关于addslashes的问题

o, 我可以跟踪SQL语句,在自己调试一下,就可以发现。

解决方案 »

  1.   

    是 vbulletin 中 admin/functions.php 中的一段代码。
    其中的一个函数:function acceptupload($moderate=0) {
      global $DB_site,$attachment,$attachment_size,$attachment_name;
      global $attachextensions,$maxattachsize,$bbuserinfo,$maxattachwidth, $maxattachheight;
      global $safeupload,$tmppath, $allowduplicates, $allowimgsizefailure;  $attachment_name = strtolower($attachment_name);
      $extension=getextension($attachment_name);  if (strpos("  $attachextensions  "," $extension ")==0) {
        // invalid extension
        eval("standarderror(\"".gettemplate("error_attachbadtype")."\");");
        exit;
      }
        if (is_uploaded_file($attachment)) {
        if ($safeupload) {
          $path = "$tmppath/$attachment_name";
          move_uploaded_file($attachment, "$path");
          $attachment = $path;
        }
      
        $filesize=filesize($attachment);
        if ($maxattachsize!=0 and $filesize>$maxattachsize) {
          // too big!
          eval("standarderror(\"".gettemplate("error_attachtoobig")."\");");
          exit;
        }
        if ($filesize!=$attachment_size) {
          // security error
          eval("standarderror(\"".gettemplate("error_attacherror")."\");");
          exit;
        }
        if (strstr($attachment,"..")!="") {
          //security error
          eval("standarderror(\"".gettemplate("error_attacherror")."\");");
          exit;
        }
        if ($extension=="gif" or $extension=="jpg" or $extension=="jpeg" or $extension=="jpe" or $extension=="png" or $extension=="swf") { // Picture file
          if ($imginfo=@getimagesize($attachment)) {
            if (($maxattachwidth>0 and $imginfo[0]>$maxattachwidth) or ($maxattachheight>0 and $imginfo[1]>$maxattachheight)) {
              eval("standarderror(\"".gettemplate("error_attachbaddimensions")."\");");
            }
            if (!$imginfo[2]) {
           eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
            }
          } elseif (!$allowimgsizefailure) {
              eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
          }
        }
        
        // read file
        $filenum = fopen($attachment,"rb");
        $filestuff = fread($filenum,$filesize);
        fclose($filenum);
        unlink($attachment);
        $visible = iif($moderate,0,1);
        // add to db
        if (!$allowduplicates) {
          if ($result=$DB_site->query_first("SELECT attachmentid
                                             FROM attachment
                                             WHERE userid = '$bbuserinfo[userid]'
                                               AND filedata = '".addslashes($filestuff)."'")) {
             $threadresult=$DB_site->query_first("SELECT post.threadid as threadid,thread.title as title FROM post
                                                 LEFT JOIN thread ON (thread.threadid = post.threadid)
                                                 WHERE post.attachmentid=$result[attachmentid]");
            $threadresult['title'] = htmlspecialchars($threadresult['title']);
            eval("standarderror(\"".gettemplate("error_attachexists")."\");");
            exit;
          }
        }
        $DB_site->query("INSERT INTO attachment (attachmentid,userid,dateline,filename,filedata,visible) VALUES (NULL,$bbuserinfo[userid],".time().",'".addslashes($attachment_name)."','".addslashes($filestuff)."','$visible')");
        $attachmentid=$DB_site->insert_id();
      }
      return $attachmentid;
    }
      

  2.   

    不好意思,再贴一遍function acceptupload($moderate=0) {
      global $DB_site,$attachment,$attachment_size,$attachment_name;
      global $attachextensions,$maxattachsize,$bbuserinfo,$maxattachwidth, $maxattachheight;
      global $safeupload,$tmppath, $allowduplicates, $allowimgsizefailure;  $attachment_name = strtolower($attachment_name);
      $extension=getextension($attachment_name);  if (strpos("  $attachextensions  "," $extension ")==0) {
        // invalid extension
        eval("standarderror(\"".gettemplate("error_attachbadtype")."\");");
        exit;
      }
        if (is_uploaded_file($attachment)) {
        if ($safeupload) {
          $path = "$tmppath/$attachment_name";
          move_uploaded_file($attachment, "$path");
          $attachment = $path;
        }
      
        $filesize=filesize($attachment);
        if ($maxattachsize!=0 and $filesize>$maxattachsize) {
          // too big!
          eval("standarderror(\"".gettemplate("error_attachtoobig")."\");");
          exit;
        }
        if ($filesize!=$attachment_size) {
          // security error
          eval("standarderror(\"".gettemplate("error_attacherror")."\");");
          exit;
        }
        if (strstr($attachment,"..")!="") {
          //security error
          eval("standarderror(\"".gettemplate("error_attacherror")."\");");
          exit;
        }
        if ($extension=="gif" or $extension=="jpg" or $extension=="jpeg" or $extension=="jpe" or $extension=="png" or $extension=="swf") { // Picture file
          if ($imginfo=@getimagesize($attachment)) {
            if (($maxattachwidth>0 and $imginfo[0]>$maxattachwidth) or ($maxattachheight>0 and $imginfo[1]>$maxattachheight)) {
              eval("standarderror(\"".gettemplate("error_attachbaddimensions")."\");");
            }
            if (!$imginfo[2]) {
           eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
            }
          } elseif (!$allowimgsizefailure) {
              eval("standarderror(\"".gettemplate("error_avatarnotimage")."\");");
          }
        }
        
        // read file
        $filenum = fopen($attachment,"rb");
        $filestuff = fread($filenum,$filesize);
        fclose($filenum);
        unlink($attachment);
        $visible = iif($moderate,0,1);
        // add to db
        if (!$allowduplicates) {
          if ($result=$DB_site->query_first("SELECT attachmentid
                                             FROM attachment
                                             WHERE userid = '$bbuserinfo[userid]'
                                               AND filedata = '".addslashes($filestuff)."'")) {
             $threadresult=$DB_site->query_first("SELECT post.threadid as threadid,thread.title as title FROM post
                                                 LEFT JOIN thread ON (thread.threadid = post.threadid)
                                                 WHERE post.attachmentid=$result[attachmentid]");
            $threadresult['title'] = htmlspecialchars($threadresult['title']);
            eval("standarderror(\"".gettemplate("error_attachexists")."\");");
            exit;
          }
        }
        $DB_site->query("INSERT INTO attachment (attachmentid,userid,dateline,filename,filedata,visible) VALUES (NULL,$bbuserinfo[userid],".time().",'".addslashes($attachment_name)."','".addslashes($filestuff)."','$visible')");
        $attachmentid=$DB_site->insert_id();
      }
      return $attachmentid;
    }