Atualização do código

Edmar Moretti
1 parent 964952e1
Showing 1 changed file with 60 additions and 0 deletions Show diff stats
classesphp/sani_request.php
@@ -0,0 +1,60 @@
+<?php
+if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){
+	exit;
+}
+error_reporting(0);
+$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
+if (isset($_GET)){
+	foreach(array_keys($_GET) as $k)	{
+		$k = str_ireplace($bl,"",$k);
+		$k = filter_var($k, FILTER_SANITIZE_STRING);
+		if ($_GET[$k] != "''"){
+			$v = strip_tags($_GET[$k]);
+			$v = str_ireplace($bl,"",$v);
+			$_GET[$k] = trim($v);
+		}
+	}
+}
+//array(3) { ["cpaint_function"]=> string(8) "criaMapa" ["cpaint_argument"]=> array(1) { [0]=> string(54) ""funcao=criaMapa&&desligar=mundo&interface=openlayers"" } ["cpaint_response_type"]=> string(4) "JSON" }
+
+if (isset($_POST)){
+	if (isset($_POST["cpaint_argument"]) && $_POST["cpaint_argument"][0] != "")
+	{
+		//var_dump( $_POST["cpaint_argument"]);exit;
+		$argumento_ = $_POST["cpaint_argument"][0];
+		if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')){
+			$argumento_ = str_replace("\\\"","",$argumento_);
+		}
+		else{
+			$argumento_ = str_replace("\"","",$argumento_);
+		}
+
+		$argumento_ = explode('"',$argumento_);
+		$argumento_ = implode("&",$argumento_);
+		$parametros_ = explode("&",$argumento_);
+		foreach($parametros_ as $parametro_){
+			$p_ = explode("=",$parametro_);
+			$parametro = $p_[0];
+			$p_ = array_slice($p_, 1, count($p_));
+			$valor_ = implode("=",$p_);
+			if($parametro != ""){
+				$valor_ = str_replace("'","*#*",$valor_);
+				$valor_ = trim($valor_);
+				$parametro = filter_var($parametro, FILTER_SANITIZE_STRING);
+				$valor = filter_var($valor, FILTER_SANITIZE_STRING);
+				$_POST[$parametro] = str_replace('*#*',"'",$valor_);
+			}
+		}
+	}
+	else{
+		foreach(array_keys($_POST) as $k){
+			$k = str_ireplace($bl,"",$k);
+			$k = filter_var($k, FILTER_SANITIZE_STRING);
+			$_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
+			if (($_POST[$k] != "''")){
+				$_POST[$k] = strip_tags(trim($_POST[$k]));
+			}
+		}
+	}
+}
+?>
 \ No newline at end of file
	@@ -0,0 +1,60 @@		@@ -0,0 +1,60 @@
		1	+<?php
		2	+if (basename(__FILE__) == basename($_SERVER['SCRIPT_FILENAME'])){
		3	+ exit;
		4	+}
		5	+error_reporting(0);
		6	+$bl = array("_decode","php","eval","passthru","shell_exec","escapeshellarg","escapeshellcmd","proc_close","proc_open","dl","popen","contents","delete","drop","update","insert","exec","system",";");
		7	+if (isset($_GET)){
		8	+ foreach(array_keys($_GET) as $k) {
		9	+ $k = str_ireplace($bl,"",$k);
		10	+ $k = filter_var($k, FILTER_SANITIZE_STRING);
		11	+ if ($_GET[$k] != "''"){
		12	+ $v = strip_tags($_GET[$k]);
		13	+ $v = str_ireplace($bl,"",$v);
		14	+ $_GET[$k] = trim($v);
		15	+ }
		16	+ }
		17	+}
		18	+//array(3) { ["cpaint_function"]=> string(8) "criaMapa" ["cpaint_argument"]=> array(1) { [0]=> string(54) ""funcao=criaMapa&&desligar=mundo&interface=openlayers"" } ["cpaint_response_type"]=> string(4) "JSON" }
		19	+
		20	+if (isset($_POST)){
		21	+ if (isset($_POST["cpaint_argument"]) && $_POST["cpaint_argument"][0] != "")
		22	+ {
		23	+ //var_dump( $_POST["cpaint_argument"]);exit;
		24	+ $argumento_ = $_POST["cpaint_argument"][0];
		25	+ if (strtoupper(substr(PHP_OS, 0, 3) == 'WIN')){
		26	+ $argumento_ = str_replace("\\\"","",$argumento_);
		27	+ }
		28	+ else{
		29	+ $argumento_ = str_replace("\"","",$argumento_);
		30	+ }
		31	+
		32	+ $argumento_ = explode('"',$argumento_);
		33	+ $argumento_ = implode("&",$argumento_);
		34	+ $parametros_ = explode("&",$argumento_);
		35	+ foreach($parametros_ as $parametro_){
		36	+ $p_ = explode("=",$parametro_);
		37	+ $parametro = $p_[0];
		38	+ $p_ = array_slice($p_, 1, count($p_));
		39	+ $valor_ = implode("=",$p_);
		40	+ if($parametro != ""){
		41	+ $valor_ = str_replace("'","#",$valor_);
		42	+ $valor_ = trim($valor_);
		43	+ $parametro = filter_var($parametro, FILTER_SANITIZE_STRING);
		44	+ $valor = filter_var($valor, FILTER_SANITIZE_STRING);
		45	+ $_POST[$parametro] = str_replace('#',"'",$valor_);
		46	+ }
		47	+ }
		48	+ }
		49	+ else{
		50	+ foreach(array_keys($_POST) as $k){
		51	+ $k = str_ireplace($bl,"",$k);
		52	+ $k = filter_var($k, FILTER_SANITIZE_STRING);
		53	+ $_POST[$k] = str_ireplace($bl,"",$_POST[$k]);
		54	+ if (($_POST[$k] != "''")){
		55	+ $_POST[$k] = strip_tags(trim($_POST[$k]));
		56	+ }
		57	+ }
		58	+ }
		59	+}
		60	+?>
0	\ No newline at end of file	61	\ No newline at end of file