elseif ($action == 'pay99bill') { include_once(D_P.'data/bbscache/ol_config.php');
!$ol_onlinepay && Showmsg($ol_whycolse);
if (!$ol_99bill || !$ol_99billcode) {
Showmsg('olpay_seterror');
}
strlen($ol_99bill)==11 && $ol_99bill .= '01';
if (trim(GetGP('merchantAcctId'))!=$ol_99bill) {
Showmsg('olpay_seterror');
}
$para = array('payType','bankId','orderId','orderTime','orderAmount','dealId','bankDealId', 'dealTime','payAmount','fee','payResult','errCode'); InitGP($para);
$cksignMsg = "merchantAcctId=$ol_99bill&version=v2.0&language=1&signType=1";
foreach ($para as $value) {
$postvalue = trim(${$value});
if (strlen($postvalue)>0) {
$cksignMsg .= "&$value=$postvalue";
}
}
if (strtoupper(md5($cksignMsg."&key=$ol_99billcode"))!=strtoupper(trim(GetGP('signMsg')))) {
Showmsg('olpay_seterror');
}
if ($payResult == '10') {
$rt = $db->get_one("SELECT c.uid,c.number,c.state,m.username FROM pw_cdpay c LEFT JOIN pw_members m USING(uid) WHERE c.order_no='$orderId'");
$rt['state'] && refreshto($basename,'complete_list');
$payamount = $payAmount/100;
$rt['number']!=$payamount && Showmsg('gross_error');
$productnum = $payamount*$db_rmbrate; $credit->addLog('main_olpay',array($db_awardcredit => $productnum),array(
'uid' => $rt['uid'],
'username' => addslashes($rt['username']),
'ip' => $onlineip,
'number' => $rt['number']
));
$credit->set($rt['uid'],$db_awardcredit,$productnum); $db->update("UPDATE pw_cdpay SET state=2,descrip='已完成订单' WHERE order_no='$orderId'"); $cksignMsg = explode('&',$cksignMsg);
foreach ($cksignMsg as $key => $value) {
$cksignMsg[$key] = urlencode($value);
}
$cksignMsg['date'] = get_date($timestamp,'Y-m-d-H:i:s');
$cksignMsg['site'] = $_SERVER['HTTP_HOST'];
$cksignMsg = implode('&',$cksignMsg);
@file("http://www.phpwind.com/pay/paypal.php?$cksignMsg");
}
ob_clean();
require PrintHack('index');
hackfooter();
如何过滤掉传入变量 $cksignMsg 中的 & 符呢
!$ol_onlinepay && Showmsg($ol_whycolse);
if (!$ol_99bill || !$ol_99billcode) {
Showmsg('olpay_seterror');
}
strlen($ol_99bill)==11 && $ol_99bill .= '01';
if (trim(GetGP('merchantAcctId'))!=$ol_99bill) {
Showmsg('olpay_seterror');
}
$para = array('payType','bankId','orderId','orderTime','orderAmount','dealId','bankDealId', 'dealTime','payAmount','fee','payResult','errCode'); InitGP($para);
$cksignMsg = "merchantAcctId=$ol_99bill&version=v2.0&language=1&signType=1";
foreach ($para as $value) {
$postvalue = trim(${$value});
if (strlen($postvalue)>0) {
$cksignMsg .= "&$value=$postvalue";
}
}
if (strtoupper(md5($cksignMsg."&key=$ol_99billcode"))!=strtoupper(trim(GetGP('signMsg')))) {
Showmsg('olpay_seterror');
}
if ($payResult == '10') {
$rt = $db->get_one("SELECT c.uid,c.number,c.state,m.username FROM pw_cdpay c LEFT JOIN pw_members m USING(uid) WHERE c.order_no='$orderId'");
$rt['state'] && refreshto($basename,'complete_list');
$payamount = $payAmount/100;
$rt['number']!=$payamount && Showmsg('gross_error');
$productnum = $payamount*$db_rmbrate; $credit->addLog('main_olpay',array($db_awardcredit => $productnum),array(
'uid' => $rt['uid'],
'username' => addslashes($rt['username']),
'ip' => $onlineip,
'number' => $rt['number']
));
$credit->set($rt['uid'],$db_awardcredit,$productnum); $db->update("UPDATE pw_cdpay SET state=2,descrip='已完成订单' WHERE order_no='$orderId'"); $cksignMsg = explode('&',$cksignMsg);
foreach ($cksignMsg as $key => $value) {
$cksignMsg[$key] = urlencode($value);
}
$cksignMsg['date'] = get_date($timestamp,'Y-m-d-H:i:s');
$cksignMsg['site'] = $_SERVER['HTTP_HOST'];
$cksignMsg = implode('&',$cksignMsg);
@file("http://www.phpwind.com/pay/paypal.php?$cksignMsg");
}
ob_clean();
require PrintHack('index');
hackfooter();
如何过滤掉传入变量 $cksignMsg 中的 & 符呢
escapeshellarg
escapeshellcmd
htmlentities
script_tags