Commit ab8c46484e4c2c710d5c79f9f16ede5e7b85645e

Authored by Edmar Moretti
1 parent ad2fd629

correção

admin/admin.db
No preview for this file type
classesphp/funcoes_gerais.php
... ... @@ -2829,6 +2829,7 @@ function cloneInlineSymbol($layern,$nmapa,$mapa){
2829 2829 //recupera um mapfile armazenado no banco de dados de administracao
2830 2830 //ver admin/php/mapas.php salvaMapfile
2831 2831 function restauraMapaAdmin($id_mapa,$dir_tmp){
  2832 + return;
2832 2833 include(dirname(__FILE__)."/../admin/php/conexao.php");
2833 2834 if(!empty($esquemaadmin)){
2834 2835 $esquemaadmin = str_replace(".","",$esquemaadmin).".";
... ...
classesphp/pega_variaveis.php
... ... @@ -56,16 +56,16 @@ i3geo/classesphp/pega_variaveis.php
56 56 //echo "<pre>";
57 57 //var_dump($_POST);exit;
58 58 error_reporting(0);
59   -$bl = array("passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen"," ","base64","contents","delete","drop","update","insert","exec","system",";");
  59 +$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
60 60 if (isset($_GET))
61 61 {
62 62 foreach(array_keys($_GET) as $k)
63 63 {
64 64 $k = str_ireplace($bl,"",$k);
  65 + $k = filter_var($k, FILTER_SANITIZE_STRING);
65 66 if ($_GET[$k] != "''"){
66 67 $v = strip_tags($_GET[$k]);
67 68 $v = str_ireplace($bl,"",$v);
68   - //$v = filter_var($v, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
69 69 eval("\$".$k."='".(trim($v))."';");
70 70 }
71 71 }
... ... @@ -77,8 +77,8 @@ if (isset($_POST))
77 77 foreach(array_keys($_POST) as $k)
78 78 {
79 79 $k = str_ireplace($bl,"",$k);
  80 + $k = filter_var($k, FILTER_SANITIZE_STRING);
80 81 $_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
81   - //$_POST[$k] = filter_var($_POST[$k], FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);
82 82 if (($_POST[$k] != "''"))
83 83 eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';");
84 84  
... ...