看到论坛有人发了一这程序的文章，刚好没事情做
 
就顺便看了下
 
既然是找gs就先看看写出文件的吧
 
functionWritePhpCache($filename,$array,$arrayname)//解析二维数组并写缓存{                $cachewrite ="<?php\n if(!defined('IN_SITE')) exit('Access Denied');\n";//虽然做过处理不能直接访问 但是直觉告诉我写出的文件会被包含进来        $cachewrite.="\$".$arrayname."=array(\n";if(is_array($array)){foreach($array as $key=>$v){if(is_array($v)){                                                              $cachewrite.='"'.$key.'"=>array('."\n";foreach($v as $k=>$b){                                       $cachewrite.="\t\t".'"'.$k.'"=>"'.$b.'",'."\n";//都是双引号 ，可以代码执行}                               $cachewrite.="),\n";}else{                               $cachewrite.='"'.$key.'"=>"'.$v.'",'."\n";}}}                      $cachewrite.=");\n";                $cachewrite.="\n?>";                swritefile($filename,$cachewrite);}
调用
 
$filename ="include/data/configure.data.php";file_exists($filename)&& include $filename;果然包含了省略若干代码，，default:// www.2cto.com 后台修改配置。。                            $configcache = array ('pagesize'=>$CONFIGURE["pagesize"],'board_pagesize'=>$CONFIGURE["board_pagesize"],'title'=>$CONFIGURE["title"],'filter'=>$CONFIGURE["filter"],'weathercityno'=>$CONFIGURE["weathercityno"],'ipInterval'=>$CONFIGURE["ipInterval"],'ischeck'=>$CONFIGURE["ischeck"],'systemuser'=>$CONFIGURE["systemuser"],'weathercityno'=>$CONFIGURE['weathercityno'],'tp'=>$CONFIGURE['tp']);break;}WritePhpCache($filename,$configcache,"CONFIGURE");//写出
test.. 后台修改设置。。。