re', '', array($pattern['safe'])), 'title' => array('pcre', '', array($pattern['safe'])), 'target' => array('list', '_self', array('_blank', '_self')), 'type' => array('pcre', '', array('#^[\w/\-]+$#')), 'wmode' => array('list', 'transparent', array('transparent', '')), 'allowscriptaccess' => array('list', 'never', array('never')), 'value' => array('list', '', array('#^[\w+/\-]$#')), 'cellspacing' => array('range', 0, array(0, 10)), 'cellpadding' => array('range', 0, array(0, 10)), 'frameborder' => array('range', 0, array(0, 10)), 'allowfullscreen' => array('list', 'true', array('true', '1', 'on'), 'range', 0, array(0, 10)), 'align' => array('list', 'left', array('left', 'center', 'right')), 'valign' => array('list', 'middle', array('middle', 'top', 'bottom')), 'name' => array('pcre', '', array($pattern['word'])), ); $white_css = array( 'font' => array('pcre', 'none', array($pattern['safe'])), 'font-style' => array('pcre', 'none', array($pattern['safe'])), 'font-weight' => array('pcre', 'none', array($pattern['safe'])), 'font-family' => array('pcre', 'none', array($pattern['word'])), 'font-size' => array('range', 12, array(6, 48)), 'width' => array('range', '100%', array(1, 1800)), 'height' => array('range', '', array(1, 80000)), 'min-width' => array('range', 1, array(1, 80000)), 'min-height' => array('range', 400, array(1, 80000)), 'max-width' => array('range', 1800, array(1, 80000)), 'max-height' => array('range', 80000, array(1, 80000)), 'line-height' => array('range', '14px', array(1, 50)), 'color' => array('pcre', '#000000', array($pattern['color'])), 'background' => array('pcre', 'none', array($pattern['color'], '#url\((https?://[^\'"\\\\<>]+?:?\d?)?([^\'"\\\\<>:]+?)*\)[\w\s\-]*$#')), 'background-color' => array('pcre', 'none', array($pattern['color'])), 'background-image' => array('pcre', 'none', array($pattern['img_url'])), 'background-position' => array('pcre', 'none', array($pattern['safe'])), 'border' => array('pcre', 'none', array($pattern['css'])), 'border-left' => array('pcre', 'none', array($pattern['css'])), 'border-right' => array('pcre', 'none', array($pattern['css'])), 'border-top' => array('pcre', 'none', array($pattern['css'])), 'border-left-color' => array('pcre', 'none', array($pattern['css'])), 'border-right-color' => array('pcre', 'none', array($pattern['css'])), 'border-top-color' => array('pcre', 'none', array($pattern['css'])), 'border-bottom-color' => array('pcre', 'none', array($pattern['css'])), 'border-left-width' => array('pcre', 'none', array($pattern['css'])), 'border-right-width' => array('pcre', 'none', array($pattern['css'])), 'border-top-width' => array('pcre', 'none', array($pattern['css'])), 'border-bottom-width' => array('pcre', 'none', array($pattern['css'])), 'border-bottom-style' => array('pcre', 'none', array($pattern['css'])), 'margin-left' => array('range', 0, array(0, 100)), 'margin-right' => array('range', 0, array(0, 100)), 'margin-top' => array('range', 0, array(0, 100)), 'margin-bottom' => array('range', 0, array(0, 100)), 'margin' => array('pcre', '', array($pattern['safe'])), 'padding' => array('pcre', '', array($pattern['safe'])), 'padding-left' => array('range', 0, array(0, 100)), 'padding-right' => array('range', 0, array(0, 100)), 'padding-top' => array('range', 0, array(0, 100)), 'padding-bottom' => array('range', 0, array(0, 100)), 'zoom' => array('range', 1, array(1, 10)), 'list-style' => array('list', 'none', array('disc', 'circle', 'square', 'decimal', 'lower-roman', 'upper-roman', 'none')), 'text-align' => array('list', 'left', array('left', 'right', 'center', 'justify')), 'text-indent' => array('range', 0, array(0, 100)), 'display' => array('range', 0, array(0, 100)), ); $safehtml = new HTML_White($white_tag, $white_value, $white_css, $arg); $result = $safehtml->parse($doc); return $result; } // 前台访问view目录下文件路径/支持分离 function view_path() { static $path = array(); if (isset($path['view_path'])) return $path['view_path']; $conf = _SERVER('conf'); $conf_path = $conf['url_rewrite_on'] > 1 ? $conf['path'] : ''; $path['view_path'] = $conf_path . $conf['view_url']; return $path['view_path']; } // 附件路径/支持分离 $attach_on 为传入标识,默认不传入读取$conf['attach_on'] function file_path($attach_on = NULL) { $conf = include APP_PATH . 'conf/conf.php'; if (NULL !== $attach_on && $conf['attach_on']) { if (0 == $attach_on && 1 == $conf['attach_on']) { // 云储存 $path = $conf['cloud_url'] . $conf['upload_url']; } elseif ($attach_on && $attach_on == $conf['attach_on']) { // 云储存接口 $path = $conf['cloud_url'] . $conf['upload_url']; } else { // 本地 $path = $conf['url_rewrite_on'] > 1 ? $conf['path'] . $conf['upload_url'] : $conf['upload_url']; } } else { // 本地 $path = $conf['url_rewrite_on'] > 1 ? $conf['path'] . $conf['upload_url'] : $conf['upload_url']; } return $path; } // 后台访问view目录下文件路径/支持分离 function admin_view_path() { static $path = array(); if (isset($path['admin_view_path'])) return $path['admin_view_path']; $conf = _SERVER('conf'); $path['admin_view_path'] = 'view/' == $conf['view_url'] ? '../' . $conf['view_url'] : $conf['view_url']; return $path['admin_view_path']; } // 后台处理头像或主题缩略图、自定义图标 function admin_access_file($icon = 0, $icon_fmt = '') { global $conf; if (empty($icon_fmt)) return $icon_fmt; $local = FALSE; // 本地未分离 if ($icon) { // 上传文件 if (0 == $conf['attach_on']) $local = TRUE; } else { // icon 默认图片,view 目录 if ('view/' == $conf['view_url']) $local = TRUE; } if ($local) { // 伪静态 1 追加 ../ 伪静态 2 追加 .. $icon_fmt = $conf['url_rewrite_on'] < 2 ? '../' . $icon_fmt : '..' . $icon_fmt; } return $icon_fmt; } // 后台处理内容图、附件路径 function admin_attach_path() { global $conf; static $cache = array(); $key = 'admin_attach_path'; if (isset($cache[$key])) return $cache[$key]; $cache[$key] = ''; // 未分离图片 if (0 == $conf['attach_on']) { // 伪静态 1 追加 ../ if ($conf['url_rewrite_on'] < 2) { $cache[$key] = '../'; } else { $cache[$key] = '..'; } } return $cache[$key]; } // 设置token function well_token_set($uid = 0, $safe_key = '') { $key = 'safe_token_' . $uid; static $cache = array(); if (isset($cache[$key])) return $cache[$key]; if ($uid) { $user = user_read_cache($uid); if (empty($user)) return FALSE; $pwd = md5($user['password']); } else { $useragent = _SERVER('HTTP_USER_AGENT'); $pwd = md5($useragent); } $cache[$key] = well_token_gen($uid, $pwd); $safe_key and $_SESSION[$safe_key] = md5($cache[$key]); return $cache[$key]; } /* * @param $uid 当前用户UID * @param $token 获取的token * @param int $safe_key 验证当前页token 为空不验证 * @param int $life token 生命期 * @return bool|mixed|string 返回 token 验证成功 / FALSE 验证失败 */ function well_token_verify($uid, $token, $safe_key = '', $life = 3600) { if (empty($token)) return FALSE; if ($safe_key && (empty($_SESSION[$safe_key]) || $_SESSION[$safe_key] != md5($token))) return FALSE; $useragent = _SERVER('HTTP_USER_AGENT'); if ($uid) { $user = user_read_cache($uid); if (empty($user)) return FALSE; $pwd = md5($user['password']); } else { if (empty($useragent)) return FALSE; $pwd = md5($useragent); } return well_token_decrypt($token, $uid, $pwd, $safe_key, $life); } // 生成token / salt 混淆码用于加解密 function well_token_gen($uid, $salt = '') { $token_key = md5(xn_key() . $salt); $useragent = _SERVER('HTTP_USER_AGENT'); $ua_md5 = md5($useragent); $ip = ip(); $time = time(); $token = xn_encrypt("$ip $uid $time $ua_md5", $token_key); return $token; } // 解密token 正确则返回新token 错误返回FALSE function well_token_decrypt($token, $uid, $salt = '', $safe_key = '', $life = 3600) { $ip = ip(); $time = time(); $useragent = _SERVER('HTTP_USER_AGENT'); $token_key = md5(xn_key() . $salt); $s = xn_decrypt($token, $token_key); if (empty($s)) return FALSE; $arr = explode("\t", $s); if (count($arr) != 4) return FALSE; list($_ip, $_uid, $_time, $ua_md5) = $arr; $life < 10 and $life = 1800; if ($ua_md5 != md5($useragent) || $time - $_time > $life || $uid != $_uid || $ip != $_ip) return FALSE; $new_token = well_token_gen($uid, $salt); if ($safe_key) $_SESSION[$safe_key] = $new_token; return $new_token; } // 清理token function well_token_clear($token = 0) { global $uid, $conf, $time; $key = md5($conf['auth_key'] . '_safe_token_' . $uid); setcookie($key, '', $time - 1, '/', $conf['cookie_domain'], '', TRUE); $token and setcookie(md5($token), 0, $time - 1, '/', $conf['cookie_domain'], '', TRUE); } // 格式化数字 1k function format_number($number) { $number = intval($number); if ($number < 1000) return $number; if ($number > 1000 && $number < 1000000) { // 千 $return = number_format($number / 1000, 1) . 'K+'; } elseif ($number > 1000000 && $number < 1000000000) { // 百万 $return = number_format($number / 1000000, 1) . 'M+'; } elseif ($number > 1000000000) { // 10亿 $return = number_format($number / 1000000000, 1) . 'B+'; } return $return; } //---------------表单安全过滤--------------- /* * 专门处理表单多维数组安全过滤 指定最终级一维数组key为字符串安全处理 $filter 为需要按照字符串处理的key数组 array('key1','key2') 如需按照int型处理时 $filter 数组为空或省略 $filter = array('name','message','brief'); well_param(1, array(), $filter); well_param('warm_up', array(), array('name','message','brief')); */ function well_param($key, $defval = '', $filter = array(), $htmlspecialchars = TRUE, $addslashes = FALSE) { if (!isset($_REQUEST[$key]) || (0 == $key && empty($_REQUEST[$key]))) { if (is_array($defval)) { return array(); } else { return $defval; } } $val = $_REQUEST[$key]; $val = well_param_force($val, $filter, $htmlspecialchars, $addslashes); return $val; } function well_param_force($val, $filter, $htmlspecialchars, $addslashes) { if (empty($val)) return array(); foreach ($val as $k => &$v) { if (is_array($v)) { $v = well_mulit_array_safe($v, array(), $filter, $htmlspecialchars, $addslashes); } else { $defval = well_safe_defval($k, $filter); $v = well_safe($v, $defval, $htmlspecialchars, $addslashes); } } return $val; } // 遍历多维数组安全过滤 $filter一维数组中能找到的一律按照字符处理 function well_mulit_array_safe($array, $arr, $filter, $htmlspecialchars, $addslashes) { if (is_array($array)) { foreach ($array as $key => $value) { if (is_array($value)) { well_mulit_array_safe($value, $arr[$key], $filter, $htmlspecialchars, $addslashes); } else { $defval = well_safe_defval($key, $filter); $arr[$key] = well_safe($value, $defval, $htmlspecialchars, $addslashes); } } } return $arr; } // 返回1则按照字符串处理 function well_safe_defval($key, $filter) { $defval = 0; if (is_array($filter)) { // 限定的 key值 按照字符串处理 $defval = in_array($key, $filter) ? 1 : 0; } return $defval; } // 参数安全处理 function well_safe($val, $defval, $htmlspecialchars, $addslashes) { $get_magic_quotes_gpc = _SERVER('get_magic_quotes_gpc'); // 处理字符串 if (1 == $defval) { //$val = trim($val); $addslashes and empty($get_magic_quotes_gpc) && $val = addslashes($val); empty($addslashes) and $get_magic_quotes_gpc && $val = stripslashes($val); $htmlspecialchars and $val = htmlspecialchars($val, ENT_QUOTES); } else { $val = intval($val); } return $val; } // 专门处理表单多维数组安全过滤 哪些表单限定数字 // well_mulit_array_int(array(), array('id','fid')); function well_mulit_array_int($array = array(), $filter = array()) { if (empty($array)) return; foreach ($array as $key => $value) { if (is_array($value)) { well_mulit_array_int($value, $filter); } else { if (in_array($key, $filter) && !is_numeric($value)) message(1, lang('type_error')); } } } //---------------表单安全过滤结束--------------- /* * @param $str 转换字符串 * @param string $charset 转换编码 * @param string $original 字符串原始编码 * @return string */ function code_conversion($str, $charset = 'utf-8', $original = '') { if ($original) return iconv($original, $charset . '//IGNORE', $str); $list = array('gb2312', 'big5', 'ascii', 'gbk', 'utf-16', 'ucs-2', 'utf-8'); $encoding_list = $charset == 'utf-8' ? $list : array('utf-8', 'utf-16', 'ascii', 'gb2312', 'gbk'); $encoding = mb_detect_encoding($str, $encoding_list); // 强制转换 $encoding = in_array($encoding, $list) ? $encoding : $charset; return mb_convert_encoding($str, $charset, $encoding); } // 过滤用户昵称里面的特殊字符 function filter_username($username) { $username = preg_replace_callback('/./u', "filter_emoji", $username); return $username; } // emoji过滤 function filter_emoji($match) { return strlen($match[0]) >= 4 ? '' : $match[0]; } // check plugin installation / $dir插件目录名 function check_plugin($dir, $file = NULL, $return = FALSE) { $r = pull_plugin_info($dir); if (empty($r)) return FALSE; $destpath = APP_PATH . 'plugin/' . $dir . '/'; if ($file) { $getfile = $destpath . $file; $str = file_get_contents($getfile); return $return ? htmlspecialchars($str) : $str; } else { if ($r['installed'] && $r['enable']) { return TRUE; } else { return FALSE; } } } // pull plugin info function pull_plugin_info($dir) { $destpath = APP_PATH . 'plugin/' . $dir . '/'; if (!file_exists($destpath)) return FALSE; $conffile = $destpath . 'conf.json'; $r = xn_json_decode(file_get_contents($conffile)); return $r; } // 0:pc 1:wechat 2:pad 3:mobile function get_device() { $agent = _SERVER('HTTP_USER_AGENT'); static $cache = array(); $md5 = md5($agent); if (isset($cache[$md5])) return $cache[$md5]; if (FALSE !== strpos($agent, 'MicroMessenger')) { $cache[$md5] = 1; // 微信 } elseif (strpos($agent, 'pad') || strpos($agent, 'Pad')) { $cache[$md5] = 2; // pad } elseif (isset($_SERVER['HTTP_X_WAP_PROFILE']) || (isset($_SERVER['HTTP_VIA']) && stristr($_SERVER['HTTP_VIA'], "wap") || stripos($agent, 'phone') || stripos($agent, 'mobile') || strpos($agent, 'ipod'))) { $cache[$md5] = 3; // 手机 } else { $cache[$md5] = 0; } return $cache[$md5]; } // random string, no number function rand_str($length) { $str = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; return substr(str_shuffle($str), 26, $length); } // html换行转换为\r\n function br_to_chars($data) { //$data = htmlspecialchars_decode($data); return str_replace("
", "\r\n", $data); } // 直接传message 也可以传数组$arr = array('message' => message, 'doctype' => 1, 'gid' => $gid) // 格式转换: 类型,0: html, 1: txt; 2: markdown; 3: ubb // 入库时进行转换,编辑时再转码 function code_safe($arr) { if (empty($arr)) return array(); // 如果没有传doctype变量 默认为 0 安全格式 $doctype = isset($arr['doctype']) ? intval($arr['doctype']) : 0; $gid = empty($arr['gid']) ? 0 : intval($arr['gid']); $message = isset($arr['message']) ? $arr['message'] : $arr; if ($message) { // 格式转换: 类型,0: html, 1: txt; 2: markdown; 3: ubb $message = htmlspecialchars($message, ENT_QUOTES); // html格式过滤不安全代码 管理员html格式时不转换 0 == $doctype && $message = group_access($gid, 'managecontent') ? $message : xn_html_safe($message); // text转html格式\r\n会被转换html代码 1 == $doctype && $message = xn_txt_to_html($message); } return $message; } // 过滤所有html标签 function filter_all_html($text) { $text = trim($text); $text = stripslashes($text); $text = strip_tags($text); $text = str_replace(array(' ', '/', "\t", "\r\n", "\r", "\n", ' ', ' ', ' ', ' '), '', $text); //$text = htmlspecialchars($text, ENT_QUOTES); // 入库前保留干净,入库时转码 输出时无需htmlspecialchars_decode() return $text; } function filter_html($text) { global $config; $filter = array_value($config, 'filter'); $arr = array_value($filter, 'content'); $html_enable = array_value($arr, 'html_enable'); $html_tag = array_value($arr, 'html_tag'); if (0 == $html_enable || empty($html_tag)) return TRUE; $html_tag = htmlspecialchars_decode($html_tag); $text = trim($text); $text = stripslashes($text); $text = strip_tags($text, "$html_tag"); // 需要保留的字符在后台设置 $text = str_replace(array("\r\n", "\r", "\n", ' ', ' ', ' ', ' '), '', $text); //$text = preg_replace('#\s+#', '', $text);//空白区域 会过滤图片等 //$text = preg_replace("#<(.*?)>#is", "", $text); // 过滤所有的style $text = preg_replace("#style=.+?['|\"]#i", '', $text); // 过滤所有的class $text = preg_replace("#class=.+?['|\"]#i", '', $text); // 获取img= 过滤标签中其他属性 $text = preg_replace('#('; search_directory($sub_path); } else { //echo ' 最底层文件: ' . $path . '/' . $val . '
'; $ext = strtolower(file_ext($sub_path)); if (in_array($ext, array('php', 'asp', 'jsp', 'cgi', 'exe', 'dll'), TRUE)) { echo '异常文件:' . $sub_path . '
'; } } } } } // 一维数组转字符串 $sign待签名字符串 $url为urlencode转码GET参数字符串 function array_to_string($arr, &$sign = '', &$url = '') { if (count($arr) != count($arr, 1)) throw new Exception('Does not support multi-dimensional array to string'); // 注销签名 unset($arr['sign']); // 排序 ksort($arr); reset($arr); // 转字符串做签名 $url = ''; $sign = ''; foreach ($arr as $key => $val) { if (empty($val) || is_array($val)) continue; $url .= $key . '=' . urlencode($val) . '&'; $sign .= $key . '=' . $val . '&'; } $url = substr($url, 0, -1); $url = htmlspecialchars($url); $sign = substr($sign, 0, -1); } // 私钥生成签名 function rsa_create_sign($data, $key, $sign_type = 'RSA') { if (!function_exists('openssl_sign')) throw new Exception('OpenSSL extension is not enabled'); if (!defined('OPENSSL_ALGO_SHA256')) throw new Exception('Only versions above PHP 5.4.8 support SHA256'); $key = wordwrap($key, 64, "\n", true); if (FALSE === $key) throw new Exception('Private Key Error'); $key = "-----BEGIN RSA PRIVATE KEY-----\n$key\n-----END RSA PRIVATE KEY-----"; if ('RSA2' == $sign_type) { openssl_sign($data, $sign, $key, OPENSSL_ALGO_SHA256); } else { openssl_sign($data, $sign, $key, OPENSSL_ALGO_SHA1); } // 加密 return base64_encode($sign); } // 公钥验证签名 function rsa_verify_sign($data, $sign, $key, $sign_type = 'RSA') { $key = wordwrap($key, 64, "\n", true); if (FALSE === $key) throw new Exception('Public Key Error'); $key = "-----BEGIN PUBLIC KEY-----\n$key\n-----END PUBLIC KEY-----"; // 签名正确返回1 签名不正确返回0 错误-1 if ('RSA2' == $sign_type) { $result = openssl_verify($data, base64_decode($sign), $key, OPENSSL_ALGO_SHA256); } else { $result = openssl_verify($data, base64_decode($sign), $key, OPENSSL_ALGO_SHA1); } return $result === 1; } // Array to xml array('appid' => 'appid', 'code' => 'success') function array_to_xml($arr) { if (!is_array($arr) || empty($arr)) throw new Exception('Array Error'); $xml = ""; foreach ($arr as $key => $val) { if (is_numeric($val)) { $xml .= "<" . $key . ">" . $val . ""; } else { $xml .= "<" . $key . ">"; } } $xml .= ""; return $xml; } // Xml to array function xml_to_array($xml) { if (!$xml) throw new Exception('XML error'); $old = libxml_disable_entity_loader(true); // xml解析 $result = (array)simplexml_load_string($xml, null, LIBXML_NOCDATA | LIBXML_COMPACT); // 恢复旧值 if (FALSE === $old) libxml_disable_entity_loader(false); return $result; } // 逐行读取 function well_import($file) { if ($handle = fopen($file, 'r')) { while (!feof($handle)) { yield trim(fgets($handle)); } fclose($handle); } } // 计算总行数 function well_import_total($file, $key = 'well_import_total') { static $cache = array(); if (isset($cache[$key])) return $cache[$key]; $count = cache_get($key); if (NULL === $count) { $count = 0; $globs = well_import($file); while ($globs->valid()) { ++$count; $globs->next(); // 指向下一个 } $count and cache_set($key, $count, 300); } return $cache[$key] = $count; } $g_dir_file = FALSE; function well_search_dir($path) { global $g_dir_file; FALSE === $g_dir_file and $g_dir_file = array(); if (is_dir($path)) { $paths = scandir($path); foreach ($paths as $val) { $sub_path = $path . '/' . $val; if ('.' == $val || '..' == $val) { continue; } else if (is_dir($sub_path)) { well_search_dir($sub_path); } else { $g_dir_file[] = $sub_path; } } } return $g_dir_file; } ?>
ParseError: syntax error, unexpected end of file in /www/wwwroot/roclinux.cn/tmp/model_flag.func.php:353 Stack trace: #0 /www/wwwroot/roclinux.cn/index.php(28): include() #1 {main}