sani_request.php 2.01 KB
Edit Raw Blame History Permalink



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58


<?php
if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){
	exit;
}
error_reporting(0);
$bl = array("exec ","exec(","password","select","_decode","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","system",";");
if (isset($_GET)){
	foreach(array_keys($_GET) as $k)	{
		$k = str_ireplace($bl,"",$k);
		$k = filter_var($k, FILTER_SANITIZE_STRING);
		if ($_GET[$k] != "''"){
			$v = strip_tags($_GET[$k]);
			$v = str_ireplace($bl,"",$v);
			$_GET[$k] = trim($v);
		}
	}
}
//array(3) { ["cpaint_function"]=> string(8) "criaMapa" ["cpaint_argument"]=> array(1) { [0]=> string(54) ""funcao=criaMapa&&desligar=mundo&interface=openlayers"" } ["cpaint_response_type"]=> string(4) "JSON" }
if (isset($_POST)){
	if (isset($_POST["cpaint_argument"]) && $_POST["cpaint_argument"][0] != "")
	{
		//var_dump( $_POST["cpaint_argument"]);exit;
		$argumento_ = $_POST["cpaint_argument"][0];
		if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')){
			$argumento_ = str_replace("\\\"","",$argumento_);
		}
		else{
			$argumento_ = str_replace("\"","",$argumento_);
		}
		$argumento_ = explode('"',$argumento_);
		$argumento_ = implode("&",$argumento_);
		$parametros_ = explode("&",$argumento_);
		foreach($parametros_ as $parametro_){
			$p_ = explode("=",$parametro_);
			$parametro = $p_[0];
			$p_ = array_slice($p_, 1, count($p_));
			$valor_ = implode("=",$p_);
			if($parametro != ""){
				$valor_ = str_replace("'","*#*",$valor_);
				$valor_ = trim($valor_);
				$parametro = filter_var($parametro, FILTER_SANITIZE_STRING);
				$valor = filter_var($valor, FILTER_SANITIZE_STRING);
				$_POST[$parametro] = str_replace('*#*',"'",$valor_);
			}
		}
	}
	else{
		foreach(array_keys($_POST) as $k){
			$k = str_ireplace($bl,"",$k);
			$k = filter_var($k, FILTER_SANITIZE_STRING);
			$_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
			if (($_POST[$k] != "''")){
				$_POST[$k] = strip_tags(trim($_POST[$k]));
			}
		}
	}
}
?>