报错compile_str() flow.php on line 375的解决方法
flow.php line 375,flow.php 找到375行:
* 保存收货人信息 */ $consignee = array( 'address_id' => empty($_POST['address_id']) ? 0 : intval($_POST['address_id']), 'consignee' => empty($_POST['consignee']) ? '' : compile_str(trim($_POST['consignee'])), 'country' => empty($_POST['country']) ? '' : intval($_POST['country']), 'province' => empty($_POST['province']) ? '' : intval($_POST['province']), 'city' => empty($_POST['city']) ? '' : intval($_POST['city']), 'district' => empty($_POST['district']) ? '' : intval($_POST['district']), 'email' => empty($_POST['email']) ? '' : compile_str($_POST['email']), 'address' => empty($_POST['address']) ? '' : compile_str($_POST['address']), 'zipcode' => empty($_POST['zipcode']) ? '' : compile_str(make_semiangle(trim($_POST['zipcode']))), 'tel' => empty($_POST['tel']) ? '' : compile_str(make_semiangle(trim($_POST['tel']))), 'mobile' => empty($_POST['mobile']) ? '' : compile_str(make_semiangle(trim($_POST['mobile']))), 'sign_building' => empty($_POST['sign_building']) ? '' :compile_str($_POST['sign_building']), 'best_time' => empty($_POST['best_time']) ? '' : compile_str($_POST['best_time']), );
这里代码多了个函数 compile_str。 改函数是ecshop最新补丁新加入进入的。原本的这块代码是
'address_id' => empty($_POST['address_id']) ? 0 : intval($_POST['address_id']), 'consignee' => empty($_POST['consignee']) ? '' : trim($_POST['consignee']), 'country' => empty($_POST['country']) ? '' : $_POST['country'], 'province' => empty($_POST['province']) ? '' : $_POST['province'], 'city' => empty($_POST['city']) ? '' : $_POST['city'], 'district' => empty($_POST['district']) ? '' : $_POST['district'], 'email' => empty($_POST['email']) ? '' : $_POST['email'], 'address' => empty($_POST['address']) ? '' : $_POST['address'], 'zipcode' => empty($_POST['zipcode']) ? '' : make_semiangle(trim($_POST['zipcode'])), 'tel' => empty($_POST['tel']) ? '' : make_semiangle(trim($_POST['tel'])), 'mobile' => empty($_POST['mobile']) ? '' : make_semiangle(trim($_POST['mobile'])), 'sign_building' => empty($_POST['sign_building']) ? '' : $_POST['sign_building'], 'best_time' => empty($_POST['best_time']) ? '' : $_POST['best_time'],
该函数是为补漏洞的。 在文件lib_base.php 776行。
/** * 过滤用户输入的基本数据,防止script攻击 * * @access public * @return string */ function compile_str($str) { $arr = array('<' => '<', '>' => '>'); return strtr($str, $arr); }
该函数是为补漏洞的。 过滤用户输入的基本数据,防止script攻击!所以如果网站提示缺少此函数,直接补个函数就可以了。贴在flow.php底部,问题就解决了