最受欢迎

这个php脚本安全吗?fwrite和get

Is this php script safe? fwrite and get

本文关键字:fwrite get php 脚本 安全 这个 | 更新日期: 2023-09-27

此脚本的目的是每当出现404/500 etc服务器错误时,将日志邮寄给网站管理员。

该脚本使用fwrite对日志进行计数,然后保存10个日志,如果达到10个日志则发送这些日志。它通过echo使用了一些值和显示值,我怎么能确定它没有XSS或其他可破解的问题。我知道这个脚本可能没有那么先进、高效或干净,但它对我有好处。我只是担心它的安全。

.htaccess文件

ErrorDocument 400 /errors/error.php?err=400
ErrorDocument 401 /errors/error.php?err=401
ErrorDocument 403 /errors/error.php?err=403
ErrorDocument 404 /errors/error.php?err=404
ErrorDocument 500 /errors/error.php?err=500
ErrorDocument 410 /errors/error.php?err=410

php文件/errors/error.php

<?php
$fp = fopen("counterlog.txt", "r"); 
$count = fread($fp, 1024); 
fclose($fp); 

$errorNum = (int)$_GET['err'];
$err_str = array(404=>'Type of error: Not Found (404)', 400=>'Type of error: Bad Request (400)', 401=>'Type of error: Unauthorized (401)', 403=>'Type of error: Forbidden (403)', 410=>'Type of error: Gone (410)', 500=>'Type of error: Internal Server Error (500)');
$ip = getenv ("REMOTE_ADDR"); 
$requri = getenv ("REQUEST_URI"); 
$servname = getenv ("SERVER_NAME"); 
$combine = $ip . " tried to load " . $servname . $requri; 
$httpref = getenv ("HTTP_REFERER");
if (empty($httpref)) { 
 $httpref = "Unknown Location";
}
$httpagent = getenv ("HTTP_USER_AGENT");
$today = date("F j, Y, H:i:s"); 
$note = "This information has been sent to the webmaster." ;
$message = "On $today 'n <br> $combine <br> 'n User Agent = $httpagent 'n <br>User got there from: $httpref <br><br> $err_str[$errorNum] <br><br> $note'n ";
$message2 = "#$count 'n $today 'n $combine 'n User Agent = $httpagent 'n User got there     from: $httpref 'n $err_str[$errorNum] 'n'n ";
$fh = fopen("errorlogje.txt", "a") or die("can't open file");
$stringData = $message2;
fwrite($fh, $stringData);
fclose($fh);
if ($count == 10) {
$count = 0;
$fh = fopen("errorlogje.txt", "r");
$bericht = fread($fh, 4096);
$to = "mail@mail.nl"; // webmaster email
$subject = "errorpage guardian has a message"; // email bericht
$from = "From: mailguardian@mail.nl'r'n";  // email afzender (makelijk voor het sorteren)
mail($to, $subject, $bericht, $from);
$fh = fopen("errorlogje.txt", "w");
fclose($fh);
}
else {
$count = $count + 1;
}
$fp = fopen("counterlog.txt", "w"); 
fwrite($fp, $count); 
fclose($fp); 
echo " $message ";
?>

是的,它非常安全。您使用的唯一$_GET值被强制转换为integer,这样就消除了任何可能的问题。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习