action\users\user_ico_cut_save.action.php| 3 | require("foundation/module_users.php"); |
| 4 | require("foundation/aintegral.php"); |
| 5 | require("foundation/fcontent_format.php"); |
| 6 | require("api/base_support.php"); |
| 8 | $u_langpackage=new userslp; |
| 10 | dbtarget('w',$dbServs); |
| 12 | $photo_url=short_check(get_argg('pic')); //这里这里. |
| 13 | $user_id=get_sess_userid();//用户ID |
| 14 | $user_name=get_sess_username();//用户名 |
| 15 | $ico_url=long_check(get_argp('u_ico_url')); |
| 21 | if(preg_match("/uploadfiles\/photo_store/",$photo_url)){ |
| 22 | unlink($photo_url);//删除临时图片文件 // you know |
\iwebsns\action\poll\poll_submit.action.php
| 2 | $user_id=get_sess_userid(); |
| 3 | $user_name=get_sess_username(); |
| 4 | $userico=get_sess_userico(); |
| 5 | $cho=get_argp('pol_cho'); //此处可控未过滤 |
| 6 | $pid=intval(get_argg('pid')); |
| 7 | $anon=short_check(get_argp('anonymity')); |
| 8 | $total_credit=intval(get_argp('credit')); |
| 9 | $per_int=intval(get_argp('percredit')); |
| 10 | $p_subject=short_check(get_argp('subject')); 往下看 |
| 14 | $sql="select `option` from $t_polloption where oid in(0.$option)"; //you know too |
action\users\user_info.action
| 2 | require("foundation/module_users.php"); |
| 4 | $u_langpackage=new userslp; |
| 6 | $user_id =get_sess_userid(); |
| 7 | $model = short_check(get_argg('model')); |
| 8 | $birth_year = short_check(get_argp('birth_year')); |
| 9 | $birth_month = short_check(get_argp('birth_month')); |
| 10 | $birth_day = short_check(get_argp('birth_day')); |
| 11 | $reside_city = short_check(get_argp('reside_city')); |
| 12 | $reside_province = short_check(get_argp('reside_province')); |
| 13 | $birth_city = short_check(get_argp('birth_city')); |
| 14 | $birth_province = short_check(get_argp('birth_province')); |
| 15 | $is_finish=intval(get_argg('is_finish')); |
| 16 | $info = get_argp('info'); //看这里 |
| 20 | foreach($info as $key => $value){ |
| 22 | $key=explode('|',$key); |
| 23 | $sql="insert into $t_user_info (user_id,info_id,info_value) values ($user_id,'".$key[0]."','$value')";//直接查询, 不过受Gpc |
| 24 | $dbo -> exeUpdate($sql); |
相关iwebsns1.0 任意文件删除&&2个注入