php - PHP preg_replace RCE
问题描述
I was building a code to sanitize user's input but while doing some searches on google i found out that the function that i used (preg_replace) can lead to remote command execution.
However my code is different from the ones that i found on google and stackoverflow
Is it still RCE'able?
function ft($a,$b=""){
$a = preg_replace("/[^a-zA-Z0-9".$b."]/", "", $a);
return $a;
}
function fo($a){
$a=ft($a,".@_-");
return $a;
}
$test = $_GET["input"];
$func = fo($test);
解决方案
推荐阅读
- javascript - 获取textarea中的最后一个单词位置(x,y)坐标
- puppeteer - 在 puppeteer 中,如何获取由 innerText 找到的元素的 nextSibling 的内容?
- python - 如何运行 setup.py 文件而不位于其目录中?
- flutter - 为什么我的 Flutter 应用在尝试启动 Apple Maps 时会崩溃?
- html - 如何不让用户在日期类型输入中插入值
- python - 尽管存在于 iframe 中,但 Selenium 无法找到特定的 div
- c# - C# Winform LiveCharts 不知道如何绘图
- google-cloud-platform - CHAINLINK NODE - 您的节点超载,可能会开始丢失作业错误
- pine-script - PINESCRIPT:如何找到 macd 柱状图的顶部和底部
- javascript - quasar q-uploader 批量多个上传器仅将单个文件上传到数据库