zoukankan      html  css  js  c++  java
  • 一个PHP操作大变量的例子

    By C extensions we can directly manipulate the large PHP variables, such as:GET,POST,SERVER

    You can fetch $_SERVER['PHP_SELF'] (or any other $_SERVER variable if you need to), like this:

    // This code makes sure $_SERVER has been initialized
    if (!zend_hash_exists(&EG(symbol_table), "_SERVER", 8)) {
        zend_auto_global* auto_global;
        if (zend_hash_find(CG(auto_globals), "_SERVER", 8, (void **)&auto_global) != FAILURE) {
            auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
        }
    }
    
    // This fetches $_SERVER['PHP_SELF']
    zval** arr;
    char* script_name;
    if (zend_hash_find(&EG(symbol_table), "_SERVER", 8, (void**)&arr) != FAILURE) {
        HashTable* ht = Z_ARRVAL_P(*arr);
        zval** val;
        if (zend_hash_find(ht, "PHP_SELF", 9, (void**)&val) != FAILURE) {
            script_name = Z_STRVAL_PP(val);
        }
    }
    

    The script_name variable will contain the name of the script.

    In case you're wondering, the first block, that initializes $_SERVER, is necessary because some SAPIs (e.g.: the Apache handler) will initialize $_SERVER only when the user script accesses it (just-in-time). Without that block of code, if you try to read $_SERVER['PHP_SELF'] before the script tried accessing $_SERVER, you'd end up with an empty value.

    Obviously, you should add error handling in the above code in case anything fails, so that you don't invoke undefined behavior when trying to access script_name.

    or

    You can fetch GET ,like this

    // This code makes sure $_SERVER has been initialized                                                                             
        if (!zend_hash_exists(&EG(symbol_table), "_GET", 5)) {
            zend_auto_global* auto_global;
            if (zend_hash_find(CG(auto_globals), "_GET", 5, (void **)&auto_global) != FAILURE) {
                auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
            }
        }
    
        // This fetches $_SERVER['PHP_SELF']
        zval** arr;
        char* script_name;
        if (zend_hash_find(&EG(symbol_table), "_GET", 5, (void**)&arr) != FAILURE) {
            HashTable* ht = Z_ARRVAL_P(*arr);
            zval** val;
            if (zend_hash_find(ht, "HOSTNAME", 9, (void**)&val) != FAILURE) {
                script_name = Z_STRVAL_PP(val);
                php_printf(script_name);
            }else {
            
                php_printf("sorry!!!");
            }
        }
    }
    

    so,This prevents attacks, it will be a good way

  • 相关阅读:
    在win2003中发布部署vs2010b2写的mvc2网站
    安装blender2.5Alpha0
    Win7下虚拟机个人使用小结:Virtual PC,VMware和VirtualBox
    ASP.NET AJAX Control Toolkit Beta 0911 发布[再增两控件]
    Camtasia 6录屏时鼠标闪烁问题解决
    为XNA制做安装程序(四)WIX Toolset 3.0 for Visual Studio 2008
    Oracle EM 12c
    无题
    从徐汇到虹口
    近况
  • 原文地址:https://www.cnblogs.com/chenpingzhao/p/4833984.html
Copyright © 2011-2022 走看看