来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] 不好好的通过修改造成漏洞的代码 而是通过修改过滤函数。 现在的过滤函数, 虽然我是绕不过去了。但是还是能找到几处能出数据的。之前未通过,这次两个打个包来。P S:这很不好意思...
不好好的通过修改造成漏洞的代码 而是通过修改过滤函数。 第一枚。 第一枚就不分析代码了。
elseif ($act=='make4_save') { $resume_education=get_resume_education($_SESSION['uid'],$_REQUEST['pid']); if (count($resume_education)>=6) showmsg('教育经历不能超过6条!',1,$link); $setsqlarr['uid']=intval($_SESSION['uid']); $setsqlarr['pid']=intval($_REQUEST['pid']); if ($setsqlarr['uid']==0 || $setsqlarr['pid']==0 ) showmsg('参数错误!',1); $setsqlarr['start']=trim($_POST['start'])?$_POST['start']:showmsg('请填写开始时间!',1,$link); $setsqlarr['endtime']=trim($_POST['endtime'])?$_POST['endtime']:showmsg('请填写结束时间!',1,$link); $setsqlarr['school']=trim($_POST['school'])?$_POST['school']:showmsg('请填写学校名称!',1,$link); $setsqlarr['speciality']=trim($_POST['speciality'])?$_POST['speciality']:showmsg('请填写专业名称!',1,$link); $setsqlarr['education']=trim($_POST['education'])?$_POST['education']:showmsg('请选择获得学历!',1,$link); $setsqlarr['education_cn']=trim($_POST['education_cn'])?$_POST['education_cn']:showmsg('请选择获得学历!',1,$link); if (inserttable(table('resume_education'),$setsqlarr)) { check_resume($_SESSION['uid'],intval($_REQUEST['pid']));
function check_resume($uid,$pid) { global $db,$timestamp,$_CFG; $uid=intval($uid); $pid=intval($pid); $percent=0; $resume_basic=get_resume_basic($uid,$pid); $resume_intention=$resume_basic['intention_jobs']; $resume_specialty=$resume_basic['specialty']; $resume_education=get_resume_education($uid,$pid); if (!empty($resume_basic))$percent=$percent+15; if (!empty($resume_intention))$percent=$percent+15; if (!empty($resume_specialty))$percent=$percent+15; if (!empty($resume_education))$percent=$percent+15; if ($resume_basic['photo_img'] && $resume_basic['photo_audit']=="1" && $resume_basic['photo_display']=="1") { $setsqlarr['photo']=1; } else { $setsqlarr['photo']=0; } if ($percent<60) { $setsqlarr['complete_percent']=$percent; $setsqlarr['complete']=2; } else { $resume_work=get_resume_work($uid,$pid); $resume_training=get_resume_training($uid,$pid); $resume_photo=$resume_basic['photo_img']; if (!empty($resume_work))$percent=$percent+13; if (!empty($resume_training))$percent=$percent+13; if (!empty($resume_photo))$percent=$percent+14; $setsqlarr['complete']=1; $setsqlarr['complete_percent']=$percent; require_once(QISHI_ROOT_PATH.'include/splitword.class.php'); $sp = new SPWord(); $setsqlarr['key']=$resume_basic['intention_jobs'].$resume_basic['recentjobs'].$resume_basic['specialty']; $setsqlarr['key']="{$resume_basic['fullname']} ".$sp->extracttag($setsqlarr['key']); $setsqlarr['key']=str_replace(","," ",$resume_basic['intention_jobs'])." {$setsqlarr['key']} {$resume_basic['education_cn']}"; $setsqlarr['key']=$sp->pad($setsqlarr['key']); if (!empty($resume_education)) { foreach($resume_education as $li) { $setsqlarr['key']="{$li['school']} {$setsqlarr['key']} {$li['speciality']}"; } } $setsqlarr['refreshtime']=$timestamp; } updatetable(table('resume'),$setsqlarr,"uid='{$uid}' AND id='{$pid}'"); updatetable(table('resume_tmp'),$setsqlarr,"uid='{$uid}' AND id='{$pid}'");
$setsqlarr['key']=$resume_basic['intention_jobs'].$resume_basic['recentjobs'].$resume_basic['specialty']; $setsqlarr['key']="{$resume_basic['fullname']} ".$sp->extracttag($setsqlarr['key']); $setsqlarr['key']=str_replace(","," ",$resume_basic['intention_jobs'])." {$setsqlarr['key']} {$resume_basic['education_cn']}"; $setsqlarr['key']=$sp->pad($setsqlarr['key']); if (!empty($resume_education)) { foreach($resume_education as $li) { $setsqlarr['key']="{$li['school']} {$setsqlarr['key']} {$li['speciality']}"; } } $setsqlarr['refreshtime']=$timestamp; } updatetable(table('resume'),$setsqlarr,"uid='{$uid}' AND id='{$pid}'"); updatetable(table('resume_tmp'),$setsqlarr,"uid='{$uid}' AND id='{$pid}'");
真的应该好好的修改代码 而不是光修改过滤函数。 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com