php框架代码审计思路
<div style="color: black; text-align: left; margin-bottom: 10px;">
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic1.zhimg.com/v2-45185c340d212e6e9b69fb3b4143f41c_b.jpg" style="width: 50%; margin-bottom: 20px;"></div>
</div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">程序员写在<span style="color: black;">文案</span>前:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">本周技术分享,程序员小星想以“php框架代码审计”为题,与<span style="color: black;">大众</span>分享一下小星对代码的审计思路。但<span style="color: black;">因为</span>内容较多,此次小星先从兼容模式和path_info模式、命名空间、tp5的正常调用流程等七大部分与<span style="color: black;">大众</span>进行讨论。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(一)内容</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1. MVC基本的架构</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2. 漏洞挖掘</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">thinkphp、Yii、larevel</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">M 模块</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">V 界面</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">C <span style="color: black;">掌控</span>器</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">MVC设计模式的优点?</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1)解耦合 2)多接口、降低<span style="color: black;">研发</span>成本 3)高复用</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(二)<span style="color: black;">运用</span>方式</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">application 应用目录(放自己的代码)</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> |---- admin 放后台文件</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> |________controller</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> |---- index 放前台文件</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">|________controller</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">public 入口文件</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> |---- index.php 网站的入口文件</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">thinkphp 核心文件</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(三)<span style="color: black;">拜访</span>方式</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">thinkphp所有的都是用URL来实现。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">thinkphp的<span style="color: black;">拜访</span>模式:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1)http://localhost/index.php/模块名<span style="color: black;">叫作</span>/<span style="color: black;">掌控</span>器的名/<span style="color: black;">办法</span>名/参数/vaulue</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2)http://localhost/index.php/模块名<span style="color: black;">叫作</span>/<span style="color: black;">掌控</span>器的名/<span style="color: black;">办法</span>名?参数=value</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">模块名<span style="color: black;">叫作</span>:在application下,例如index文件夹是模块名。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">掌控</span>器的名:在index下有一controller,这个controller下有index.php,那他的<span style="color: black;">掌控</span>器的名<span style="color: black;">便是</span>index。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">办法</span>名:<span style="color: black;">办法</span><span style="color: black;">便是</span>index.php下的<span style="color: black;">有些</span><span style="color: black;">办法</span>名<span style="color: black;">叫作</span>。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">构造URL:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">http://localhost/index.php/index/Index/hello/name/11111</p>
<div style="color: black; text-align: left; margin-bottom: 10px;"><img src="https://pic4.zhimg.com/80/v2-6202caa5827921e542d5fbabf81b25fb_720w.webp" style="width: 50%; margin-bottom: 20px;"></div>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(四)兼容模式和path_info模式</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1)tp<span style="color: black;">运用</span>兼容模式的写法:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">http://localhost/index.php?s=index/Index/hello&name=1111</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2)pathinfo<span style="color: black;">拜访</span>的模式:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">http://localhost/index.php/index/Index/hello/name/11111</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">3)<span style="color: black;">能够</span>得到:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">http://localhost/index.php?s=模块/<span style="color: black;">掌控</span>器/<span style="color: black;">办法</span>&参数=value</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">(五)关于命名空间</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">tp5遵循一个psr-4自动加载规范,他<span style="color: black;">能够</span>去自动加载类,<span style="color: black;">必须</span><span style="color: black;">恰当</span>的、正确的命名空间。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">一组的健康的、合格的tp5代码<span style="color: black;">必须</span>一个<span style="color: black;">恰当</span>的命名空间。</p>
你的见解独到,让我受益匪浅,非常感谢。 你的见解独到,让我受益匪浅,非常感谢。 谢谢、感谢、感恩、辛苦了、有你真好等。 感谢你的精彩评论,为我的思绪打开了新的窗口。
页:
[1]