1. 极安网首页
  2. 网络安全技术

ThinkPHP 3.x 注入漏洞

  1. protected function parseWhere($where) {
  2.         $whereStr = '';
  3.         if(is_string($where)) {
  4.             // 直接使用字符串条件
  5.             $whereStr = $where;
  6.         }else// 使用数组表达式
  7.             $operate  = isset($where['_logic'])?strtoupper($where['_logic']):'';
  8.             if(in_array($operate,array('AND','OR','XOR'))){
  9.                 // 定义逻辑运算规则 例如 OR XOR AND NOT
  10.                 $operate    =   ' '.$operate.' ';
  11.                 unset($where['_logic']);
  12.             }else{
  13.                 // 默认进行 AND 运算
  14.                 $operate    =   ' AND ';
  15.             }
  16.             foreach ($where as $key=>$val){
  17.                 if(is_numeric($key)){
  18.                     $key  = '_complex';
  19.                 }
  20.                 if(0===strpos($key,'_')) {
  21.                     // 解析特殊条件表达式
  22.                     $whereStr   .= $this->parseThinkWhere($key,$val);
  23.                 }else{
  24.                     // 查询字段的安全过滤
  25.                     // if(!preg_match('/^[A-Z_\|\&\-.a-z0-9\(\)\,]+$/',trim($key))){
  26.                     //     E(L('_EXPRESS_ERROR_').':'.$key);
  27.                     // }
  28.                     // 多条件支持
  29.                     $multi  = is_array($val) &&  isset($val['_multi']);
  30.                     $key    = trim($key);
  31.                     if(strpos($key,'|')) { // 支持 name|title|nickname 方式定义查询字段
  32.                         $array =  explode('|',$key);
  33.                         $str   =  array();
  34.                         foreach ($array as $m=>$k){
  35.                             $v =  $multi?$val[$m]:$val;
  36.                             $str[]   = $this->parseWhereItem($this->parseKey($k),$v);
  37.                         }
  38.                         $whereStr .= '( '.implode(' OR ',$str).' )';
  39.                     }elseif(strpos($key,'&')){
  40.                         $array =  explode('&',$key);
  41.                         $str   =  array();
  42.                         foreach ($array as $m=>$k){
  43.                             $v =  $multi?$val[$m]:$val;
  44.                             $str[]   = '('.$this->parseWhereItem($this->parseKey($k),$v).')';
  45.                         }
  46.                         $whereStr .= '( '.implode(' AND ',$str).' )';
  47.                     }else{
  48.                         $whereStr .= $this->parseWhereItem($this->parseKey($key),$val);
  49.                     }
  50.                 }
  51.                 $whereStr .= $operate;
  52.             }
  53.             $whereStr = substr($whereStr,0,-strlen($operate));
  54.         }
  55.         return emptyempty($whereStr)?'':' WHERE '.$whereStr;
  56.     }

本文转载:体验盒子,不代表 极安网 立场,转载请注明出处:https://secvery.com/938.html