Asking about the security of three lines of code_PHP tutorial-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

Asking about the security of three lines of code_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jul 13, 2016 am 10:51 AM

e explode file foreach get code safety beg of question

Ask about the security issues of three lines of code

$js = explode(',',$_GET['js']);

foreach ($js as $file) {

echo file_get_contents('./public/js/'.$file.'.js')."n";

}

Is there any way for an attacker to copy the code and read the PHP file on the server

[ ]

Let me answer

D8888D reply content------------------------------------------------- ----------

$js = $_GET['js'];

$js = explode(',',$js);

$error = null;

!is_array($js) && $error +=1;

$str = null;

foreach ($js as $file) {

eregi('[[:punct:]]',$file) && $error +=1;

$files = "./public/js/{$file}.js";

if (is_file($files))

$str .= file_get_contents($files)."n";

}

if($error!==null)

exit('error');

echo $str;

?>

Copy code [ ]

D8888D reply content------------------------------------------------- ----------
Thank you Yu An
I don’t care how to deal with the error, but what I want to know is whether it is possible for hackers to bypass the .js suffix restriction and access php files
Anyway, no one except hackers can use it
Just add error_reporting(0); for errors
Just read this article
[url=http://www.111cn.cn/html/18/t-3418.html]Link tag http://www.111cn.cn/html/18/t-3418.html[/url]

D8888D reply content------------------------------------------------- ----------
Habits must be developed well.. Process control is good..

For maintenance.

D8888D reply content------------------------------------------------- ----------
Yeah, yeah,
Do you find it easy to bypass restrictions

D8888D reply content------------------------------------------------- ----------
Look at your code.,

Read the file, and read it in a loop... I can't figure out what program needs this structure...

D8888D reply content------------------------------------------------- ----------
Not bad

D8888D reply content------------------------------------------------- ----------
My code is for js loading. Put all js into one file to reduce the number of requests
For example
Pages that need to load jquery, fckeditor and do not require thnikbox can use js=jquery, fckeditor
The code is very simple and the efficiency should be the same as loading a file directly

D8888D reply content------------------------------------------------- ----------
No matter how many js files there are on a page, they can only be scripted once

D8888D reply content------------------------------------------------- ----------
Do not include files uploaded by $_GET
PHP can include remote files

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks ago By DDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks ago By DDD

Nordhold: Fusion System, Explained

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Java Tutorial

1666

CakePHP Tutorial

1426

Laravel Tutorial

1328

PHP Tutorial

1273

C# Tutorial

1254

Related knowledge

Security challenges in Golang development: How to avoid being exploited for virus creation? Mar 19, 2024 pm 12:39 PM

Security challenges in Golang development: How to avoid being exploited for virus creation? With the wide application of Golang in the field of programming, more and more developers choose to use Golang to develop various types of applications. However, like other programming languages, there are security challenges in Golang development. In particular, Golang's power and flexibility also make it a potential virus creation tool. This article will delve into security issues in Golang development and provide some methods to avoid G

GE universal remote codes program on any device Mar 02, 2024 pm 01:58 PM

If you need to program any device remotely, this article will help you. We will share the top GE universal remote codes for programming any device. What is a GE remote control? GEUniversalRemote is a remote control that can be used to control multiple devices such as smart TVs, LG, Vizio, Sony, Blu-ray, DVD, DVR, Roku, AppleTV, streaming media players and more. GEUniversal remote controls come in various models with different features and functions. GEUniversalRemote can control up to four devices. Top Universal Remote Codes to Program on Any Device GE remotes come with a set of codes that allow them to work with different devices. you may

How to use Copilot to generate code Mar 23, 2024 am 10:41 AM

As a programmer, I get excited about tools that simplify the coding experience. With the help of artificial intelligence tools, we can generate demo code and make necessary modifications as per the requirement. The newly introduced Copilot tool in Visual Studio Code allows us to create AI-generated code with natural language chat interactions. By explaining functionality, we can better understand the meaning of existing code. How to use Copilot to generate code? To get started, we first need to get the latest PowerPlatformTools extension. To achieve this, you need to go to the extension page, search for "PowerPlatformTool" and click the Install button

PHP returns an array with key values flipped Mar 21, 2024 pm 02:10 PM

This article will explain in detail how PHP returns an array after key value flipping. The editor thinks it is quite practical, so I share it with you as a reference. I hope you can gain something after reading this article. PHP Key Value Flip Array Key value flip is an operation on an array that swaps the keys and values in the array to generate a new array with the original key as the value and the original value as the key. Implementation method In PHP, you can perform key-value flipping of an array through the following methods: array_flip() function: The array_flip() function is specially used for key-value flipping operations. It receives an array as argument and returns a new array with the keys and values swapped. $original_array=[

What is the relationship between memory management techniques and security in Java functions? May 02, 2024 pm 01:06 PM

Memory management in Java involves automatic memory management, using garbage collection and reference counting to allocate, use and reclaim memory. Effective memory management is crucial for security because it prevents buffer overflows, wild pointers, and memory leaks, thereby improving the safety of your program. For example, by properly releasing objects that are no longer needed, you can avoid memory leaks, thereby improving program performance and preventing crashes.

How to use PHP explode function and solve errors Mar 10, 2024 am 09:18 AM

The explode function in PHP is a function used to split a string into an array. It is very common and flexible. In the process of using the explode function, we often encounter some errors and problems. This article will introduce the basic usage of the explode function and provide some methods to solve the error reports. 1. Basic usage of the explode function In PHP, the basic syntax of the explode function is as follows: explode(string$separator,string$stri

Tsinghua University and Zhipu AI open source GLM-4: launching a new revolution in natural language processing Jun 12, 2024 pm 08:38 PM

Since the launch of ChatGLM-6B on March 14, 2023, the GLM series models have received widespread attention and recognition. Especially after ChatGLM3-6B was open sourced, developers are full of expectations for the fourth-generation model launched by Zhipu AI. This expectation has finally been fully satisfied with the release of GLM-4-9B. The birth of GLM-4-9B In order to give small models (10B and below) more powerful capabilities, the GLM technical team launched this new fourth-generation GLM series open source model: GLM-4-9B after nearly half a year of exploration. This model greatly compresses the model size while ensuring accuracy, and has faster inference speed and higher efficiency. The GLM technical team’s exploration has not

Create and run Linux ".a" files Mar 20, 2024 pm 04:46 PM

Working with files in the Linux operating system requires the use of various commands and techniques that enable developers to efficiently create and execute files, code, programs, scripts, and other things. In the Linux environment, files with the extension ".a" have great importance as static libraries. These libraries play an important role in software development, allowing developers to efficiently manage and share common functionality across multiple programs. For effective software development in a Linux environment, it is crucial to understand how to create and run ".a" files. This article will introduce how to comprehensively install and configure the Linux ".a" file. Let's explore the definition, purpose, structure, and methods of creating and executing the Linux ".a" file. What is L

See all articles