📄 ajax.php
字号:
/** * Creates html to wrap serialized info for iframe xmlhttprequest fakeout * * @param string $id iframe instance id * @param string $data data to pass * @param string $headers headers to pass * * @access private * @return string html page with iframe passing code */ function _iframeWrapper($id, $data, $headers = array()) { $string = '<html><script type="text/javascript">'."\n". 'var Iframe_XHR_headers = new Object();'; foreach ($headers as $label => $value) { $string .= 'Iframe_XHR_headers["'.preg_replace("/\r?\n/", "\\n", addslashes($label)).'"] = "'.preg_replace("/\r?\n/", "\\n", addslashes($value))."\";\n"; } $string .= 'var Iframe_XHR_data = "' . preg_replace("/\r?\n/", "\\n", addslashes($data)) . '";</script>' . '<body onload="parent.HTML_AJAX_IframeXHR_instances[\''.$id.'\']' . '.isLoaded(Iframe_XHR_headers, Iframe_XHR_data);"></body></html>'; return $string; } /** * Handles a proxied grab request * * @return bool true to end the response, false to continue trying to handle it * @access private */ function _iframeGrabProxy() { if (!isset($_REQUEST['Iframe_XHR_id'])) { trigger_error('Invalid iframe ID'); return false; } $this->_iframe = $_REQUEST['Iframe_XHR_id']; $this->_payload = (isset($_REQUEST['Iframe_XHR_data']) ? $_REQUEST['Iframe_XHR_data'] : ''); $url = urldecode($_GET['px']); $url_parts = parse_url($url); $urlregex = '#^https?://#i'; if (!preg_match($urlregex, $url) || $url_parts['host'] != $_SERVER['HTTP_HOST']) { trigger_error('Invalid URL for grab proxy'); return true; } $method = (isset($_REQUEST['Iframe_XHR_HTTP_method']) ? strtoupper($_REQUEST['Iframe_XHR_HTTP_method']) : 'GET'); // validate method if ($method != 'GET' && $method != 'POST') { trigger_error('Invalid grab URL'); return true; } // validate headers $headers = ''; if (isset($_REQUEST['Iframe_XHR_headers'])) { foreach ($_REQUEST['Iframe_XHR_headers'] as $header) { if (strpos($header, "\r") !== false || strpos($header, "\n") !== false) { trigger_error('Invalid grab header'); return true; } $headers .= $header . "\r\n"; } } // tries to make request with file_get_contents() if (ini_get('allow_url_fopen') && version_compare(phpversion(), '5.0.0'. '>=')) { $opts = array( $url_parts['scheme'] => array( 'method' => $method, 'headers' => $headers, 'content' => $this->_payload ) ); $ret = @file_get_contents($url, false, stream_context_create($opts)); if (!empty($ret)) { $this->_sendResponse($ret); return true; } } // tries to make request using the curl extension if (function_exists('curl_setopt')) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, $headers); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $ret = curl_exec($ch); if ($ret !== false) { curl_close($ch); $this->_sendResponse($ret); return true; } } if (isset($url_parts['port'])) { $port = $url_parts['port']; } else { $port = getservbyname(strtolower($url_parts['scheme']), 'tcp'); if ($port === false) { trigger_error('Grab proxy: Unknown port or service, defaulting to 80', E_USER_WARNING); $port = 80; } } if (!isset($url_parts['path'])) { $url_parts['path'] = '/'; } if (!empty($url_parts['query'])) { $url_parts['path'] .= '?' . $url_parts['query']; } $request = "$method {$url_parts['path']} HTTP/1.0\r\n" . "Host: {$url['host']}\r\n" . "Connection: close\r\n" . "$headers\r\n"; // tries to make request using the socket functions $fp = fsockopen($_SERVER['HTTP_HOST'], $port, $errno, $errstr, 4); if ($fp) { fputs($fp, $request); $ret = ''; $done_headers = false; while (!feof($fp)) { $ret .= fgets($fp, 2048); if ($done_headers || ($contentpos = strpos($ret, "\r\n\r\n")) === false) { continue; } $done_headers = true; $ret = substr($ret, $contentpos + 4); } fclose($fp); $this->_sendResponse($ret); return true; } // tries to make the request using the socket extension $host = gethostbyname($url['host']); if (($socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP)) < 0 || ($connected = socket_connect($socket, $host, $port)) < 0 || ($written = socket_write($socket, $request)) < strlen($request)) { trigger_error('Grab proxy failed: ' . socket_strerror($socket)); return true; } $ret = ''; $done_headers = false; while ($out = socket_read($socket, 2048)) { $ret .= $out; if ($done_headers || ($contentpos = strpos($ret, "\r\n\r\n")) === false) { continue; } $done_headers = true; $ret = substr($ret, $contentpos + 4); } socket_close($socket); $this->_sendResponse($ret); return true; } /** * Add a class or classes to those allowed to be unserialized * * @param mixed $classes the class or array of classes to add * * @access public * @return void */ function addAllowedClasses($classes) { if (!is_array($classes)) { $this->_allowedClasses[] = $classes; } else { $this->_allowedClasses = array_merge($this->_allowedClasses, $classes); } $this->_allowedClasses = array_unique($this->_allowedClasses); } /** * Checks that the given callback is callable and allowed to be called * * @param callback $callback the callback to check * * @return bool true if the callback is valid, false otherwise * @access private */ function _validatePhpCallback($callback) { if (!is_callable($callback)) { return false; } $sig = md5(serialize($callback)); return isset($this->_validCallbacks[$sig]); } /** * Register a callback so it may be called from JS * * @param callback $callback the callback to register * * @access public * @return void */ function registerPhpCallback($callback) { $this->_validCallbacks[md5(serialize($callback))] = 1; } /** * Make JavaScript code smaller * * Currently just strips whitespace and comments, needs to remain fast * Strips comments only if they are not preceeded by code * Strips /*-style comments only if they span over more than one line * Since strings cannot span over multiple lines, it cannot be defeated by a * string containing /* * * @param string $input Javascript to pack * * @access public * @return string packed javascript */ function packJavaScript($input) { $stripPregs = array( '/^\s*$/', '/^\s*\/\/.*$/' ); $blockStart = '/^\s*\/\/\*/'; $blockEnd = '/\*\/\s*(.*)$/'; $inlineComment = '/\/\*.*\*\//'; $out = ''; $lines = explode("\n", $input); $inblock = false; foreach ($lines as $line) { $keep = true; if ($inblock) { if (preg_match($blockEnd, $line)) { $inblock = false; $line = preg_match($blockEnd, '$1', $line); $keep = strlen($line) > 0; } } elseif (preg_match($inlineComment, $line)) { $keep = true; } elseif (preg_match($blockStart, $line)) { $inblock = true; $keep = false; } if (!$inblock) { foreach ($stripPregs as $preg) { if (preg_match($preg, $line)) { $keep = false; break; } } } if ($keep && !$inblock) { $out .= trim($line)."\n"; } /* Enable to see what your striping out else { echo $line."<br>"; }//*/ } $out .= "\n"; return $out; } /** * Set an interceptor class * * An interceptor class runs during the process of handling a request, * it allows you to run security checks globally. It also allows you to * rewrite parameters * * You can throw errors and exceptions in your intercptor methods and * they will be passed to javascript * * You can add interceptors are 3 levels * For a particular class/method, this is done by add a method to you class * named ClassName_MethodName($params) * For a particular class, method ClassName($methodName,$params) * Globally, method intercept($className,$methodName,$params) * * Only one match is done, using the most specific interceptor * * All methods have to return $params, if you want to empty all of the * parameters return an empty array * * @param Object $instance an instance of you interceptor class * * @todo handle php callbacks * @access public * @return void */ function setInterceptor($instance) { $this->_interceptor = $instance; } /** * Attempt to intercept a call * * @param string $className Class Name * @param string $methodName Method Name * @param string $callback Not implemented * @param array $params Array of parameters to pass to the interceptor * * @todo handle php callbacks * @access private * @return array Updated params */ function _processInterceptor($className,$methodName,$callback,$params) { $m = $className.'_'.$methodName; if (method_exists($this->_interceptor, $m)) { return $this->_interceptor->$m($params); } $m = $className; if (method_exists($this->_interceptor, $m)) { return $this->_interceptor->$m($methodName, $params); } $m = 'intercept'; if (method_exists($this->_interceptor, $m)) { return $this->_interceptor->$m($className, $methodName, $params); } return $params; }}/** * PHP 4 compat function for interface/class exists * * @param string $class Class name * @param bool $autoload Should the autoloader be called * * @access public * @return bool */function HTML_AJAX_Class_exists($class, $autoload) { if (function_exists('interface_exists')) { return class_exists($class, $autoload); } else { return class_exists($class); }}/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */?>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -