correção no código

Edmar Moretti
1 parent ebc48f39
Showing 4 changed files with 3 additions and 2 deletions Show diff stats
admin/admin.db
classesphp/pega_variaveis.php
classesphp/sani_request.php
ferramentas/vinde/wmsindejson.php
@@ -60,7 +60,7 @@ if (basename(__FILE__) == basename($_SERVER[&#39;SCRIPT_FILENAME&#39;])){
 }
 error_reporting(0);
-$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
+$bl = array("password","select","_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
 if (isset($_GET))
 {
 	foreach(array_keys($_GET) as $k)
@@ -3,7 +3,7 @@ if (basename(__FILE__) == basename($_SERVER[&#39;SCRIPT_FILENAME&#39;])){
 	exit;
 }
 error_reporting(0);
-$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
+$bl = array("password","select","_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
 if (isset($_GET)){
 	foreach(array_keys($_GET) as $k)	{
 		$k = str_ireplace($bl,"",$k);
@@ -26,6 +26,7 @@ if(!file_exists($arq)){
 else{
 	$resultado = file_get_contents($arq);
 }
+$resultado = str_replace("<?","",$resultado);
 $convert = explode("\n", $resultado);
 $n = count($convert);
	@@ -60,7 +60,7 @@ if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){		@@ -60,7 +60,7 @@ if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){
60	}	60	}
61		61
62	error_reporting(0);	62	error_reporting(0);
63	-$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");	63	+$bl = array("password","select","_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
64	if (isset($_GET))	64	if (isset($_GET))
65	{	65	{
66	foreach(array_keys($_GET) as $k)	66	foreach(array_keys($_GET) as $k)
	@@ -3,7 +3,7 @@ if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){		@@ -3,7 +3,7 @@ if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){
3	exit;	3	exit;
4	}	4	}
5	error_reporting(0);	5	error_reporting(0);
6	-$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");	6	+$bl = array("password","select","_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
7	if (isset($_GET)){	7	if (isset($_GET)){
8	foreach(array_keys($_GET) as $k) {	8	foreach(array_keys($_GET) as $k) {
9	$k = str_ireplace($bl,"",$k);	9	$k = str_ireplace($bl,"",$k);
	@@ -26,6 +26,7 @@ if(!file_exists($arq)){		@@ -26,6 +26,7 @@ if(!file_exists($arq)){
26	else{	26	else{
27	$resultado = file_get_contents($arq);	27	$resultado = file_get_contents($arq);
28	}	28	}
		29	+$resultado = str_replace("<?","",$resultado);
29	$convert = explode("\n", $resultado);	30	$convert = explode("\n", $resultado);
30		31
31	$n = count($convert);	32	$n = count($convert);