1. 首頁
  2. 問答
  3. PHP函數call_user_func_array使用

PHP函數call_user_func_array使用

2014-01-10 32 views
0

我在想如何在代碼中安全地使用call_user_func_array()PHP函數call_user_func_array使用

以下編碼函數的方式是安全的嗎?

function outertext() { 
    // … 
    if ($this->dom && $this->dom->callback!==null) { 
     call_user_func_array($this->dom->callback, array($this)); 
    } 
    // … 
}

什麼是使用PHP的call_user_func_array()的最佳方法。我們如何能夠利用這個功能概念的安全

證明:(攻擊者如何在這個函數攻擊)

<?php 
class simple_html_dom_node { 
    private $dom; 
    public function __construct() { 
     $callback = array(new WP_Screen(), 'render_screen_meta'); 
     $this->dom = (object) array('callback' => $callback); 
    } 
} 
class WP_Screen { 
    private $_help_tabs; 
    public $action; 
    function __construct() { 
     $count = array('count' => 'echo "schwag" > /tmp/1337h4x0rs'); 
     $this->action = (object) $count; 
     $this->_help_tabs = array(array(
      'callback' => 'wp_generate_tag_cloud', 
      'topic_count_scale_callback' => 'shell_exec')); 
    } 
} 
echo serialize(new simple_html_dom_node()).''; 
?>

來源

2014-01-10 user3134488

+0

只有受信任的字符串,從來沒有用戶輸入使用。 – meagar

回答

0

檢查該修改例

<?php 

class WP_Screen { 
    private $_help_tabs; 
    public $action; 
    function __construct() { 
     $count = array('count' => 'echo "schwag" > /tmp/1337h4x0rs'); 
     $this->action = (object) $count; 
     $this->_help_tabs = array(array(
      'callback' => 'wp_generate_tag_cloud', 
      'topic_count_scale_callback' => 'shell_exec')); 
    } 

    public function render_screen_meta() 
    { 
     echo __METHOD__; 
    } 

} 

class simple_html_dom_node 
{ 
    private $dom; 

    public function __construct() 
    { 
     $callback = array(new WP_Screen(), 'render_screen_meta'); 

     $this->dom = (object) array('callback'=>$callback); 
    } 

    public function outer_text() 
    { 
     //verify the dom callback function here 
     if(is_callable($this->dom->callback)) 
     { 
      //invoke the method here 
      call_user_func_array($this->dom->callback, array()); 
     } 

    } 

} 

//create an object 
$obj = new simple_html_dom_node(); 

//invoke the method 
$obj->outer_text();

來源

2014-01-10 06:52:01 Sundar

0

收銀臺下面的例子

<?php 
function foobar($arg, $arg2) { 
    echo __FUNCTION__, " got $arg and $arg2\n"; 
} 
class foo { 
    function bar($arg, $arg2) { 
    echo __METHOD__, " got $arg and $arg2\n"; 
    } 
} 


// Call the foobar() function with 2 arguments 
call_user_func_array("foobar", array("one", "two")); 

// Call the $foo->bar() method with 2 arguments 
$foo = new foo; 
call_user_func_array(array($foo, "bar"), array("three", "four")); 
?>

輸出將

foobar得到了一個和兩個

foo::bar got three and four

來源

2014-01-10 06:20:12 shivaP

+0

查看更新的PHP代碼 – user3134488

0

驗證第一方法在類存在或不使用任何函數的

method_exists或is_callable

參考:

http://in2.php.net/manual/en/function.is-callable.php http://in2.php.net/method_exists

實施例:

<?php 

class someClass { 

    function someMethod() 
    { 
    } 

} 

$anObject = new someClass(); 

$methodVariable = array($anObject, 'someMethod'); 

is_callable($methodVariable, true, $callable_name); 

if($callable_name) 
{ 
    //use your function call here 
    call_user_func_array(callback_function, array(object)); 
}

來源

2014-01-10 06:25:53 Sundar

+0

查看更新的PHP代碼 – user3134488

+0

檢查第三個答案 – Sundar

相關問題

 相關問題