67 |
|
68 |
/**
|
69 |
* 从请求中分析 Controller、Action 和 Package 名字,然后执行指定的 Action 方法
|
70 |
*
|
71 |
* @return mixed
|
72 |
*/
|
73 |
function dispatching()
|
74 |
{
|
75 |
$controllerName = $this->getControllerName();
|
76 |
$actionName = $this->getActionName();
|
77 |
return $this->_executeAction($controllerName, $actionName, $this->getControllerClass($controllerName));
|
78 |
}
|
79 |
function check_param($value=null) {
|
80 |
|
81 |
# select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile
|
82 |
# $str = '([^{\s]{1}.+(select|update|insert((\/\*[\S\s]*?\*\/)|(\s)|(\+))+into).+?(from|set)((\/\*[\S\s]*?\*\/)|(\s)|(\+))+)|[^{\s]{1}.+(create|delete|drop|truncate|rename|desc)((\/\*[\S\s]*?\*\/)|(\s)|(\+))+(table|from|database)((\/\*[\S\s]*?\*\/)|(\s)|(\+))|(into((\/\*[\S\s]*?\*\/)|\s|\+)+(dump|out)file\b)|\bsleep\((\s*)(\d*)(\s*)\)|benchmark\(([^\,]*)\,([^\,]*)\)|\b(declare|set|select)\b.*@|union\b.*(select|all)\b|(select|update|insert|create|delete|drop|grant|truncate|rename|exec|desc|from|table|database|set|where)\b.*((charset|ascii|bin|char|uncompress|concat|concat_ws|conv|export_set|hex|instr|left|load_file|locate|mid|sub|substring|oct|reverse|right|unhex)\(|(master\.\.sysdatabases|msysaccessobjects|msysqueries|sysmodules|mysql\.db|sys\.database_name|information_schema\.|sysobjects|sp_makewebtask|xp_cmdshell|sp_oamethod|sp_addextendedproc|sp_oacreate|xp_regread|sys\.dbms_export_extension))';
|
83 |
$str = '/^select|insert|and|update|alert|ahref|href|data|src|html|object|ONLOAD|body|script|style|div|alter|delete|ActiveX|iframe|include|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|--|;|\&|,|\$|\@|\%|\|<script[\s\\\\\/]*.*>|<|create|drop|truncate|\+|from/i';
|
84 |
if(!$value) {
|
85 |
|
86 |
exit('没有参数!');
|
87 |
} elseif(preg_match($str, $value)) {
|