zoukankan      html  css  js  c++  java
  • 一个PHP操作大变量的例子

    By C extensions we can directly manipulate the large PHP variables, such as:GET,POST,SERVER

    You can fetch $_SERVER['PHP_SELF'] (or any other $_SERVER variable if you need to), like this:

    // This code makes sure $_SERVER has been initialized
    if (!zend_hash_exists(&EG(symbol_table), "_SERVER", 8)) {
        zend_auto_global* auto_global;
        if (zend_hash_find(CG(auto_globals), "_SERVER", 8, (void **)&auto_global) != FAILURE) {
            auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
        }
    }
    
    // This fetches $_SERVER['PHP_SELF']
    zval** arr;
    char* script_name;
    if (zend_hash_find(&EG(symbol_table), "_SERVER", 8, (void**)&arr) != FAILURE) {
        HashTable* ht = Z_ARRVAL_P(*arr);
        zval** val;
        if (zend_hash_find(ht, "PHP_SELF", 9, (void**)&val) != FAILURE) {
            script_name = Z_STRVAL_PP(val);
        }
    }
    

    The script_name variable will contain the name of the script.

    In case you're wondering, the first block, that initializes $_SERVER, is necessary because some SAPIs (e.g.: the Apache handler) will initialize $_SERVER only when the user script accesses it (just-in-time). Without that block of code, if you try to read $_SERVER['PHP_SELF'] before the script tried accessing $_SERVER, you'd end up with an empty value.

    Obviously, you should add error handling in the above code in case anything fails, so that you don't invoke undefined behavior when trying to access script_name.

    or

    You can fetch GET ,like this

    // This code makes sure $_SERVER has been initialized                                                                             
        if (!zend_hash_exists(&EG(symbol_table), "_GET", 5)) {
            zend_auto_global* auto_global;
            if (zend_hash_find(CG(auto_globals), "_GET", 5, (void **)&auto_global) != FAILURE) {
                auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
            }
        }
    
        // This fetches $_SERVER['PHP_SELF']
        zval** arr;
        char* script_name;
        if (zend_hash_find(&EG(symbol_table), "_GET", 5, (void**)&arr) != FAILURE) {
            HashTable* ht = Z_ARRVAL_P(*arr);
            zval** val;
            if (zend_hash_find(ht, "HOSTNAME", 9, (void**)&val) != FAILURE) {
                script_name = Z_STRVAL_PP(val);
                php_printf(script_name);
            }else {
            
                php_printf("sorry!!!");
            }
        }
    }
    

    so,This prevents attacks, it will be a good way

  • 相关阅读:
    微软职位内部推荐-Senior Development Lead
    微软职位内部推荐-Senior Program Manager
    微软职位内部推荐-Senior PM
    微软职位内部推荐-Principal Software Eng Mgr
    微软职位内部推荐-Senior Software Engineer
    mysql性能优化-慢查询分析、优化索引和配置
    MySQL慢日志查询
    spark运行模式
    scala+hadoop+spark环境搭建
    MySQL Sleep进程
  • 原文地址:https://www.cnblogs.com/chenpingzhao/p/4833984.html
Copyright © 2011-2022 走看看