This action will force synchronization from 微擎/开源版微擎系统, which will overwrite any changes that you have made since you forked the repository, and can not be recovered!!!
Synchronous operation will process in the background and will refresh the page when finishing processing. Please be patient.
<?php/*** 提供系统安全获取传入值* [WeEngine System] Copyright (c) 2013 WE7.CC*/defined('IN_IA') or exit('Access Denied');/*** 从GPC中获取一个数字* @param unknown $value* @param string $default*/function safe_gpc_int($value, $default = 0) {//如果包含小数点,优先按float对待//否则一律按int对待if (strpos($value, '.') !== false) {$value = floatval($value);$default = floatval($default);} else {$value = intval($value);$default = intval($default);}if (empty($value) && $default != $value) {$value = $default;}return $value;}function safe_gpc_belong($value, $allow = array(), $default = '') {if (empty($allow)) {return $default;}if (in_array($value, $allow, true)) {return $value;} else {return $default;}}/*** 转换一个安全字符串* @param mixed $value* @param string $default* @return string*/function safe_gpc_string($value, $default = '') {$value = safe_bad_str_replace($value);$value = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\1円', $value);if (empty($value) && $default != $value) {$value = $default;}return $value;}/*** 转换一个安全路径* @param string $value* @param string $default* @return string*/function safe_gpc_path($value, $default = '') {$path = safe_gpc_string($value);$path = str_replace(array('..', '..\\', '\\\\' ,'\\', '..\\\\'), '', $path);if (empty($path) || $path != $value) {$path = $default;}return $path;}/*** 转换一个安全的字符串型数组* @param unknown $value* @param array $default*/function safe_gpc_array($value, $default = array()) {if (empty($value) || !is_array($value)) {return $default;}foreach ($value as &$row) {if (is_numeric($row)) {$row = safe_gpc_int($row);} elseif (is_array($row)) {$row = safe_gpc_array($row, $default);} else {$row = safe_gpc_string($row);}}return $value;}/*** 转换一个安全的布尔值* @param mixed $value* @param boolean $default* @return boolean*/function safe_gpc_boolean($value, $default = false) {$value = safe_gpc_int($value, $default);return empty($value) ? false : true;}/*** 转换一个安全HTML数据*/function safe_gpc_html($value, $default = '') {if (empty($value) || !is_string($value)) {return $default;}$value = safe_bad_str_replace($value);$value = safe_remove_xss($value);if (empty($value) && $value != $default) {$value = $default;}return $value;}function safe_gpc_sql($value, $operator = 'ENCODE', $default = '') {if (empty($value) || !is_string($value)) {return $default;}$value = trim(strtolower($value));$badstr = array('_', '%', "'", chr(39),'select', 'join', 'union','where', 'insert', 'delete','update', 'like', 'drop','create', 'modify', 'rename','alter', 'cast',);$newstr = array('\_', '\%', "''", ''','select"', 'join', 'union','where', 'insert', 'delete','update', 'like', 'drop','create', 'modify', 'rename"','alter', 'cas',);if ($operator == 'ENCODE') {$value = str_replace($badstr, $newstr, $value);} else {$value = str_replace($newstr, $badstr, $value);}return $value;}/*** 转换一个安全URL* @param $_GPC中的值* @param boolean $strict_domain 是否严格限制只能为当前域下的URL* @param string $default*/function safe_gpc_url($value, $strict_domain = true, $default = '') {global $_W;if (empty($value) || !is_string($value)) {return $default;}$value = urldecode($value);if (starts_with($value, './')) {return $value;}if ($strict_domain) {if (starts_with($value, $_W['siteroot'])) {return $value;}return $default;}if (starts_with($value, 'http') || starts_with($value, '//')) {return $value;}return $default;}/*** 去掉可能造成xss攻击的字符* @param $val $string 需处理的字符串*/function safe_remove_xss($val) {$val = preg_replace('/([\x0e-\x19])/', '', $val);$search = 'abcdefghijklmnopqrstuvwxyz';$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';$search .= '1234567890!@#$%^&*()';$search .= '~`";:?+/={}[]-_|\'\\';for ($i = 0; $i < strlen($search); $i++) {$val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val);$val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val);}preg_match_all('/href=[\'|\"](.*?)[\'|\"]|src=[\'|\"](.*?)[\'|\"]/i', $val, $matches);$url_list = array_merge($matches[1], $matches[2]);$encode_url_list = array();if (!empty($url_list)) {foreach ($url_list as $key => $url) {$val = str_replace($url, 'we7_' . $key . '_we7placeholder', $val);$encode_url_list[] = $url;}}$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'script', 'embed', 'object', 'frameset', 'ilayer', 'bgsound', 'base');$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload', '@import');$ra = array_merge($ra1, $ra2);$found = true;while ($found == true) {$val_before = $val;for ($i = 0; $i < sizeof($ra); $i++) {$pattern = '/';for ($j = 0; $j < strlen($ra[$i]); $j++) {if ($j > 0) {$pattern .= '(';$pattern .= '(&#[xX]0{0,8}([9ab]);)';$pattern .= '|';$pattern .= '|(�{0,8}([9|10|13]);)';$pattern .= ')*';}$pattern .= $ra[$i][$j];}$pattern .= '/i';$replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);$val = preg_replace($pattern, $replacement, $val);if ($val_before == $val) {$found = false;}}}if (!empty($encode_url_list) && is_array($encode_url_list)) {foreach ($encode_url_list as $key => $url) {$val = str_replace('we7_' . $key . '_we7placeholder', $url, $val);}}return $val;}function safe_bad_str_replace($string) {if (empty($string)) {return '';}$badstr = array("0円", "%00", "%3C", "%3E", '<?', '<%', '<?php', '{php', '{if', '{loop', '../');$newstr = array('_', '_', '<', '>', '_', '_', '_', '_', '_', '_', '.._');$string = str_replace($badstr, $newstr, $string);return $string;}/*** 检测密码强度* @param $password* @return array|bool*/function safe_check_password($password) {$setting = setting_load('register');if (!$setting['register']['safe']) {return true;}preg_match(PASSWORD_STRONG_REGULAR, $password, $out);if (empty($out)) {return error(-1, PASSWORD_STRONG_STATE);} else {return true;}}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。