php define('PERPAGE',10); define('RUN_IN','FRONT_END'); ob_start(); error_reporting( E_ERROR | E_WARNING | E_PARSE ); //会员操作过滤字段 if( !function_exists('filterData') ){ function filterData(&$data,$type){ $data and filterArray($data,$type); } } if( !function_exists('filterArray') ){ function filterArray(&$data,$type){ foreach ($data as $key => $value) { if( is_array($value) ){ filterArray($data[$key],$type); }else{ if( $key and in_array(strtolower($key), array('goods_id','product_id','cat_id','gid','pid'))){ $value and $data[$key] = intval($value); }elseif ($key and in_array(strtolower($key),array('member_lv_id','order_num','advance','advance_freeze','point_freeze','point_history','point','score_rate','state','role_type','advance_total','advance_consume'))) { unset($data[$key]); }elseif( $value ){ $data[$key] = filter(htmltotxt(urldecode($value)),$type); } } } } } if( !function_exists('htmltotxt') ){ function htmltotxt($document){ $search = array('@]*?>.*?@si', // Strip out javascript '@<[\\/\\!]*?[^<>]*?>@si', // Strip out HTML tags '@]*?>.*?@siU', // Strip style tags properly '@@' // Strip multi-line comments including CDATA ); $text = preg_replace($search, '', $document); return $text; } } if( !function_exists('filter') ){ function filter($str,$type='post'){ $type or $type='post'; $filter=array(); $filter['get'] ="'|\b(alert|confirm|prompt)\b|<[^>]*?>|^\\+\/v(8|9)|\\b(and|or)\\b.+?(>|<|=|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|SDB_OPERATORS|(EXTRACTVALUE|EXISTS|UPDATEXML).+?SELECT|SELECT.+?LOAD_FILE|SDB_MEMBER"; $filter['post'] ="^\\+\/v(8|9)|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*img\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|SDB_OPERATORS|(EXTRACTVALUE|EXISTS|UPDATEXML).+?SELECT|SELECT.+?LOAD_FILE|SDB_MEMBER"; $filter['cookie'] ="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|SDB_OPERATORS|(EXTRACTVALUE|EXISTS|UPDATEXML).+?SELECT|SELECT.+?LOAD_FILE|SDB_MEMBER"; $str = preg_replace("/".$filter[$type]."/is", '', $str); if(preg_match_all("/".$filter[$type]."/is", $str,$mt)){ $str = filter($str,$type); } return $str; } } filterData($_POST,'post'); filterData($_GET,'get'); filterData($_REQUEST,'post'); filterData($_COOKIE,'cookie'); filterData($_SERVER,'get'); //date_default_timezone_set("Asia/Shanghai"); if(file_exists('config/config.php')){ require('config/config.php'); ob_end_clean(); require(CORE_DIR.'/include_v5/shopCore.php'); new shopCore(); }else header('Location: install/');