adminsoft/index.php
$archive = indexget('archive', 'R');
$archive = empty($archive) ? 'adminuser' : $archive;
$action = indexget('action', 'R');
$action = empty($action) ? 'login' : $action;
include admin_ROOT . adminfile . "/control/$archive.php";// 包含产生 good nice
$control = new important();
$action = 'on' . $action;
if (method_exists($control, $action)) {
$control->$action();
} else {
exit('错误:系统方法错误!');
}
首先看index.php
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
02 ///省略无关代码
03 $archive = indexget('ac', 'R'); //ac
04 $action = indexget('at', 'R'); //at
05 ///省略无关代码
06 if (empty($archive) || empty($action)) {
07 include admin_ROOT . 'interface/public.php';
08 $mainlist = new mainpage();
09 if (method_exists($mainlist, 'in_index')) {
10 $mainlist->in_index();
11 } else {
12 exit('Access error!');
13 }
14 } else {
15 if (in_array($archive, array('article', 'forum', 'search', 'bbssearch', 'forummain', 'messmain', 'special', 'respond', 'public', 'scriptout', 'enquiry', 'enquirymain', 'form', 'formmain', 'ordermain', 'membermain', 'member', 'forum', 'order'))) { //强制,首页包含木有了
16 $action = 'in_' . $action; /in_$ 函数
17 if (!file_exists(admin_ROOT . "interface/$archive.php")) { //跟进
18 exit('Access error!');
19 }
20 include admin_ROOT . "interface/$archive.php";
21 $mainlist = new mainpage();
22 if (method_exists($mainlist, $action)) {
23 $mainlist->$action();
24 } else {
25 exit('Access error!');
26 }
27 } else {
28 exit('Access error!');
29 }
30 }
31 ///省略无关代码
32 跟进到interface/enquity文件
33 ///省略无关代码
34 $filename = $this->fun->accept('filename', 'G'); //filename变量
35 $filename = empty($filename) ? 'list' : $filename;
36 ///省略无关代码
37 $output = $this->pagetemplate->fetch($lng . '/lib/' . $filename); '
38 ///省略无关代码
39 ///跟进函数库查看
40 function fetch($tpl_file, $cache_fileID = null, $outHTML = null) {
41 if (!empty($outHTML)) {
42 $out = $this->gettemprequire($outHTML);
43 return $out;
44 }
45 require_once 'ectemplates_parser.php';
46
47 if ($this->libfile) {
48 $tpl_file = $this->templatesDIR . $tpl_file . '.html'; //html
49 }
50
51 $template_file = $this->tpl_dir . $tpl_file;
52
53 $parsed_file = $this->tpl_c_dir . md5($tpl_file) . '.php';
54
55
%00
漏洞证明:%00
修复方案:过滤特殊字符
阅读(2184) | 评论(0) | 转发(0) |