renun/TwoNav
1
0
Fork 0
mirror of https://github.com/tznb1/TwoNav.git synced 2025-08-10 08:51:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

v2.0.07-20230405

Browse Source
This commit is contained in:
MI15\Win
2023-04-05 16:17:28 +08:00
parent 73b1c8a376
commit 8611a174d1
281 changed files with 66087 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
system/firewall.php Normal file
View File

@@ -0,0 +1,45 @@
<?php //错误码定义,20开头XSS拦截,21开头SQL拦截!
foreach($_POST as $key =>$value){
//只检测文本类型
if(!is_string($value)){
continue;
}
//拦截XSS
if($global_config['XSS_WAF'] == 1 ){
//站点设置:放行头部和底部代码
if($method =='write_site_setting' && ($key =='custom_header' || $key =='custom_footer')){
continue;
}
if(preg_match('/<(iframe|script|body|img|layer|div|meta|style|base|object|input)/i',$value)){
$code = 2001;
}elseif(preg_match('/(onmouseover|onerror|onload)\=/i',$value)){
$code = 2002;
}
}
//拦截SQL注入
if($global_config['SQL_WAF'] == 1 ){
if(preg_match("/\s+(or|xor|and)\s+(=|<|>|'|".'")/i',$value)){
$code = 2101;
}elseif(preg_match("/select.+(from|limit)/i",$value)){
$code = 2102;
}elseif(preg_match("/(?:(union(.*?)select))/i",$value)){
$code = 2103;
}elseif(preg_match("/sleep\((\s*)(\d*)(\s*)\)/i",$value)){
$code = 2105;
}elseif(preg_match("/benchmark\((.*)\,(.*)\)/i",$value)){
$code = 2106;
}elseif(preg_match("/(?:from\W+information_schema\W)/i",$value)){
$code = 2107;
}elseif(preg_match("/(?:(?:current_)user|database|schema|connection_id)\s*\(/i",$value)){
$code = 2108;
}elseif(preg_match("/into(\s+)+(?:dump|out)file\s*/i",$value)){
$code = 2109;
}elseif(preg_match("/group\s+by.+\(/i",$value)){
$code = 2110;
}
}
if(!empty($code)){msgA(['code'=>$code,'msg'=>$code.':已拦截不合法参数!','key'=>$key,'Value'=>$value,'method'=>$method ]);}
}