加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
api.php 3.77 KB
一键复制 编辑 原始数据 按行查看 历史
耀盟同城分类信息系统 提交于 2023-09-25 12:40 . 23-09-25
<?php
/**
* YmCms 优盟多元化内容管理系统 v1 [ YMPHP framework ]
*
* @copyright Copyright (c) 2021 - 2023, You Meng, Inc.
* @License This is NOT a freeware, use is subject to license terms
* @link https://www.youmengcms.com
* @time $Id: api2.php 2023/08/11 14:52
* @Author Xiao Yao <790213952@qq.com>
*/
require_once './system/common.php';
$service = !empty($_GET['service']) ? $_GET['service'] : '';
$action = !empty($_GET['action']) ? $_GET['action'] : '';
$param = !empty($_GET['param']) ? $_GET['param'] : '';
if(empty($service)) {
$uniqid = uniqid('', true);
$eachArr = explode(".", $uniqid);
$backtraceid = $eachArr[0].$eachArr[1];
echo("<h1>403 Forbidden</h1><p>You don't have permission to access the URL on this server.</p><p>denied by UA ACL = not in whitelist</p><hr>Powered by YMTC <br>CDN Request Id: " .$backtraceid);
}else{
//声明以下均为接口类
$handler = true;
$param = array();
foreach ($_GET as $key => $value) {
$key = $key == 'description' ? $key : htmlspecialchars(RemoveXSS($key));
if($key != "service" && $key != "action" && $key != "callback" && $key != "_"){
if($key == 'page' || $key == 'pageSize'){
$param[$key] = (int)$value;
}
elseif($key == 'amount'){ // 金额强制转数字、防止表达式注入漏洞
$param[$key] = (float)$value;
}
elseif($key == 'id' && !strstr($value, ',')){ // ID强制转数字、防止表达式注入漏洞
$param[$key] = (int)$value;
}
elseif($_REQUEST['rsaEncrypt'] == 1 && (strlen($value) == 172 || strstr($value, '||rsa||'))){
$param[$key] = rsaDecrypt($value); //RSA解密
}
else{
$param[$key] = ((is_string($value) && strstr($value, '[{')) || is_array($value)) ? $value : RemoveXSS($value);
}
}
}
foreach ($_POST as $key => $value) {
$key = $key == 'description' ? $key : htmlspecialchars(RemoveXSS($key));
if($key != "service" && $key != "action" && $key != "callback" && $key != "_"){
if($key == 'page' || $key == 'pageSize'){
$param[$key] = (int)$value;
}
elseif($key == 'amount'){ // 金额强制转数字、防止表达式注入漏洞
$param[$key] = (float)$value;
}
elseif($key == 'id' && !strstr($value, ',')){ // ID强制转数字、防止表达式注入漏洞
$param[$key] = (int)$value;
}
elseif($_REQUEST['rsaEncrypt'] == 1 && (strlen($value) == 172 || strstr($value, '||rsa||'))){
$param[$key] = rsaDecrypt($value); //RSA解密
}
else{
$param[$key] = ((is_string($value) && strstr($value, '[{')) || is_array($value)) ? $value : RemoveXSS($value);
}
}
}
$callback = htmlspecialchars(RemoveXSS($callback));
$callback = str_replace(')', '', str_replace('(', '', $callback));
$handels = new handlers($service, $action);
$return = $handels->getHandle($param);
//输出到浏览器
if ($callback) {
if (isset($param['dataType'])) {
if ($param['dataType'] == 'html') {
echo $return['info'];
return;
}
}
echo $callback . "(" . json_encode($return, JSON_UNESCAPED_UNICODE) . ")";
} else {
if (isset($param['dataType'])) {
if ($param['dataType'] == 'html') {
echo $return['info'];
return;
}
}
echo json_encode($return, JSON_UNESCAPED_UNICODE);
}
}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化