更新核心框架

liu21st · liu21st · commit 7ea182007ec1 · 2014-12-13T17:23:35.000+08:00
diff --git a/wwwroot/ThinkPHP/Common/functions.php b/wwwroot/ThinkPHP/Common/functions.php
@@ -341,6 +341,7 @@ function I($name,$default='',$filter=null,$datas=null) {
     }else{ // 变量默认值
         $data       =    isset($default)?$default:NULL;
     }
+    is_array($data) && array_walk_recursive($data,'think_filter');
     return $data;
 }
 
@@ -1471,3 +1472,12 @@ function send_http_status($code) {
 function in_array_case($value,$array){
     return in_array(strtolower($value),array_map('strtolower',$array));
 }
+
+function think_filter(&$value){
+    // TODO 其他安全过滤
+
+    // 过滤查询特殊字符
+    if(preg_match('/^(EXP|NEQ|GT|EGT|LT|ELT|OR|LIKE|NOTLIKE|BETWEEN|IN)$/i',$value)){
+        $value .= ' ';
+    }
+}
diff --git a/wwwroot/ThinkPHP/Library/Think/App.class.php b/wwwroot/ThinkPHP/Library/Think/App.class.php
@@ -34,6 +34,13 @@ static public function init() {
         // URL调度
         Dispatcher::dispatch();
 
+        if(C('REQUEST_VARS_FILTER')){
+            // 全局安全过滤
+            array_walk_recursive($_GET,     'think_filter');
+            array_walk_recursive($_POST,    'think_filter');
+            array_walk_recursive($_REQUEST, 'think_filter');
+        }
+
         // URL调度结束标签
         Hook::listen('url_dispatch');         
 
@@ -150,6 +157,7 @@ static public function exec() {
                             }
                         }                        
                     }
+                    array_walk_recursive($args,'think_filter');
                     $method->invokeArgs($module,$args);
                 }else{
                     $method->invoke($module);

Original file line number	Diff line number	Diff line change
`@@ -341,6 +341,7 @@ function I($name,$default='',$filter=null,$datas=null) {`
`341`	`341`	`}else{ // 变量默认值`
`342`	`342`	`$data = isset($default)?$default:NULL;`
`343`	`343`	`}`
	`344`	`+ is_array($data) && array_walk_recursive($data,'think_filter');`
`344`	`345`	`return $data;`
`345`	`346`	`}`
`346`	`347`
`@@ -1471,3 +1472,12 @@ function send_http_status($code) {`
`1471`	`1472`	`function in_array_case($value,$array){`
`1472`	`1473`	`return in_array(strtolower($value),array_map('strtolower',$array));`
`1473`	`1474`	`}`
	`1475`	`+`
	`1476`	`+function think_filter(&$value){`
	`1477`	`+ // TODO 其他安全过滤`
	`1478`	`+`
	`1479`	`+ // 过滤查询特殊字符`
	`1480`	`+ if(preg_match('/^(EXP\|NEQ\|GT\|EGT\|LT\|ELT\|OR\|LIKE\|NOTLIKE\|BETWEEN\|IN)$/i',$value)){`
	`1481`	`+ $value .= ' ';`
	`1482`	`+ }`
	`1483`	`+}`
Original file line number	Diff line number	Diff line change
`@@ -34,6 +34,13 @@ static public function init() {`
`34`	`34`	`// URL调度`
`35`	`35`	`Dispatcher::dispatch();`
`36`	`36`
	`37`	`+ if(C('REQUEST_VARS_FILTER')){`
	`38`	`+ // 全局安全过滤`
	`39`	`+ array_walk_recursive($_GET, 'think_filter');`
	`40`	`+ array_walk_recursive($_POST, 'think_filter');`
	`41`	`+ array_walk_recursive($_REQUEST, 'think_filter');`
	`42`	`+ }`
	`43`	`+`
`37`	`44`	`// URL调度结束标签`
`38`	`45`	`Hook::listen('url_dispatch');`
`39`	`46`
`@@ -150,6 +157,7 @@ static public function exec() {`
`150`	`157`	`}`
`151`	`158`	`}`
`152`	`159`	`}`
	`160`	`+ array_walk_recursive($args,'think_filter');`
`153`	`161`	`$method->invokeArgs($module,$args);`
`154`	`162`	`}else{`
`155`	`163`	`$method->invoke($module);`