我知道足够的代码是危险的,但如果我的生活依赖于它,就无法从头开始写东西。我正在将一个网站迁移到新主机,该主机有一个新版本的PHP,它不允许$ _REQUEST(我认为)。此代码旨在加密PDF。在旧网站上工作得很好(可能是旧版本的PHP) 我尝试用$ _GET替换所有$ _REQUEST并且没有用。任何帮助是极大的赞赏。我排除了格式代码和基本的html。
<?php
$timeArr = explode( ' ', microtime( ) );
$pageStartTime = $timeArr[ 1 ] + $timeArr[ 0 ];
$file = $_FILES['file'];
if($_REQUEST['submit'] && (!trim($_REQUEST['password']) || $_REQUEST['password'] == 'Password')) {
$msg = 'Please enter a password.';
}
elseif(is_array($file) && $file['error'] == 0) {
$enc_path = 'encrypted';
$src = $file['tmp_name'];
$dest = "{$enc_path}/{$file['name']}";
$pass = trim($_REQUEST['password']);
$cmd_fmt = "pdftk '$src' output '$dest' user_pw '$pass'";
@mkdir($enc_path);
@system($cmd_fmt);
if(file_exists($dest)) $file_url = "http://www.company.com/{$enc_path}/" . rawurlencode($file['name']);
}
?>
}
</style>
<script type="text/javascript">
function copyToClipboard(s) {
if(window.clipboardData && clipboardData.setData) {
clipboardData.setData('text', s);
}
else alert('Could not get permission to access the clipboard. Please copy the URL from the text box instead.');
}
</script>
</head>
<body>
<center>
<div style="width: 600px;">
<div style="text-align: center;">
<center>
<form action="<?= $_SERVER[ 'PHP_SELF' ] ?>" method="POST" enctype="multipart/form-data">
<div style="text-align: center;">
<img src="/logo.png" border="0" style="height: 145px; margin-bottom: -10px;">
<h1>PDF Encryption Tool</h1>
</div>
<br/>
<? if($file_url) : ?>
<span><a href="<?= $file_url ?>">Click here to download your file</a></span><br/>
<input type="text" readonly value="<?= $file_url ?>" style="width: 350px; margin: 0 0 5px 0;"><br/>
<input type="button" onclick="copyToClipboard('<?= $file_url ?>');" value="Copy to Clipboard">
<br/>
<? elseif($_REQUEST['submit'] && $msg) : ?>
<font color="red"><b><?= $msg ?></b></font>
<br/>
<? elseif($_REQUEST['submit']) : ?>
<font color="red"><b>There was an error processing your request. This program only accepts PDF files.</b></font>
<br/>
<? endif; ?>
<br/>
<br/>
<input type="file" name="file" style="width: 350px; border: 0; margin: 0 0 5px 0;"><br/>
<input id="password" type="text" name="password" style="width: 350px;"
<?= $_REQUEST['password'] ? 'class="focus"' : ''?>
onFocus="this.className = 'focus'; if( this.value == 'Password' ) { this.value = ''; }"
onBlur="if( this.value == '' ) { this.className = ''; this.value = 'Password'; }"
onKeyDown="if( event.keyCode == 13 ) { this.form.submit( ); return false; }"
value="<?= $_REQUEST['password'] ? $_REQUEST['password'] : 'Password' ?>"
>
<br/>
<br/>
<input name="submit" value="Submit" type="submit">
</form>
<br/>
<br/>
</center>
</div>
<br/>
<br/>
<?
$timeArr = explode( ' ', microtime( ) );
$pageEndTime = $timeArr[ 1 ] + $timeArr[ 0 ];
$pageTime = $pageEndTime - $pageStartTime;
?>
<span align="left">
<font color="gray" size="-3">
Page took <?= number_format( $pageTime, 3 ) ?> second(s) to load.
</font>
</span>
</div>
</center>
</body>
</html>
答案 0 :(得分:0)
$ _ REQUEST:默认包含内容的关联数组 $ _GET,$ _POST和$ _COOKIE。 php.net
您的表单使用“post”方法:
VIDEOJS: ERROR: (CODE:-2 undefined) i {code: -2, type: "PLAYER_ERR_TIMEOUT", message: ""}
h @ index.html?videoId=5002405584001&autoplay=1:1300
g.error @ index.html?videoId=5002405584001&autoplay=1:1300
b @ index.html?videoId=5002405584001&autoplay=1:1307
db @ index.html?videoId=5002405584001&autoplay=1:1297
(anonymous function) @ index.html?videoId=5002405584001&autoplay=1:1308
这意味着您需要将.fancybox-inner{
max-height:270px; // No freezing issue
//min-height:275px; // Results in freezing
}
替换为<form action="<?= $_SERVER[ 'PHP_SELF' ] ?>" method="POST" enctype="multipart/form-data">
对于安全问题:始终考虑用户可以操作的内容以及如何使用它来破坏您的代码。
对于您的命令行,您可以使用escapeshellarg。您还有几个可以在Html中使用的用户变量。见cross-site scripting