[supersaibal]
Originariamente inviato da pgm
lo script è tutto li oppure ci sono altri pezzi?
se non è molto lungo prova a postarlo [/supersaibal]
Codice PHP:
<?php
// Copyright (C) 1996-2004 Edikon Corporation. All rights reserved.
//
// This source file is part of phpShop(R).
//
// This file may be distributed and/or modified under the terms of the
// "GNU General Public License" version 2 as published by the Free
// Software Foundation and appearing in the file LICENSE.GPL included in
// the packaging of this file.
//
// This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING
// THE WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR
// PURPOSE.
//
// The "GNU General Public License" (GPL) is available at
// [url]http://www.gnu.org/copyleft/gpl.html.[/url]
//
// Contact [email]license@edikon.com[/email] if any conditions of this licencing isn't clear to
// you.
// $Id: index.php,v 1.1.1.1 2004/07/27 14:58:07 pablo Exp $
// EDIT
define('PS_BASE', 'http://localhost/phpshop/');
// DO NOT EDIT FROM HERE ON
//**************************************************
// Set error reporting level
error_reporting(E_ALL ^ E_NOTICE);
// force register_globals off
ini_set("register_globals", 0);
// check if magic quotes is enabled, die if not
if (!get_magic_quotes_gpc()) {
die("You must enable magic_quotes_gpc in php.ini in order to run phpShop. Read <a href=\"http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc\"> the docs</a>.");
}
// Set global path
ini_set("include_path", ".".PATH_SEPARATOR.PS_BASE.PATH_SEPARATOR.PS_BASE."modules");
// define webroot so that image uploads work
define("WEBROOT",dirname($_SERVER['SCRIPT_FILENAME']));
// left for backwards compatibility
define("MODROOT",PS_BASE."modules/");
// Compatibility patch to be able to leave Register_globals = off
// &&
// XSS fixes
if (function_exists ("import_request_variables") &&
False == ini_get('register_globals')) {
import_request_variables ("CGP",""); // php >=4.1
$HTTP_GET_VARS = $_GET;
$HTTP_POST_VARS = $_POST;
$HTTP_COOKIE_VARS = $_COOKIE;
$PHP_SELF = $_SERVER["PHP_SELF"];
$SERVER_NAME = $_SERVER["SERVER_NAME"];
$REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
$HTTP_X_FORWARDED_FOR = $_SERVER["HTTP_X_FORWARDED_FOR"];
$HTTP_VIA = $_SERVER["HTTP_VIA"];
foreach($_FILES as $k=>$v) {
$$k = $v['tmp_name'];
$k_name = $k . "_name";
$$k_name = $v['name'];
$k_size = $k . "_size";
$$k_size = $v['size'];
}
} else {
//http://de.php.net/manual/de/function.import-request-variables.php
//if you're stuck using a pre-4.10 version of php
extract($HTTP_GET_VARS, EXTR_PREFIX_ALL, "");
extract($HTTP_POST_VARS, EXTR_PREFIX_ALL, "");
}
// Load Required Files
require(PS_BASE. "etc/config.php");
require(PS_BASE . "db/db_mysql.inc");
require("http://localhost/phpshop/modules/admin/lib/ps_main.inc");
require("http://localhost/phpshop/modules/admin/lib/ps_include.inc");
// Timer Start
if (DEBUG) {
$start = utime();
}
// some input validation for offset
if (!empty($_REQUEST['offset'])) {
if (is_string($_REQUEST['offset']) and $_REQUEST['offset'] == (string)(int) $_REQUEST['offset']) {
}
else die('Please provide an permitted value for offset');
}
// basic SQL inject detection
$my_insecure_array = array('keyword' => $_REQUEST['keyword'],
'category_id' => $_REQUEST['category_id'],
'product_id' => $_REQUEST['product_id'],
'user_id' => $_REQUEST['user_id'],
'user_info_id' => $_REQUEST['user_info_id'],
'page' => $_REQUEST['page'],
'func' => $_REQUEST['func']);
Permessi di invio
Rispondi quotando