From 7b8325ea90e228c2563121bb6f9040876e767bc1 Mon Sep 17 00:00:00 2001
From: ws <2717763591@qq.com>
Date: Mon, 29 Aug 2022 20:20:11 +0800
Subject: [PATCH] =?UTF-8?q?10=20=E4=BB=A3=E7=A0=81=E9=94=99=E8=AF=AF?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ...\226\347\240\201\347\273\225\350\277\207.php" | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git "a/10 urldecode\344\272\214\346\254\241\347\274\226\347\240\201\347\273\225\350\277\207.php" "b/10 urldecode\344\272\214\346\254\241\347\274\226\347\240\201\347\273\225\350\277\207.php"
index 6880e29..6f9da4d 100644
--- "a/10 urldecode\344\272\214\346\254\241\347\274\226\347\240\201\347\273\225\350\277\207.php"	
+++ "b/10 urldecode\344\272\214\346\254\241\347\274\226\347\240\201\347\273\225\350\277\207.php"	
@@ -1,13 +1,19 @@
+// 10 urldecode二次编码绕过 代码错误问题
+
 <?php
-if(eregi("hackerDJ",$_GET[id])) {
+
+$id = $_GET['id'];
+
+if(preg_match("hackerDJ",$id)) {
   echo("<p>not allowed!</p>");
-  exit();
+  $flag=false;
 }
-
-$_GET[id] = urldecode($_GET[id]);
-if($_GET[id] == "hackerDJ")
+if ($flag === true) {
+$m = urldecode($id);
+if($m == "hackerDJ")
 {
   echo "<p>Access granted!</p>";
   echo "<p>flag: *****************} </p>";
 }
+}
 ?>
\ No newline at end of file