المشاركات 11,551 |
+التقييم 321 |
تاريخ التسجيل Jul 2015 |
الاقامة فى الدنيا |
نظام التشغيل windows 8 |
رقم العضوية 18 |
// ############################################################################# /** * Removes the full path from being disclosed on any errors * * @param integer Error number * @param string PHP error text string * @param strig File that contained the error * @param integer Line in the file that contained the error */ function vb_error_handler($errno, $errstr, $errfile, $errline) { global $vbulletin; switch ($errno) { case E_WARNING: case E_USER_WARNING: /* Don't log warnings due to to the false bug reports about valid warnings that we suppress, but still appear in the log require_once(DIR . '/includes/functions_log_error.php'); $message = "Warning: $errstr in $errfile on line $errline"; log_vbulletin_error($message, 'php'); */ if (!error_reporting() OR !ini_get('display_errors')) { return; } $errfile = str_replace(DIR, '[path]', $errfile); $errstr = str_replace(DIR, '[path]', $errstr); echo "<br /><strong>Warning</strong>: $errstr in <strong>$errfile</strong> on line <strong>$errline</strong><br />"; break; case E_USER_ERROR: require_once(DIR . '/includes/functions_log_error.php'); $message = "Fatal error: $errstr in $errfile on line $errline"; log_vbulletin_error($message, 'php'); if (!headers_sent()) { if (SAPI_NAME == 'cgi' OR SAPI_NAME == 'cgi-fcgi') { header('Status: 500 Internal Server Error'); } else { header('HTTP/1.1 500 Internal Server Error'); } } if (error_reporting() OR ini_get('display_errors')) { $errfile = str_replace(DIR, '[path]', $errfile); $errstr = str_replace(DIR, '[path]', $errstr); echo "<br /><strong>Fatal error:</strong> $errstr in <strong>$errfile</strong> on line <strong>$errline</strong><br />"; if (function_exists('debug_print_backtrace') AND ($vbulletin->userinfo['usergroupid'] == 6 OR ($vbulletin->userinfo['permissions']['adminpermissions'] & $vbulletin->bf_ugp_adminpermissions))) { // This is needed so IE doesn't show the pretty error messages echo str_repeat(' ', 512); debug_print_backtrace(); } } exit; break; } }
// ############################################################################# /** * Unicode-safe version of htmlspecialchars() * * @param string Text to be made html-safe * * @return string */ function htmlspecialchars_uni($text, $entities = true) { return str_replace( // replace special html characters array('<', '>', '"'), array('<', '>', '"'), preg_replace( // translates all non-unicode entities '/&(?!' . ($entities ? '#[0-9]+|shy' : '(#[0-9]+|[a-z]+)') . ';)/si', '&', $text ) ); }
if ($vbulletin->options['useheaderredirect'] AND !$forceredirect AND !headers_sent() AND !$vbulletin->GPC['postvars']) { exec_header_redirect($vbulletin->url); } $title = $vbulletin->options['bbtitle']; $pagetitle = $title; $errormessage = $message; $url = unhtmlspecialchars($vbulletin->url); $url = str_replace(chr(0), '', $url); $url = create_full_url($url); $url = str_replace($str_find, $str_replace, $url); $js_url = addslashes_js($url, '"'); // " has been replaced by " $url = preg_replace( array('/�*59;?/', '/�*3B;?/i', '#;#'), '%3B', $url ); $url = preg_replace('#&%3B#i', '&', $url); define('NOPMPOPUP', 1); // No footer here require_once(DIR . '/includes/functions_misc.php'); $postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars'])); $formfile =& $url; ($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false; eval('print_output("' . fetch_template('STANDARD_REDIRECT') . '");'); exit; }
if ($vbulletin->url) { $foundurl = false; if ($urlinfo = @parse_url($vbulletin->url)) { if (!$urlinfo['scheme']) { // url is made full in exec_header_redirect which stops a url from being redirected to, say "www.php.net" (no http://) $foundurl = true; } else { $whitelist = array(); if ($vbulletin->options['redirect_whitelist']) { $whitelist = explode("\n", trim($vbulletin->options['redirect_whitelist'])); } // Add $bburl to the whitelist $bburlinfo = @parse_url($vbulletin->options['bburl']); $bburl = "{$bburlinfo['scheme']}://{$bburlinfo['host']}"; array_unshift($whitelist, $bburl); // if the "realurl" of this request does not equal $bburl, add it as well.. $realurl = VB_URL_SCHEME . '://' . VB_URL_HOST; if (strtolower($bburl) != strtolower($realurl)) { array_unshift($whitelist, $realurl); } $vburl = strtolower($vbulletin->url); foreach ($whitelist AS $url) { $url = trim($url); if ($vburl == strtolower($url) OR strpos($vburl, strtolower($url) . '/', 0) === 0) { $foundurl = true; break; } } } } if (!$foundurl) { eval(standard_error(fetch_error('invalid_redirect_url_x', $vbulletin->url))); } } if ($vbulletin->options['useheaderredirect'] AND !$forceredirect AND !headers_sent() AND !$vbulletin->GPC['postvars']) { exec_header_redirect($vbulletin->url); } $title = $vbulletin->options['bbtitle']; $pagetitle = $title; $errormessage = $message; $url = unhtmlspecialchars($vbulletin->url); $url = str_replace(chr(0), '', $url); $url = create_full_url($url); $url = str_replace($str_find, $str_replace, $url); $js_url = addslashes_js($url, '"'); // " has been replaced by " $url = preg_replace( array('/�*59;?/', '/�*3B;?/i', '#;#'), '%3B', $url ); $url = preg_replace('#&%3B#i', '&', $url); define('NOPMPOPUP', 1); // No footer here require_once(DIR . '/includes/functions_misc.php'); $postvars = construct_hidden_var_fields(verify_client_string($vbulletin->GPC['postvars'])); $formfile =& $url; ($hook = vBulletinHook::fetch_hook('redirect_generic')) ? eval($hook) : false; eval('print_output("' . fetch_template('STANDARD_REDIRECT') . '");'); exit; }
اضافة رد
|
الدرس الخامس من دروس سد ثغرات المنتدى وهى ترقيع لملفات class_core.phclass_core.php و functions.phpp
|
الموضوع | كاتب الموضوع | المنتدى | مشاركات | آخر مشاركة |
الدرس الرابع من دروس سد ثغرات المنتدى وهى ثغره Yahoo YUI | هيلبرنت | ركن تطوير منتديات vb3.8.0 | 1 | 09-21-2016 06:38 PM |
الدرس الاول من دروس سد ثغرات المنتدى وهى ثغره التحويل والاهداءات | هيلبرنت | ركن تطوير منتديات vb3.8.0 | 1 | 02-28-2016 12:14 AM |
الدرس الثالث من دروس سد ثغرات المنتدى وهى ثغره فلود التسجيل لمنع السبام | هيلبرنت | ركن تطوير منتديات vb3.8.0 | 1 | 12-30-2015 03:56 AM |
الدرس السادس من دروس سد ثغرات المنتدى وهى ترقيع الثغره الموجوده فى ملف faq.php | هيلبرنت | ركن تطوير منتديات vb3.8.0 | 2 | 12-02-2015 09:31 AM |
الدرس السابع من دروس سد ثغرات المنتدى وهى ثغره ملف التعليمات | هيلبرنت | ركن تطوير منتديات vb3.8.0 | 0 | 10-11-2015 01:43 AM |