firesunCN/BlueLotus_XSSReceiver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version 3.3.7

Browse Source 
去除addslashes转义(无sql),确保UI显示的是非转义的结果
This commit is contained in:
firesun
2016-02-03 21:49:16 +08:00
parent 3cb52ed6e2
commit 1669079625
4 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
api.php
View File

@@ -55,6 +55,11 @@ else if ( isset( $_GET['js_template_cmd'] ) ) {
//添加js模板 //添加js模板
case 'add': case 'add':
if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = save_js_desc( JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name'] ) $result = save_js_desc( JS_TEMPLATE_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( JS_TEMPLATE_PATH, $_POST['content'], $_POST['name'] ); && save_js_content( JS_TEMPLATE_PATH, $_POST['content'], $_POST['name'] );
echo json_encode( $result ); echo json_encode( $result );
@@ -67,6 +72,12 @@ else if ( isset( $_GET['js_template_cmd'] ) ) {
//修改js模板 //修改js模板
case 'modify': case 'modify':
if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['old_name'] = stripslashes($_POST['old_name']);
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = true; $result = true;
if ( $_POST['old_name'] != $_POST['name'] ) if ( $_POST['old_name'] != $_POST['name'] )
$result = delete_js( JS_TEMPLATE_PATH, $_POST['old_name'] ); $result = delete_js( JS_TEMPLATE_PATH, $_POST['old_name'] );
@@ -85,16 +96,22 @@ else if ( isset( $_GET['js_template_cmd'] ) ) {
//获取某一js模板的内容 //获取某一js模板的内容
case 'get': case 'get':
if ( isset( $_GET['name'] ) ) if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( load_js_content( JS_TEMPLATE_PATH, $_GET['name'] ) ); echo json_encode( load_js_content( JS_TEMPLATE_PATH, $_GET['name'] ) );
}
else else
echo json_encode( false ); echo json_encode( false );
break; break;
//删除js模板 //删除js模板
case 'del': case 'del':
if ( isset( $_GET['name'] ) ) if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( delete_js( JS_TEMPLATE_PATH, $_GET['name'] ) ); echo json_encode( delete_js( JS_TEMPLATE_PATH, $_GET['name'] ) );
}
else else
echo json_encode( false ); echo json_encode( false );
break; break;
@@ -119,6 +136,11 @@ else if ( isset( $_GET['my_js_cmd'] ) ) {
//添加js模板 //添加js模板
case 'add': case 'add':
if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { if ( isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = save_js_desc( MY_JS_PATH, $_POST['desc'], $_POST['name'] ) $result = save_js_desc( MY_JS_PATH, $_POST['desc'], $_POST['name'] )
&& save_js_content( MY_JS_PATH, $_POST['content'], $_POST['name'] ); && save_js_content( MY_JS_PATH, $_POST['content'], $_POST['name'] );
echo json_encode( $result ); echo json_encode( $result );
@@ -131,6 +153,12 @@ else if ( isset( $_GET['my_js_cmd'] ) ) {
//修改js模板 //修改js模板
case 'modify': case 'modify':
if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) { if ( isset( $_POST['old_name'] ) && isset( $_POST['name'] ) && isset( $_POST['desc'] ) && isset( $_POST['content'] ) ) {
if (get_magic_quotes_gpc()) {
$_POST['old_name'] = stripslashes($_POST['old_name']);
$_POST['name'] = stripslashes($_POST['name']);
$_POST['desc'] = stripslashes($_POST['desc']);
$_POST['content'] = stripslashes($_POST['content']);
}
$result = true; $result = true;
if ( $_POST['old_name'] != $_POST['name'] ) if ( $_POST['old_name'] != $_POST['name'] )
$result = delete_js( MY_JS_PATH, $_POST['old_name'] ); $result = delete_js( MY_JS_PATH, $_POST['old_name'] );
@@ -147,16 +175,22 @@ else if ( isset( $_GET['my_js_cmd'] ) ) {
//获取某一js模板的内容 //获取某一js模板的内容
case 'get': case 'get':
if ( isset( $_GET['name'] ) ) if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( load_js_content( MY_JS_PATH, $_GET['name'] ) ); echo json_encode( load_js_content( MY_JS_PATH, $_GET['name'] ) );
}
else else
echo json_encode( false ); echo json_encode( false );
break; break;
//删除js模板 //删除js模板
case 'del': case 'del':
if ( isset( $_GET['name'] ) ) if ( isset( $_GET['name'] ) ) {
if (get_magic_quotes_gpc())
$_POST['name'] = stripslashes($_POST['name']);
echo json_encode( delete_js( MY_JS_PATH, $_GET['name'] ) ); echo json_encode( delete_js( MY_JS_PATH, $_GET['name'] ) );
}
else else
echo json_encode( false ); echo json_encode( false );
break; break;

10
dio.php
View File

@@ -50,7 +50,7 @@ function load_xss_record( $id ) {
$isChange = false; $isChange = false;
if ( !isset( $info['location'] ) ) { if ( !isset( $info['location'] ) ) {
$info['location'] = stripStr( convertip( $info['user_IP'], IPDATA_PATH ) ); $info['location'] = convertip( $info['user_IP'], IPDATA_PATH );
$isChange = true; $isChange = true;
} }
@@ -116,7 +116,7 @@ function list_xss_record_detail() {
$isChange = false; $isChange = false;
//如果没有设置location就查询qqwry.dat判断location //如果没有设置location就查询qqwry.dat判断location
if ( !isset( $info['location'] ) ) { if ( !isset( $info['location'] ) ) {
$info['location'] = stripStr( convertip( $info['user_IP'], IPDATA_PATH ) ); $info['location'] = convertip( $info['user_IP'], IPDATA_PATH );
$isChange = true; $isChange = true;
} }
@@ -216,7 +216,7 @@ function list_js_name_and_desc( $path ) {
$filename = preg_replace( '/^.+[\\\\\\/]/', '', $file ); $filename = preg_replace( '/^.+[\\\\\\/]/', '', $file );
$filename = substr( $filename, 0, strlen( $filename ) - 3 ); $filename = substr( $filename, 0, strlen( $filename ) - 3 );
$item['js_name'] = $filename; $item['js_name'] = $filename;
$item['js_name_abbr'] = stripStr( $filename ); $item['js_name_abbr'] = htmlspecialchars($filename, ENT_QUOTES, 'UTF-8');
$result = @file_get_contents( dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc' ); $result = @file_get_contents( dirname(__FILE__) . '/' . $path . '/' . $filename . '.desc' );
$result = $result ? $result : ""; $result = $result ? $result : "";
@@ -228,9 +228,9 @@ function list_js_name_and_desc( $path ) {
$result = "加密密码不符,无法获得描述"; $result = "加密密码不符,无法获得描述";
$item['js_description'] = $result; $item['js_description'] = $result;
$item['js_description_abbr'] = stripStr( $result ); $item['js_description_abbr'] = htmlspecialchars($result, ENT_QUOTES, 'UTF-8');
//特别注意只有js_name_abbrjs_description_abbr经过stripStr处理 //特别注意只有js_name_abbrjs_description_abbr经过htmlspecialchars处理
$list[] = $item; $list[] = $item;
} }

4
functions.php
View File

@@ -48,7 +48,7 @@ function isKeepSession($info) {
function stripStr($str) { function stripStr($str) {
if (get_magic_quotes_gpc()) if (get_magic_quotes_gpc())
$str = stripslashes($str); $str = stripslashes($str);
return addslashes(htmlspecialchars($str, ENT_QUOTES, 'UTF-8')); return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
} }
function stripArr($arr) { function stripArr($arr) {
@@ -121,7 +121,7 @@ function decrypt($info) {
return $info; return $info;
} }
//基于Discuz X3.1 function_misc.php //基于Discuz X3.1 function_misc.php 函数已过滤,可直接输出
function convertip($ip, $ipdatafile) { function convertip($ip, $ipdatafile) {
$ipaddr = '未知'; $ipaddr = '未知';
if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) { if (preg_match("/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/", $ip)) {

4
keepsession.php
View File

@@ -75,7 +75,7 @@ function getCookie($info)
else if (isset($info['cookie_data']['cookie']) && $info['cookie_data']['cookie'] != "") else if (isset($info['cookie_data']['cookie']) && $info['cookie_data']['cookie'] != "")
$cookie = $info['cookie_data']['cookie']; $cookie = $info['cookie_data']['cookie'];
return htmlspecialchars_decode(stripslashes($cookie), ENT_QUOTES); return htmlspecialchars_decode($cookie, ENT_QUOTES);
} }
@@ -98,5 +98,5 @@ function getLocation($info)
else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "") else if (isset($info['headers_data']['Referer']) && $info['headers_data']['Referer'] != "")
$location = $info['headers_data']['Referer']; $location = $info['headers_data']['Referer'];
return htmlspecialchars_decode(stripslashes($location), ENT_QUOTES); return htmlspecialchars_decode($location, ENT_QUOTES);
} }