FaceBook源代码泄漏(预防PHP源代码泄漏的方法)
来源:互联网 发布:js offset client 编辑:程序博客网 时间:2024/04/30 14:01
FaceBook源代码泄漏
据TechCrunch的消息称,FaceBook源代码遭到泄漏,并且已经被发布到名叫 Facebook Secrets 博客。一般而言,源代码泄漏发生存在两种情况:其一是内部源代码开发者泄漏,另外一种就是利用程序的漏洞从而获取源代码。登录该博客我们可以看到只是简单的几行代码,虽然不十分确定这就是FaceBook的源代码,然而让人担心的是成千上万用户的私人资料是否也安全呢?这对于Facebook来说无疑是致命的一击!
下面是该博客站点贴出的FaceBook首页源代码。
2. include_once $_SERVER['PHP_ROOT'].'/lib/home.php';
3. include_once $_SERVER['PHP_ROOT'].'/lib/requests.php';
4. include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';
5. include_once $_SERVER['PHP_ROOT'].'/lib/poke.php';
6. include_once $_SERVER['PHP_ROOT'].'/lib/share.php';
7. include_once $_SERVER['PHP_ROOT'].'/lib/orientation.php';
8. include_once $_SERVER['PHP_ROOT'].'/lib/feed/newsfeed.php';
9. include_once $_SERVER['PHP_ROOT'].'/lib/mobile/register.php';
10. include_once $_SERVER['PHP_ROOT'].'/lib/forms_lib.php';
11. include_once $_SERVER['PHP_ROOT'].'/lib/contact_importer/contact_importer.php';
12. include_once $_SERVER['PHP_ROOT'].'/lib/feed/util.php';
13. include_once $_SERVER['PHP_ROOT'].'/lib/hiding_prefs.php';
14. include_once $_SERVER['PHP_ROOT'].'/lib/abtesting.php';
15. include_once $_SERVER['PHP_ROOT'].'/lib/friends.php';
16. include_once $_SERVER['PHP_ROOT'].'/lib/statusupdates.php';
17.
18. // lib/display/feed.php has to be declared here for scope issues.
19. // This keeps display/feed.php cleaner and easier to understand.
20. include_once $_SERVER['PHP_ROOT'].'/lib/display/feed.php';
21. include_once $_SERVER['PHP_ROOT'].'/lib/monetization_box.php';
22.
23. // require login
24. $user = require_login();
25. print_time('require_login');
26. param_request(array( 'react' => $PARAM_EXISTS));
27.
28. // Check and fix broken emails
29. // LN - disabling due to excessive can_see dirties and sets when enabled.
30. //check_and_fix_broken_emails($user);
31.
32. // migrate AIM screenname from profile to screenname table if needed
33. migrate_screenname ($user);
34.
35. // homepage announcement variables
36. $HIDE_ANNOUNCEMENT_BIT = get_site_variable('HIDE_ANNOUNCEMENT_BIT');
37. $HIDE_INTRO_BITMASK = get_site_variable('HIDE_INTRO_BITMASK');
38.
39. // redirects
40. if (is_sponsor_user()) {
41. redirect('bizhome.php', 'www');
42. }
43.
44. include_once $_SERVER['PHP_ROOT'].'/lib/mesg.php';
45. include_once $_SERVER['PHP_ROOT'].'/lib/invitetool.php';
46. include_once $_SERVER['PHP_ROOT'].'/lib/grammar.php';
47. include_once $_SERVER['PHP_ROOT'].'/lib/securityq.php';
48. include_once $_SERVER['PHP_ROOT'].'/lib/events.php';
49. include_once $_SERVER['PHP_ROOT'].'/lib/rooster/stories.php';
50.
51. // todo: password confirmation redirects here (from html/reset.php),
52. // do we want a confirmation message?
53.
54. param_get_slashed(array(
55. 'feeduser' => $PARAM_INT, //debug: gets feed for user here
56. 'err' => $PARAM_STRING, // returning from a failed entry on an orientation form
57. 'error' => $PARAM_STRING, // an error can also be here because the profile photo upload code is crazy
58. 'ret' => $PARAM_INT,
59. 'success' => $PARAM_INT, // successful profile picture upload
60. 'jn' => $PARAM_INT, // joined a network for orientation
61. 'np' => $PARAM_INT, // network pending (for work/address network)
62. 'me' => $PARAM_STRING, // mobile error
63. 'mr' => $PARAM_EXISTS, // force mobile reg view
64. 'mobile' => $PARAM_EXISTS, // mobile confirmation code sent
65. 'jif' => $PARAM_EXISTS, // just imported friends
66. 'ied' => $PARAM_STRING, // import email domain
67. 'o' => $PARAM_EXISTS, // first time orientation, passed on confirm
68. 'verified' => $PARAM_EXISTS)); // verified mobile phone
69.
70. param_post(array(
71. 'leave_orientation' => $PARAM_EXISTS,
72. 'show_orientation' => $PARAM_INT, // show an orientation step
73. 'hide_orientation' => $PARAM_INT)); // skip an orientation step
74.
75. // homepage actions
76. if ($req_react && validate_expiring_hash($req_react, $GLOBALS['url_md5key'])) {
77. $show_reactivated_message = true;
78. } else {
79. $show_reactivated_message = false;
80. }
81. tpl_set('show_reactivated_message', $show_reactivated_message);
82.
83.
84. // upcoming events
85. events_check_future_events($user); // make sure big tunas haven't moved around
86. $upcoming_events = events_get_imminent_for_user($user);
87.
88. // this is all stuff that can be fetched together!
89. $upcoming_events_short = array();
90. obj_multiget_short(array_keys($upcoming_events), true, $upcoming_events_short);
91. $new_pokes = 0;
92. //only get the next N pokes for display
93. //where N is set in the dbget to avoid caching issues
94. $poke_stats = get_num_pokes($user);
95. get_next_pokes($user, true, $new_pokes);
96. $poke_count = $poke_stats['unseen'];
97.
98. $targeted_data = array();
99. home_get_cache_targeted_data($user, true, $targeted_data);
100. $announcement_data = array();
101. home_get_cache_announcement_data($user, true, $announcement_data);
102. $orientation = 0;
103. orientation_get_status($user, true, $orientation);
104. $short_profile = array();
105. profile_get_short($user, true, $short_profile);
106. // pure priming stuff
107. privacy_get_network_settings($user, true);
108. $presence = array();
109. mobile_get_presence_data($user, true, $presence);
110. feedback_get_event_weights($user, true);
111. // Determine if we want to display the feed intro message
112. $intro_settings = 0;
113. user_get_hide_intro_bitmask($user, true, $intro_settings);
114. $user_friend_finder = true;
115. contact_importer_get_used_friend_finder($user, true, $used_friend_finder);
116. $all_requests = requests_get_cache_data($user);
117. // FIXME?: is it sub-optimal to call this both in requests_get_cache_data and here?
118. $friends_status = statusupdates_get_recent($user, null, 3);
119. memcache_dispatch(); // populate cache data
120.
121. // Merman's Admin profile always links to the Merman's home
122. if (user_has_obj_attached($user)) {
123. redirect('mhome.php', 'www');
124. }
125.
126. if (is_array($upcoming_events)) {
127. foreach ($upcoming_events as $event_id => $data) {
128. $upcoming_events[$event_id]['name'] = txt_set($upcoming_events_short[$event_id]['name']);
129. }
130. }
131.
132. tpl_set('upcoming_events' , $upcoming_events);
133.
134. // disabled account actions
135. $disabled_warning = ((IS_DEV_SITE || IS_QA_SITE) && is_disabled_user($user));
136. tpl_set('disabled_warning', $disabled_warning);
137.
138. // new pokes (no more messages here, they are in the top nav!)
139. if (!user_is_guest($user)) {
140. tpl_set('poke_count' , $poke_count);
141. tpl_set('pokes' , $new_pokes);
142. }
143.
144. // get announcement computations
145. tpl_set('targeted_data' , $targeted_data);
146. tpl_set('announcement_data' , $announcement_data);
147.
148.
149. // birthday notifications
150. tpl_set('birthdays' , $birthdays = user_get_birthday_notifications($user, $short_profile));
151. tpl_set('show_birthdays' , $show_birthdays = (count($birthdays) || !$orientation));
152.
153. // user info
154. tpl_set('first_name' , user_get_first_name(txt_set($short_profile['id'])));
155. tpl_set('user' , $user);
156.
157. // decide if there are now any requests to show
158. $show_requests = false;
159. foreach ($all_requests as $request_category) {
160. if ($request_category) {
161. $show_requests = true;
162. break;
163. }
164. }
165. tpl_set('all_requests', $show_requests ? $all_requests : null);
166.
167. $permissions = privacy_get_reduced_network_permissions($user, $user);
168.
169. // status
170. $user_info = array('user' => $user,
171. 'firstname' => user_get_first_name($user),
172. 'see_all' => '/statusupdates/?ref=hp',
173. 'profile_pic' => make_profile_image_src_direct($user, 'thumb'),
174. 'square_pic' => make_profile_image_src_direct($user, 'square'));
175.
176. if (!empty($presence) && $presence['status_time'] > (time() - 60*60*24*7)) {
177. $status = array('message' => txt_set($presence['status']),
178. 'time' => $presence['status_time'],
179. 'source' => $presence['status_source']);
180. } else {
181. $status = array('message' => null, 'time' => null, 'source' => null);
182. }
183. tpl_set('user_info', $user_info);
184.
185. tpl_set('show_status', $show_status = !$orientation);
186. tpl_set('status', $status);
187. tpl_set('status_custom', $status_custom = mobile_get_status_custom($user));
188. tpl_set('friends_status', $friends_status);
189.
190. // orientation
191. if ($orientation) {
192. if ($post_leave_orientation) {
193. orientation_update_status($user, $orientation, 2);
194. notification_notify_exit_orientation($user);
195. dirty_user($user);
196. redirect('home.php');
197. } else if (orientation_eligible_exit(array('uid'=>$user)) == 2) {
198. orientation_update_status($user, $orientation, 1);
199. notification_notify_exit_orientation($user);
200. dirty_user($user);
201. redirect('home.php');
202. }
203. }
204.
205. // timezone - outside of stealth, update user's timezone if necessary
206. $set_time = !user_is_alpha($user, 'stealth');
207. tpl_set('timezone_autoset', $set_time );
208. if ($set_time) {
209. $daylight_savings = get_site_variable('DAYLIGHT_SAVINGS_ON');
210. tpl_set('timezone', $short_profile['timezone'] - ($daylight_savings ? 4 : 5) );
211. }
212.
213. // set next step if we can
214. if (!$orientation) {
215. user_set_next_step($user, $short_profile);
216. }
217.
218. // note: don't make this an else with the above statement, because then no news feed stories will be fetched if they're exiting orientation
219. if ($orientation) {
220. extract(orientation_get_const());
221.
222. require_js('js/dynamic_dialog.js');
223. require_js('js/suggest.js');
224. require_js('js/typeahead_ns.js');
225. require_js('js/suggest.js');
226. require_js('js/editregion.js');
227. require_js('js/orientation.js');
228. require_css('css/typeahead.css');
229. require_css('css/editor.css');
230.
231. if ($post_hide_orientation && $post_hide_orientation <= $ORIENTATION_MAX) {
232. $orientation['orientation_bitmask'] |= ($post_hide_orientation * $ORIENTATION_SKIPPED_MODIFIER);
233. orientation_update_status($user, $orientation);
234. } else if ($post_show_orientation && $post_show_orientation <= $ORIENTATION_MAX) {
235. $orientation['orientation_bitmask'] &= ~($post_show_orientation * $ORIENTATION_SKIPPED_MODIFIER);
236. orientation_update_status($user, $orientation);
237. }
238.
239. $stories = orientation_get_stories($user, $orientation);
240. switch ($get_err) {
241. case $ORIENTATION_ERR_COLLEGE:
242. $temp = array(); // the affil_retval_msg needs some parameters won't be used
243. $stories[$ORIENTATION_NETWORK]['failed_college']=affil_retval_msg($get_ret, $temp, $temp);
244. break;
245. case $ORIENTATION_ERR_CORP:
246. $temp = array();
247. // We special case the network not recognized error here, because affil_retval_msg is retarded.
248. $stories[$ORIENTATION_NETWORK]['failed_corp'] = ($get_ret == 70) ? 'The email you entered did not match any of our supported networks. ' .
249. 'Click here to see our supported list. ' .
250. 'Go here to suggest your network for the future.'
251. : affil_retval_msg($get_ret, $temp, $temp);
252. break;
253. }
254.
255. // photo upload error
256. if ($get_error) {
257. $stories[$ORIENTATION_ORDER[$ORIENTATION_PROFILE]]['upload_error'] = pic_get_error_text($get_error);
258. }
259. // photo upload success
260. else if ($get_success == 1) {
261. $stories[$ORIENTATION_ORDER[$ORIENTATION_PROFILE]]['uploaded_pic'] = true;
262. // join network success
263. } else if ($get_jn) {
264. $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['joined'] = array(
265. 'id' => $get_jn,
266. 'name' => network_get_name($get_jn));
267. // network join pending
268. } else if ($get_np) {
269.
270. $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['join_pending'] = array(
271. 'id' => $get_np,
272. 'email' => get_affil_email_conf($user, $get_np),
273. 'network' => network_get_name($get_np));
274. // just imported friend confirmation
275. } else if ($get_jif) {
276. $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['just_imported_friends'] = true;
277. $stories[$ORIENTATION_ORDER[$ORIENTATION_NETWORK]]['domain'] = $get_ied;
278. }
279.
280. // Mobile web API params
281. if ($get_mobile) {
282. $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['sent_code'] = true;
283. $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['view'] = 'confirm';
284. }
285. if ($get_verified) {
286. $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['verified'] = true;
287. }
288. if ($get_me) {
289. $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['error'] = $get_me;
290. }
291. if ($get_mr) {
292. $stories[$ORIENTATION_ORDER[$ORIENTATION_MOBILE]]['view'] = 'register';
293. }
294.
295. if (orientation_eligible_exit($orientation)) {
296. tpl_set('orientation_show_exit', true);
297. }
298. tpl_set('orientation_stories', $stories);
299.
300. //if in orientation, we hide all feed intros (all 1's in bitmask)
301. $intro_settings = -1;
302.
303. }
304. tpl_set('orientation', $orientation);
305.
306. // Rooster Stories
307. if (!$orientation &&
308. ((get_site_variable('ROOSTER_ENABLED') == 2) ||
309. (get_site_variable('ROOSTER_DEV_ENABLED') == 2))) {
310. $rooster_story_count = get_site_variable('ROOSTER_STORY_COUNT');
311. if (!isset($rooster_story_count)) {
312. // Set default if something is wrong with the sitevar
313. $rooster_story_count = 2;
314. }
315. $rooster_stories = rooster_get_stories($user, $rooster_story_count, $log_omissions = true);
316. if (!emptyempty($rooster_stories) && !emptyempty($rooster_stories['stories'])) {
317. // Do page-view level logging here
318. foreach($rooster_stories['stories'] as $story) {
319. rooster_log_action($user, $story, ROOSTER_LOG_ACTION_VIEW);
320. }
321. tpl_set('rooster_stories', $rooster_stories);
322. }
323. }
324.
325. // set the variables for the home announcement code
326. $hide_announcement_tpl = ($intro_settings | $HIDE_INTRO_BITMASK) & $HIDE_ANNOUNCEMENT_BIT;
327. // if on qa/dev site, special rules
328. $HIDE_INTRO_ON_DEV = get_site_variable('HIDE_INTRO_ON_DEV');
329. if ((IS_QA_SITE || IS_DEV_SITE) && !$HIDE_INTRO_ON_DEV) {
330. $hide_announcement_tpl = 0;
331. }
332.
333. tpl_set('hide_announcement', $hide_announcement_tpl);
334. if($is_candidate = is_candidate_user($user)) {
335. tpl_set('hide_announcement', false);
336. }
337. $home_announcement_tpl = !$hide_announcement_tpl || $is_candidate ? home_get_announcement_info($user) : 0;
338. tpl_set('home_announcement', $home_announcement_tpl);
339. tpl_set('hide_announcement_bit', $HIDE_ANNOUNCEMENT_BIT);
340.
341. $show_friend_finder = !$orientation && contact_importer_enabled($user) && !user_get_hiding_pref($user, 'home_friend_finder');
342. tpl_set('show_friend_finder', $show_friend_finder);
343. if ($show_friend_finder && (user_get_friend_count($user) > 20)) {
344. tpl_set('friend_finder_hide_options', array('text'=>'close',
345. 'onclick'=>"return clearFriendFinder()"));
346. } else {
347. tpl_set('friend_finder_hide_options', null);
348. }
349.
350. $account_info = user_get_account_info($user);
351. $account_create_time = $account_info['time'];
352.
353. tpl_set('show_friend_finder_top',
354. !$used_friend_finder);
355.
356. tpl_set('user', $user);
357.
358.
359. // MONETIZATION BOX
360. $minimize_monetization_box = user_get_hiding_pref($user, 'home_monetization');
361. $show_monetization_box = (!$orientation &&
362. get_site_variable('HOMEPAGE_MONETIZATION_BOX'));
363. tpl_set('show_monetization_box', $show_monetization_box);
364. tpl_set('minimize_monetization_box', $minimize_monetization_box);
365.
366. if ($show_monetization_box) {
367. $monetization_box_data = monetization_box_user_get_data($user);
368. txt_set('monetization_box_data', $monetization_box_data);
369. }
370.
371.
372. // ORIENTATION
373. if ($orientation) {
374. $network_ids = id_get_networks($user);
375. $network_names = multiget_network_name($network_ids);
376. $in_corp_network = in_array($GLOBALS['TYPE_CORP'], array_map('extract_network_type', $network_ids));
377. $show_corp_search = $in_corp_network ||
378. get_age(user_get_basic_info_attr($user, 'birthday')) >= 21;
379. $pending_hs = is_hs_pending_user($user);
380. $hs_id = null;
381. $hs_name = null;
382. if ($pending_hs) {
383. foreach (id_get_pending_networks($user) as $network) {
384. if (extract_network_type($network['network_key']) == $GLOBALS['TYPE_HS']) {
385. $hs_id = $network['network_key'];
386. $hs_name = network_get_name($hs_id);
387. break;
388. }
389. }
390. }
391. //$orientation_people = orientation_get_friend_and_inviter_ids($user);
392. $orientation_people = array('friends' => user_get_all_friends($user),
393. 'pending' => array_keys(user_get_friend_requests($user)),
394. 'inviters'=> array(), // wc: don't show inviters for now
395. );
396. $orientation_info = array_merge($orientation_people,
397. array('network_names' => $network_names,
398. 'show_corp_search' => $show_corp_search,
399. 'pending_hs' => array('hs_id'=>$hs_id,
400. 'hs_name'=>$hs_name),
401. 'user' => $user,
402. ));
403. tpl_set('orientation_info', $orientation_info);
404.
405. tpl_set('simple_orientation_first_login', $get_o); // unused right now
406. }
407.
408.
409. // Roughly determine page length for ads
410. // first, try page length using right-hand panel
411. $ads_page_length_data = 3 + // 3 for profile pic + next step
412. ($show_friend_finder ? 1 : 0) +
413. ($show_status ? ($status_custom ? count($friends_status) : 0) : 0) +
414. ($show_monetization_box ? 1 : 0) +
415. ($show_birthdays ? count($birthdays) : 0) +
416. count($new_pokes);
417.
418. // page length using feed stories
419. if ($orientation) {
420. $ads_page_length_data = max($ads_page_length_data, count($stories) * 5);
421. }
422. tpl_set('ads_page_length_data', $ads_page_length_data);
423.
424. $feed_stories = null;
425. if (!$orientation) { // if they're not in orientation they get other cool stuff
426. // ad_insert: the ad type to try to insert for the user
427. // (0 if we don't want to try an insert)
428. $ad_insert = get_site_variable('FEED_ADS_ENABLE_INSERTS');
429.
430. $feed_off = false;
431.
432. if (check_super($user) && $get_feeduser){
433. $feed_stories = user_get_displayable_stories($get_feeduser, 0, null, $ad_insert);
434. } else if (can_see($user, $user, 'feed')) {
435. $feed_stories = user_get_displayable_stories($user, 0, null, $ad_insert);
436. } else {
437. $feed_off = true;
438. }
439.
440. // Friend's Feed Selector - Requires dev.php constant
441. if (is_friendfeed_user($user)) {
442. $friendfeed = array();
443. $friendfeed['feeduser'] = $get_feeduser;
444. $friendfeed['feeduser_name'] = user_get_name($get_feeduser);
445. $friendfeed['friends'] = user_get_all_friends($user);
446. tpl_set('friendfeed', $friendfeed);
447. }
448.
449. $feed_stories = feed_adjust_timezone($user, $feed_stories);
450.
451. tpl_set('feed_off', $feed_off ? redirect('privacy.php?view=feeds', null, false) : false);
452. }
453. tpl_set('feed_stories', $feed_stories);
454.
455. render_template($_SERVER['PHP_ROOT'].'/html/home.phpt');
--------------------------------------
上午从TC看到FaceBook源代码遭泄漏,刚才去看TC的该页面,已经做了两点更新,下面跟大家分享一下:其一是FaceBook的Brandee Barker在评论留言中解释了一下造成此事的原因,另一件就是该文章作者Nik Cubrilovic在自己的博客上给出了预防PHP源代码泄漏的方法。
先说说第一件:FB官方给出的解释是,少数用户利用某台服务器的配置错误将源码泄漏出来,并且现在已经修复了此错误,且声明这不是安全缺口所以对用 私人数据并不会造成影响。不管是服务器配置错误或者符合超载,看来造成此事的原因是apache和mod_php将未经解释的源代码直接输出。(原文)
Some of Facebook’s source code was exposed to a small number of users due to a bug on a single server that was misconfigured and then fixed immediately. It was not a security breach and did not compromise user data in any way. The reprinting of this code violates several laws and we ask that people not distribute it further.
第二件Nik在博客上写了四条预防PHP源代码泄漏的方法:
1)使用mod_security过滤输出严防泄漏 Use mod_security to filter output and prevent leakage (例如)
1. SecFilterOutput On
2. SecFilterSelective OUTPUT "<?php" log,deny
2)不要将关键敏感代码放到根目录中 Code should live outside of the web root (例如)
1. index.php:
2.
3. <?php
4. include('../realroot/index.php');
5. ?>
3)更改默认的文件类型 Change the default file type (例如对http.conf做如下修改)
1. httpd.conf:
2.
3. DefaultType application/x-httpd-php
4)绝对禁止访问根目录 Deny all outside of the webroot (假设你的根目录是 ‘www’ ,例如)
1. http.conf: (or .htaccess)
2.
3. <directory />
4. Order Deny,Allow
5. Deny from all
6. Options None
7. AllowOverride None
8.
9. <directory /www>
10. Order Allow,Deny
11. Allow from all
12. </directory>
- FaceBook源代码泄漏(预防PHP源代码泄漏的方法)
- (预防PHP源代码泄漏的建议)
- Windows Vista的源代码泄漏!
- 预防和检测内存泄漏的方法:
- Android 监控内存泄漏的开源代码
- java内存泄漏的预防和检测
- 内存泄漏分析及预防(1)
- 内存泄漏分析及预防(2)
- 内存泄漏分析及预防(3)
- 预防classloader内存泄漏
- Win2k泄漏源代码赏析——GetProcAddress
- 使用LeakCanary源代码检测内存泄漏
- PHP的内存泄漏
- PHP内存泄漏检测方法
- Java内存泄漏的几大原因及预防检测
- 关于解决商务平台ASP程序的源代码泄漏设想与思考
- Apusic Application Server1.0中jsp源代码泄漏漏洞
- Apusic Application Server1.0中jsp源代码泄漏漏洞
- 黑客提出计算机安全十大建议
- AOI系统的性能——不仅仅是各部分之和
- 黑客提出计算机安全十大建议
- snk文件和AssemblyInfo.cs文件的作用
- 新or注入教程
- FaceBook源代码泄漏(预防PHP源代码泄漏的方法)
- (预防PHP源代码泄漏的建议)
- 试验网站#1搜索引擎优化收录情况记录(断续运行)2007-8-13
- 试验网站#3搜索引擎优化收录情况记录2007-8-13
- HashTable和ArryList的比较
- AJAX 12030错误
- 从越狱看MBA管理
- js控制表格
- 未来五年可能必备的10大网络技术