PHP探秘(一)--魔术引用(3):ucenter对魔术引用的处理(addslash)
ucenter对魔术引用的处理是不安全的。$_GET = daddslashes($_GET, 1, TRUE);$_POST = daddslashes($_POST, 1, TRUE);$_COOKIE = daddslashes($_COOKIE, 1, TRUE);$_SERVER = daddslashes($_SERVER);$_FILES = daddslashes($_FILES);$_REQUEST = daddslashes($_REQUEST, 1, TRUE);function daddslashes($string, $force = 0, $strip = FALSE) { if(!MAGIC_QUOTES_GPC || $force) { if(is_array($string)) { foreach($string as $key => $val) { $string[$key] = daddslashes($val, $force, $strip); } } else { $string = addslashes($strip ? stripslashes($string) : $string); } } return $string;}
页:
[1]