hdwiki 注释

class hdwiki {1616  17+ // get 变量1718var $get = array(); 19+ // post 变量1820var $post = array(); 21+ // 查询字串1922var $querystring;2023 2124function __construct() {2225 ......@@ -23,12 +26,17 @@2326$this->load_control();2427}2528  29+ /** 30+ * 初始化请求 31+ */2632function init_request() {2733if (!file_exists(HDWIKI_ROOT . '/data/install.lock')) {2834header('location:install/install.php');2935exit();3036}3137header('Content-type: text/html; charset=' . WIKI_CHARSET); 38+ 39+ // 处理 get 数据3240$querystring = str_replace("'", "", urldecode($_SERVER['QUERY_STRING']));3341if (strpos($querystring, 'plugin-hdapi-hdapi-default') !== false) {3442$querystring = str_replace('plugin-hdapi-', '', $querystring);3543 3644 3745 3846 3947 ......@@ -39,25 +47,35 @@3947}4048$this->get = explode('-', $querystring);4149  50+ // 是get, post变量为空, 不是admin入口4251if (count($this->get) <= 3 && count($_POST) == 0 && substr($querystring, 0, 6) == 'admin_' && substr($querystring, 0, 10) != 'admin_main') {4352$this->querystring = $querystring;4453}4554  55+ // 默认是首页4656if (empty($this->get[0])) {4757$this->get[0] = 'index';4858} 59+ 60+ // 默认是default动作4961if (empty($this->get[1])) {5062$this->get[1] = 'default';5163} 64+ 65+ // 变量数很少, 退出操作5266if (count($this->get) < 2) {5367exit(' Access Denied !');5468}5569 5670//unset($_ENV, $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_SERVER_VARS, $HTTP_ENV_VARS); 71+ 72+ // 转义, 操作 post, 操作cookie5773$this->get = string::haddslashes($this->get, 1);5874$this->post = string::haddslashes($_POST);5975$_COOKIE = string::haddslashes($_COOKIE);6076$this->checksecurity(); 77+ 78+ // 收拾变量6179$remain = array('_SERVER', '_FILES', '_COOKIE', 'GLOBALS', 'starttime', 'mquerynum');6280foreach ($GLOBALS as $key => $value) {6381if (!in_array($key, $remain)) {6482 ......@@ -66,8 +84,11 @@6684}6785}6886  87+ /** 88+ * 加载控制文件 89+ */6990function load_control() {7091-7192+ // 如果是插件7293if ($this->get[0] == 'plugin') {7394if (empty($this->get[2])) {7495$this->get[2] = $this->get[1];......@@ -91,6 +112,9 @@91112}92113}93114  115+ /** 116+ * 函数运行模块 117+ */94118function run() {95119$control = new control($this->get, $this->post);96120if ($this->querystring) {......@@ -102,8 +126,7 @@102126$exemption = false;103127$method = 'do' . $this->get[1];104128}105 - if ($control->user['uid'] == 0 && $control->setting['close_website'] === '1' && strpos('dologin,dologout,docheckusername,docheckcode,docode', $method) === false106 - ) { 129+ if ($control->user['uid'] == 0 && $control->setting['close_website'] === '1' && strpos('dologin,dologout,docheckusername,docheckcode,docode', $method) === false ) {107130exit($control->setting['close_website_reason']);108131}109132 110133 111134 112135 ......@@ -121,19 +144,29 @@121144}122145}123146  147+ /** 148+ * 404 页面 149+ * @param $error 150+ */124151function notfound($error) {125152@header('HTTP/1.0 404 Not Found');126153exit("<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\"><html><head><title>404 Not Found</title></head><body><h1>404 Not Found</h1><p> $error </p></body></html>");127154}128155  156+ /** 157+ * 检查输入的词中是否有特殊文字 158+ */129159function checksecurity() {130160$check_array = array(131161'get' => array('cast', 'exec', 'insert', 'select', 'delete', 'update', 'execute', 'from', 'declare', 'varchar', 'script', 'iframe', ';', '0x', '<', '>', '\\', '%27', '%22', '(', ')'),132162);133163foreach ($check_array as $check_key => $check_val) { 164+ // $this->check_key 165+ // $this->get134166if (!empty($this->$check_key)) {135167foreach ($this->$check_key as $getvalue) {136168foreach ($check_val as $invalue) { 169+ // 检测get值 范围中存在137170if (stripos($getvalue, $invalue) !== false) {138171exit('No Aceess!注意敏感词!');139172}......@@ -143,7 +176,4 @@143176}144177}145178}146 -147 -148 -?>