ROLE_ADMIN && $action == 't') {
257: LoginAuth::checkToken();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码248: $pageurl = pagination($twnum, Option::get('index_twnum'), $page, './?action=tw&page=');
249: $site_title = '微语';
250:
251: include View::getView('header');
252: include View::getView('twitter');
253: include View::getView('footer');
254: View::output();
255:}
256:if (ROLE === ROLE_ADMIN && $action == 't') {
257: LoginAuth::checkToken();
258: $Twitter_Model = new Twitter_Model();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码304:if ($action == 'login') {
305: Option::get('login_code') == 'y' ? $ckcode = "<span>验证码</span>
306: <div class=\"val\"><img src=\"../include/lib/checkcode.php\" /><br />
307: <input name=\"imgcode\" id=\"imgcode\" type=\"text\" />
308: </div>" : $ckcode = '';
309: include View::getView('header');
310: include View::getView('login');
311: include View::getView('footer');
312: View::output();
313:}
314:if ($action == 'auth') {
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码305: Option::get('login_code') == 'y' ? $ckcode = "<span>验证码</span>
306: <div class=\"val\"><img src=\"../include/lib/checkcode.php\" /><br />
307: <input name=\"imgcode\" id=\"imgcode\" type=\"text\" />
308: </div>" : $ckcode = '';
309: include View::getView('header');
310: include View::getView('login');
311: include View::getView('footer');
312: View::output();
313:}
314:if ($action == 'auth') {
315: session_start();
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码306: <div class=\"val\"><img src=\"../include/lib/checkcode.php\" /><br />
307: <input name=\"imgcode\" id=\"imgcode\" type=\"text\" />
308: </div>" : $ckcode = '';
309: include View::getView('header');
310: include View::getView('login');
311: include View::getView('footer');
312: View::output();
313:}
314:if ($action == 'auth') {
315: session_start();
316: $username = addslashes(trim($_POST['user']));
|
||
danger | mMsg | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码331:function mMsg($msg, $url) {
332: include View::getView('header');
333: include View::getView('msg');
334: include View::getView('footer');
335: View::output();
336:}
|
||
danger | mMsg | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码331:function mMsg($msg, $url) {
332: include View::getView('header');
333: include View::getView('msg');
334: include View::getView('footer');
335: View::output();
336:}
|
||
danger | mMsg | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码331:function mMsg($msg, $url) {
332: include View::getView('header');
333: include View::getView('msg');
334: include View::getView('footer');
335: View::output();
336:}
|
||
danger | authPassword | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码337:function authPassword($postPwd, $cookiePwd, $logPwd, $logid) {
338: $pwd = $cookiePwd ? $cookiePwd : $postPwd;
339: if ($pwd !== addslashes($logPwd)) {
340: include View::getView('header');
341: include View::getView('logauth');
342: include View::getView('footer');
343: if ($cookiePwd) {
344: setcookie('em_logpwd_' . $logid, ' ', time() - 31536000);
345: }
346: View::output();
347: }else {
348: setcookie('em_logpwd_' . $logid, $logPwd);
349: }
350:}
|
||
danger | authPassword | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码337:function authPassword($postPwd, $cookiePwd, $logPwd, $logid) {
338: $pwd = $cookiePwd ? $cookiePwd : $postPwd;
339: if ($pwd !== addslashes($logPwd)) {
340: include View::getView('header');
341: include View::getView('logauth');
342: include View::getView('footer');
343: if ($cookiePwd) {
344: setcookie('em_logpwd_' . $logid, ' ', time() - 31536000);
345: }
346: View::output();
347: }else {
348: setcookie('em_logpwd_' . $logid, $logPwd);
349: }
350:}
|
||
danger | authPassword | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码337:function authPassword($postPwd, $cookiePwd, $logPwd, $logid) {
338: $pwd = $cookiePwd ? $cookiePwd : $postPwd;
339: if ($pwd !== addslashes($logPwd)) {
340: include View::getView('header');
341: include View::getView('logauth');
342: include View::getView('footer');
343: if ($cookiePwd) {
344: setcookie('em_logpwd_' . $logid, ' ', time() - 31536000);
345: }
346: View::output();
347: }else {
348: setcookie('em_logpwd_' . $logid, $logPwd);
349: }
350:}
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码33: $avatar = empty($user_cache[UID]['avatar']) ? '../admin/views/images/avatar.jpg' : '../' . $user_cache[UID]['avatar'];
34: $rcode = Option::get('reply_code') == 'y' ? "<img src=\"".DYNAMIC_BLOGURL."?action=ckcode&mode=t\" />" : '';
35:
36: $site_title = $Navi_Model->getNaviNameByType(Navi_Model::navitype_t) . ' - ' . $site_title;
37:
38: include View::getView('header');
39: require_once View::getView('t');
40: View::output();
41:}
42:
43:// 获取回复
|
||
danger | - | 文件包含操作存在动态变量或函数,可能有远程代码执行的隐患 |
代码34: $rcode = Option::get('reply_code') == 'y' ? "<img src=\"".DYNAMIC_BLOGURL."?action=ckcode&mode=t\" />" : '';
35:
36: $site_title = $Navi_Model->getNaviNameByType(Navi_Model::navitype_t) . ' - ' . $site_title;
37:
38: include View::getView('header');
39: require_once View::getView('t');
40: View::output();
41:}
42:
43:// 获取回复
44:if ($action == 'getr') {
|
等级 | 函数 | 说明 |
---|---|---|
danger | - | preg_replace第一个参数不是静态字符串,可能存在远程代码执行的隐患 |
代码63:$data = $HTTP_RAW_POST_DATA;
64:
65:$current_tag_contents = $current_tag = $message_type = $method_name = null;
66:$array_structs_types = $array_structs = $current_struct_name_array = $params = array();
67:
68:$data = preg_replace('/<\?xml.*?\?' . '>/', '', $data);
69:if (trim($data) == '') {
70: error_message(500, '错误:提交数据内容为空');
71:}
72:// 兼容php libxml模块2.7.0-2.7.3版本解析xml丢失html标签括号的bug
73:if (in_array(LIBXML_DOTTED_VERSION, array('2.7.0', '2.7.1', '2.7.2', '2.7.3'))) {
|
||
danger | - | call_user_func第0个参数包含动态变量或函数,可能有远程代码执行的隐患 |
代码82: die;
83:}
84:xml_parser_free($parser);
85:if (!array_key_exists($method_name, $api_methods)) die('unknow request');
86:
87:call_user_func($api_methods[$method_name], $params);
88:
89:/**
90: * 读取站点信息
91: */
92:function blogger_getUsersBlogs() {
|