"; if ($tmp_uri == "all") { // OK // $paginate_current_page = "all"; } else { $tmp_uri2 = $tmp_uri; $pattern = '/\d+/'; $replacement = ''; $tmp_uri3 = preg_replace($pattern, $replacement, $tmp_uri2); if ($tmp_uri3 == "") { //print "Checking3...
"; #---- Maybe Ok ---- if ( is_numeric($tmp_uri2) ) { $paginate_current_page = $tmp_uri2; } } } } } } $paginate_num_pages = 1; $paginate_num_sections = 1; //$paginate_current_page = @$_GET['page']; // Pin page selector to a valid number (or 'all') if($paginate_current_page=='') $paginate_current_page = '1'; if($paginate_current_page != 'all') { if($paginate_current_page == 'first') $paginate_current_page = 1; elseif($paginate_current_page == 'last') $paginate_current_page = 1; elseif($paginate_current_page < 1) $paginate_current_page = 1; elseif($paginate_current_page > 1) $paginate_current_page = 1; $paginate_sections = array( 0 , 1); $paginate_top_section = $paginate_sections[$paginate_current_page-1]+1; $paginate_bottom_section = $paginate_sections[$paginate_current_page]; } else { $paginate_top_section = 1; $paginate_bottom_section = 1; } /* if(isset($_SERVER['QUERY_STRING'])) { $paginate_self = '&' . $_SERVER['QUERY_STRING'] . '&'; $paginate_self = preg_replace("/&page=[^&]*&/", "&", $paginate_self); $paginate_self = substr($paginate_self, 1, strlen($paginate_self) - 1); if($paginate_self == '&') $paginate_self = ''; else $paginate_self = htmlentities($paginate_self); } else { $paginate_self = ''; } */ //if ( strlen($_SERVER{'REQUEST_URI'}) >= $uri_maxlength ) //{ /* It is possible to apply a /attack. A server resource is spent by making long String process inside. Although it can say that it is not great processing load, it is steadily from a small thing. However, restriction by HTTP GET is received in this case. For example http://some.url.com/archives/cat2/index.php/////////////////////////////////////////////////////////////////////////////////page/3 Umm.... It is also in such cases.... http://some.url.com/archives////////////////////////cat2/index.php/////////////////////////////////////////////////////////////////////////////////page/3 http://some.url.com///////////////////////////////////////archives////////////////////////cat2/index.php/////////////////////////////////////////////////////////////////////////////////page/3 */ //It is not secure to acquire from the above-mentioned reason to URI. //Since the URI serves as a base when it links URL again after attaching ///purposely, it unites and is also unsavory. $paginate_self = 'http://debz-di.kabocha.to/archives/cat35/index.php/' . $paginate_page_selector; //} ?>
