Download as
Browse Code »

Commit ab8c46484e4c2c710d5c79f9f16ede5e7b85645e

Authored by Edmar Moretti
1 parent ad2fd629
Exists in master and in 7 other branches composer, doc-root, docker, guia, licenca, readme, unmaintened

correção

Showing 3 changed files with 4 additions and 3 deletions   Show diff stats
admin/admin.db
View file @ab8c464
No preview for this file type
classesphp/funcoes_gerais.php
  Diff comments   View file @ab8c464
@@ -2829,6 +2829,7 @@ function cloneInlineSymbol($layern,$nmapa,$mapa){ @@ -2829,6 +2829,7 @@ function cloneInlineSymbol($layern,$nmapa,$mapa){
2829 //recupera um mapfile armazenado no banco de dados de administracao 2829 //recupera um mapfile armazenado no banco de dados de administracao
2830 //ver admin/php/mapas.php salvaMapfile 2830 //ver admin/php/mapas.php salvaMapfile
2831 function restauraMapaAdmin($id_mapa,$dir_tmp){ 2831 function restauraMapaAdmin($id_mapa,$dir_tmp){
  2832 + return;
2832 include(dirname(__FILE__)."/../admin/php/conexao.php"); 2833 include(dirname(__FILE__)."/../admin/php/conexao.php");
2833 if(!empty($esquemaadmin)){ 2834 if(!empty($esquemaadmin)){
2834 $esquemaadmin = str_replace(".","",$esquemaadmin)."."; 2835 $esquemaadmin = str_replace(".","",$esquemaadmin).".";
classesphp/pega_variaveis.php
  Diff comments   View file @ab8c464
@@ -56,16 +56,16 @@ i3geo/classesphp/pega_variaveis.php @@ -56,16 +56,16 @@ i3geo/classesphp/pega_variaveis.php
56 //echo "<pre>"; 56 //echo "<pre>";
57 //var_dump($_POST);exit; 57 //var_dump($_POST);exit;
58 error_reporting(0); 58 error_reporting(0);
59 -$bl = array("passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen"," ","base64","contents","delete","drop","update","insert","exec","system",";"); 59 +$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
60 if (isset($_GET)) 60 if (isset($_GET))
61 { 61 {
62 foreach(array_keys($_GET) as $k) 62 foreach(array_keys($_GET) as $k)
63 { 63 {
64 $k = str_ireplace($bl,"",$k); 64 $k = str_ireplace($bl,"",$k);
  65 + $k = filter_var($k, FILTER_SANITIZE_STRING);
65 if ($_GET[$k] != "''"){ 66 if ($_GET[$k] != "''"){
66 $v = strip_tags($_GET[$k]); 67 $v = strip_tags($_GET[$k]);
67 $v = str_ireplace($bl,"",$v); 68 $v = str_ireplace($bl,"",$v);
68 - //$v = filter_var($v, FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);  
69 eval("\$".$k."='".(trim($v))."';"); 69 eval("\$".$k."='".(trim($v))."';");
70 } 70 }
71 } 71 }
@@ -77,8 +77,8 @@ if (isset($_POST)) @@ -77,8 +77,8 @@ if (isset($_POST))
77 foreach(array_keys($_POST) as $k) 77 foreach(array_keys($_POST) as $k)
78 { 78 {
79 $k = str_ireplace($bl,"",$k); 79 $k = str_ireplace($bl,"",$k);
  80 + $k = filter_var($k, FILTER_SANITIZE_STRING);
80 $_POST[$k] = str_ireplace($bl,"",$_POST[$k]); 81 $_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
81 - //$_POST[$k] = filter_var($_POST[$k], FILTER_SANITIZE_STRING,FILTER_FLAG_ENCODE_LOW);  
82 if (($_POST[$k] != "''")) 82 if (($_POST[$k] != "''"))
83 eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';"); 83 eval("\$".$k."='".(strip_tags(trim($_POST[$k])))."';");
84 84