zoukankan      html  css  js  c++  java
  • 一个PHP操作大变量的例子

    By C extensions we can directly manipulate the large PHP variables, such as:GET,POST,SERVER

    You can fetch $_SERVER['PHP_SELF'] (or any other $_SERVER variable if you need to), like this:

    // This code makes sure $_SERVER has been initialized
    if (!zend_hash_exists(&EG(symbol_table), "_SERVER", 8)) {
        zend_auto_global* auto_global;
        if (zend_hash_find(CG(auto_globals), "_SERVER", 8, (void **)&auto_global) != FAILURE) {
            auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
        }
    }
    
    // This fetches $_SERVER['PHP_SELF']
    zval** arr;
    char* script_name;
    if (zend_hash_find(&EG(symbol_table), "_SERVER", 8, (void**)&arr) != FAILURE) {
        HashTable* ht = Z_ARRVAL_P(*arr);
        zval** val;
        if (zend_hash_find(ht, "PHP_SELF", 9, (void**)&val) != FAILURE) {
            script_name = Z_STRVAL_PP(val);
        }
    }
    

    The script_name variable will contain the name of the script.

    In case you're wondering, the first block, that initializes $_SERVER, is necessary because some SAPIs (e.g.: the Apache handler) will initialize $_SERVER only when the user script accesses it (just-in-time). Without that block of code, if you try to read $_SERVER['PHP_SELF'] before the script tried accessing $_SERVER, you'd end up with an empty value.

    Obviously, you should add error handling in the above code in case anything fails, so that you don't invoke undefined behavior when trying to access script_name.

    or

    You can fetch GET ,like this

    // This code makes sure $_SERVER has been initialized                                                                             
        if (!zend_hash_exists(&EG(symbol_table), "_GET", 5)) {
            zend_auto_global* auto_global;
            if (zend_hash_find(CG(auto_globals), "_GET", 5, (void **)&auto_global) != FAILURE) {
                auto_global->armed = auto_global->auto_global_callback(auto_global->name, auto_global->name_len TSRMLS_CC);
            }
        }
    
        // This fetches $_SERVER['PHP_SELF']
        zval** arr;
        char* script_name;
        if (zend_hash_find(&EG(symbol_table), "_GET", 5, (void**)&arr) != FAILURE) {
            HashTable* ht = Z_ARRVAL_P(*arr);
            zval** val;
            if (zend_hash_find(ht, "HOSTNAME", 9, (void**)&val) != FAILURE) {
                script_name = Z_STRVAL_PP(val);
                php_printf(script_name);
            }else {
            
                php_printf("sorry!!!");
            }
        }
    }
    

    so,This prevents attacks, it will be a good way

  • 相关阅读:
    Hibernate中的Session
    角色转变中
    Hibernate主键生成策略
    Hibernate主键生成策略
    java中List集合
    java中List集合
    Mongodb的安装--简单快速
    Follow My Heart
    memcached的缺点
    为什么引入Memcached?
  • 原文地址:https://www.cnblogs.com/chenpingzhao/p/4833984.html
Copyright © 2011-2022 走看看