Atualização do código

Edmar Moretti
1 parent 964952e1
Showing 1 changed file with 60 additions and 0 deletions Show diff stats
classesphp/sani_request.php
@@ -0,0 +1,60 @@
+<?php
+if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){
+	exit;
+}
+error_reporting(0);
+$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
+if (isset($_GET)){
+	foreach(array_keys($_GET) as $k)	{
+		$k = str_ireplace($bl,"",$k);
+		$k = filter_var($k, FILTER_SANITIZE_STRING);
+		if ($_GET[$k] != "''"){
+			$v = strip_tags($_GET[$k]);
+			$v = str_ireplace($bl,"",$v);
+			$_GET[$k] = trim($v);
+		}
+	}
+}
+//array(3) { ["cpaint_function"]=> string(8) "criaMapa" ["cpaint_argument"]=> array(1) { [0]=> string(54) ""funcao=criaMapa&&desligar=mundo&interface=openlayers"" } ["cpaint_response_type"]=> string(4) "JSON" }
+
+if (isset($_POST)){
+	if (isset($_POST["cpaint_argument"]) && $_POST["cpaint_argument"][0] != "")
+	{
+		//var_dump( $_POST["cpaint_argument"]);exit;
+		$argumento_ = $_POST["cpaint_argument"][0];
+		if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')){
+			$argumento_ = str_replace("\\\"","",$argumento_);
+		}
+		else{
+			$argumento_ = str_replace("\"","",$argumento_);
+		}
+
+		$argumento_ = explode('"',$argumento_);
+		$argumento_ = implode("&",$argumento_);
+		$parametros_ = explode("&",$argumento_);
+		foreach($parametros_ as $parametro_){
+			$p_ = explode("=",$parametro_);
+			$parametro = $p_[0];
+			$p_ = array_slice($p_, 1, count($p_));
+			$valor_ = implode("=",$p_);
+			if($parametro != ""){
+				$valor_ = str_replace("'","*#*",$valor_);
+				$valor_ = trim($valor_);
+				$parametro = filter_var($parametro, FILTER_SANITIZE_STRING);
+				$valor = filter_var($valor, FILTER_SANITIZE_STRING);
+				$_POST[$parametro] = str_replace('*#*',"'",$valor_);
+			}
+		}
+	}
+	else{
+		foreach(array_keys($_POST) as $k){
+			$k = str_ireplace($bl,"",$k);
+			$k = filter_var($k, FILTER_SANITIZE_STRING);
+			$_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
+			if (($_POST[$k] != "''")){
+				$_POST[$k] = strip_tags(trim($_POST[$k]));
+			}
+		}
+	}
+}
+?>
 \ No newline at end of file
...	...	@@ -0,0 +1,60 @@
	1	+<?php
	2	+if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){
	3	+ exit;
	4	+}
	5	+error_reporting(0);
	6	+$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
	7	+if (isset($_GET)){
	8	+ foreach(array_keys($_GET) as $k) {
	9	+ $k = str_ireplace($bl,"",$k);
	10	+ $k = filter_var($k, FILTER_SANITIZE_STRING);
	11	+ if ($_GET[$k] != "''"){
	12	+ $v = strip_tags($_GET[$k]);
	13	+ $v = str_ireplace($bl,"",$v);
	14	+ $_GET[$k] = trim($v);
	15	+ }
	16	+ }
	17	+}
	18	+//array(3) { ["cpaint_function"]=> string(8) "criaMapa" ["cpaint_argument"]=> array(1) { [0]=> string(54) ""funcao=criaMapa&&desligar=mundo&interface=openlayers"" } ["cpaint_response_type"]=> string(4) "JSON" }
	19	+
	20	+if (isset($_POST)){
	21	+ if (isset($_POST["cpaint_argument"]) && $_POST["cpaint_argument"][0] != "")
	22	+ {
	23	+ //var_dump( $_POST["cpaint_argument"]);exit;
	24	+ $argumento_ = $_POST["cpaint_argument"][0];
	25	+ if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')){
	26	+ $argumento_ = str_replace("\\\"","",$argumento_);
	27	+ }
	28	+ else{
	29	+ $argumento_ = str_replace("\"","",$argumento_);
	30	+ }
	31	+
	32	+ $argumento_ = explode('"',$argumento_);
	33	+ $argumento_ = implode("&",$argumento_);
	34	+ $parametros_ = explode("&",$argumento_);
	35	+ foreach($parametros_ as $parametro_){
	36	+ $p_ = explode("=",$parametro_);
	37	+ $parametro = $p_[0];
	38	+ $p_ = array_slice($p_, 1, count($p_));
	39	+ $valor_ = implode("=",$p_);
	40	+ if($parametro != ""){
	41	+ $valor_ = str_replace("'","#",$valor_);
	42	+ $valor_ = trim($valor_);
	43	+ $parametro = filter_var($parametro, FILTER_SANITIZE_STRING);
	44	+ $valor = filter_var($valor, FILTER_SANITIZE_STRING);
	45	+ $_POST[$parametro] = str_replace('#',"'",$valor_);
	46	+ }
	47	+ }
	48	+ }
	49	+ else{
	50	+ foreach(array_keys($_POST) as $k){
	51	+ $k = str_ireplace($bl,"",$k);
	52	+ $k = filter_var($k, FILTER_SANITIZE_STRING);
	53	+ $_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
	54	+ if (($_POST[$k] != "''")){
	55	+ $_POST[$k] = strip_tags(trim($_POST[$k]));
	56	+ }
	57	+ }
	58	+ }
	59	+}
	60	+?>
0	61	\ No newline at end of file
...	...