pbootcms首页加强代码,pb首页加固判断
- <?php
- // 定义为入口文件
- // PHP版本检测
- if (version_compare(phpversion(),'7.0.0','<')) {
- header('Content-Type:text/html; charset=utf-8');
- exit('您服务器PHP的版本太低,程序要求PHP版本不小于7.0');
- }
- if ($_SERVER['REQUEST_METHOD'] === 'GET') {
- $arr = $_GET;
- }
- if ($_SERVER['REQUEST_METHOD'] === 'POST'){
- $arr = $_POST;
- }
- if(count($arr) > 0){
- testArray($arr);
- }
- function testArray(array $array){
- foreach ($array as $key => $value) {
- if (!is_string($key)) {
- j404();
- }
- // 检查值是否是字符串
- if (!is_string($value)) {
- j404();
- }
- forbWord($key);
- forbWord($value);
- }
- }
- //调到指定页面,以免网站打不开
- function j404(){
- header("HTTP/1.1 301 Moved Permanently");
- header("Location: /404.html");
- exit;
- }
- //拦截所有有符号注入,极小概率对个别网站有误伤,如果误伤了,请从数组中删除
- function forbWord(string $str){
- $testwords = array('%7B','%7D','{','}','%5B','%5D','[',']','%27','%28','%29','*','%2A','\\x',';','%3B','%3C','%3E','(',')','<','>','%60','`','%22','"',"'",'select','insert','update','delete','where','drop','--','create','truncate','rename','execute','union',"\r","\n","\r\n");
- foreach($testwords as $value){
- if(stripos($str,$value) !== false){
- j404();
- }
- }
- }
- define('IS_INDEX', true);
- // 入口文件地址绑定
- define('URL_BIND', 'home');
- // 引用内核启动文件
- require dirname(__FILE__) . '/core/start.php';
|
微信扫码