魔法引用magic_quotes_gpc
这两天接入百度SDK处理支付回调时碰到了签名通不过的情况,签名规则很简单,md5(transdata + appkey) 和 接受到的sign比较,请求方式为POST。 于是乎通过php://input记录下了原始数据和记录下了POST数据,通过日志查看到结果类似如下: //原始数据transdata=
这两天接入百度SDK处理支付回调时碰到了签名通不过的情况,签名规则很简单,md5(transdata + appkey) 和 接受到的sign比较,请求方式为POST。
于是乎通过php://input记录下了原始数据和记录下了POST数据,通过日志查看到结果类似如下:
//原始数据
transdata={"exorderno":"2014031223","transid":"05514312314566",
"waresid":1,"appid":"1","feetype":0,"money":1,"count":1,"result":0,
"transtype":0,"transtime":"2014-03-12 15:33:19","paytype":401}&sign=xxxx
//post数据
[transdata] => {\"exorderno\":\"2014031223452345234\",\"transid\":
\"05514031215312314566\",\"waresid\":1,\"appid\":\"1\",\"feetype\":0,
\"money\":1,\"count\":1,\"result\":0,\"transtype\":0,
\"transtime\":\"2014-03-12 15:33:19\",\"paytype\":401}
[sign] => xxxx
可见接收到post数据时引号自动转义了,而程序上未做到该操作,很容易就联想到服务器的魔法引用打开了,查看php版本
PHP 5.2.14 (cli) (built: Jun 7 2012 20:39:40)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2010 Zend Technologies
魔法引用5.4才删掉的,那极有可能这里打开在,查看配置文件确实如此,根据条件开关strip一下即可。
问题很快就解决了,但如果不熟悉这块可能还需要点时间,之前在CI的全局参数xss设置中有类似的地方,当进行全局处理之后对于这种接口、密钥可能会带来一些影响,所以全局参数过滤需要注意点。
矛盾可分为主要矛盾和次要矛盾,我们在程序设计中也常有这种思想,改最少的地方,过滤大部分参数,少数特殊处理。php中把它去掉了并不说明它没有存在的价值,有了魔法引用少了很多注入,但同时也让一些东西变得混乱,哪里需要转义,要怎么转义,通过什么方式来转义等等。客观看待,汲取中间有用的部分。
原文地址:魔法引用magic_quotes_gpc, 感谢原作者分享。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1389
52
How to use block quotes in Apple Notes
Oct 12, 2023 pm 11:49 PM
In iOS 17 and macOS Sonoma, Apple has added new formatting options for Apple Notes, including block quotes and a new Monostyle style. Here's how to use them. With additional formatting options in Apple Notes, you can now add block quotes to your notes. The block quote format makes it easy to visually offset sections of writing using the quote bar to the left of the text. Just tap/click the "Aa" format button and select the block quote option before typing or when you are on the line you want to convert to a block quote. This option applies to all text types, style options, and lists, including checklists. In the same Format menu you can find the new Single Style option. This is a revision of the previous "equal-width"
C++ compilation error: undefined reference, how to solve it?
Aug 21, 2023 pm 08:52 PM
C++ is a popular programming language, but during use, the compilation error "undefined reference" often occurs, which brings a lot of trouble to program development. This article will discuss the solution to the "undefined reference" error from both the cause and the solution. 1. Cause of error When the C++ compiler compiles a source file, it will be divided into two stages: the compilation stage and the link stage. The compilation phase converts the source code in the source files into assembly code, while the linking phase combines different source files into an executable file.
Learn about Magic Eden's Diamond Rewards: Value Earned and How to Get It
Jan 26, 2024 pm 05:57 PM
Previously, MagicEden, a mainstream NFT market on the SOL chain, launched the Launchpad function. Prior to this, PANews has introduced the operating status of MagicEden and provided analysis on optimizing operating methods and investment methods for NFT trading platforms and users. Recently, MagicEden launched new activities in terms of operations and introduced diamond rewards to motivate users to use its products. In this article, PANews will explain in detail how to get MagicEden’s diamond reward and evaluate whether this reward is worth earning. Are MagicEden Diamond Rewards worth earning? According to the official blog, the MagicEden platform now offers users more long-term benefits through Diamond Rewards empowerment.
The largest foldable external screen! Honor Magic V Flip unveiled
Jun 14, 2024 am 11:21 AM
According to news on June 13, today evening, Honor’s first small folding screen Honor Magic VFlip officially debuted. Different from other small foldables, Honor MagicVFlip brings the industry's largest vertically folding magic external screen. Its screen size is 4.0 inches, using a four-curved and equal-depth design. The screen-to-body ratio has reached an unprecedented 85%. From then on, the external screen is no longer The "secondary screen" is the main screen both inside and outside. At the same time, Honor MagicVFlip external screen also has screen quality comparable to flagships, industry-leading Honor eye protection screen, and full-scenario smart interaction. It is reported that the Honor MagicVFlip external screen is a global low-power LTPO external screen that achieves an industry-leading local peak brightness of 2500nit.
What are the benefits of C++ functions returning reference types?
Apr 20, 2024 pm 09:12 PM
The benefits of functions returning reference types in C++ include: Performance improvements: Passing by reference avoids object copying, thus saving memory and time. Direct modification: The caller can directly modify the returned reference object without reassigning it. Code simplicity: Passing by reference simplifies the code and requires no additional assignment operations.
How to use C++ reference and pointer parameter passing?
Apr 12, 2024 pm 10:21 PM
References and pointers in C++ are both methods of passing function parameters, but there are differences. A reference is an alias for a variable. Modifying the reference will modify the original variable, while the pointer stores the address of the variable. Modifying the pointer value will not modify the original variable. When choosing to use a reference or a pointer, you need to consider factors such as whether the original variable needs to be modified, whether a null value needs to be passed, and performance considerations.
Can magic system be upgraded to Hongmeng?
Dec 22, 2022 pm 02:29 PM
The magic system cannot be upgraded to Hongmeng, because the magic system belongs to Honor phones, and Honor has been separated from Huawei and is no longer a subsidiary of Huawei. Therefore, Honor phones released after November 17, 2020 do not support upgrading to Hongmeng. systematic.
C++ syntax error: When a function returns a pointer or reference, it cannot return a local variable or temporary object. What should I do?
Aug 22, 2023 am 09:22 AM
C++ is an object-oriented programming language, and its flexibility and power often provide programmers with great help. However, precisely because of its flexibility, it is difficult to avoid various small errors when programming. One of the most common mistakes is that when a function returns a pointer or reference, it cannot return a local variable or temporary object. So how to deal with this problem? This article will introduce the relevant content in detail. The cause of the problem is that in the C++ language, local variables and temporary objects are dynamically allocated during the running of the function. When the function ends, these local variables and temporary
