Please select To the mobile version | Continue to access the desktop computer version
| |
| | |

CodersClub

 Forgot password?
 Register
Search
View: 313|Reply: 4
Collapse the left

815版本的https部分修改缺少对http协议的兼容

[Copy link]
Post time: 2018-7-5 19:02
| Show all posts |Read mode
虽说https是大趋势,但实际应用中,往往再说难免会存在htpp协议的网页链接地址。
扫了一眼815版本更新的代码,所有的都是https一刀切,没有给http协议留下任何余地。
比如这个发布文章时的跳转url:
source\include\portalcp\portalcp_article.php
更新之前官方的版本
  1. if(substr($_GET['url'], 0, 7) !== 'http://') {
  2.                 $_GET['url'] = '';
  3.         }
Copy the Code
815版本
  1. if(!preg_match('/^https?:\/\//', $_GET['url'])) {
  2.                 $_GET['url'] = '';
  3.         }
Copy the Code
代码中缺少对http协议的兼容处理。且如若应用到手机触屏版或者其他用途,可能协议也不仅仅是https或者http。可能有其他的协议类型,来唤起或调用某个扩展应用协议。
而我是这样处理的
  1. <blockquote><span style="white-space:pre">        </span>if(!empty($_GET['url'])&&!(strpos($_GET['url'], '://'))) {
Copy the Code


 Russia

Post time: 2018-7-11 19:40
| Show all posts
Fix in rev.#824

 Russia

Post time: 2018-7-5 20:25
| Show all posts
Your concerns about https are vain,
because the regular expression preg_match('/https?:\/\//is',$useragent) means "http OR https"
 Author| Post time: 2018-7-6 10:50
| Show all posts
vot 2018-7-5 20:25
Your concerns about https are vain,
because the regular expression preg_match('/https?:\/\//is',$use ...

都怪我太菜,才提出这样的疑问。学习了
 Author| Post time: 2018-7-11 10:21
| Show all posts
vot 2018-7-5 20:25
Your concerns about https are vain,
because the regular expression preg_match('/https?:\/\//is',$use ...

source\include\portalcp\portalcp_article.php
line76
  1. if(substr($_GET['fromurl'], 0, 7) !== 'http://') {
  2.                 $_GET['fromurl'] = '';
  3.         }
Copy the Code

This post contains more resources

You have to Login for download or view attachment(s). No Account? Register

x
You have to log in before you can reply Login | Register

Points Rules

Archive|Mobile|Dark room|CodersClub  

2018-9-25 20:50 GMT+3 , Processed in 0.102941 sec., 10 queries .

Powered by Discuz! X3.4

Release 20170801, © 2001-2018 Comsenz Inc.

MultiLingual version, Rev. 710, © 2009-2018 codersclub.org

Quick Reply To Top Return to the list