zoukankan      html  css  js  c++  java

  • php防注入和XSS攻击通用过滤.

    public $datas = null;
    protected function gv($name = '') {

    if ($this->datas === null) {
    $postStr = file_get_contents("php://input");
    $data = json_decode($postStr, true);
    $this->SafeFilter($data['content']);
    if (isset($data['content'])) {
    $this->datas = $data['content'];
    } else {
    $this->datas = array();
    }
    }
    if (!empty($name)) {
    if (!empty($this->datas[$name]) || $this->datas[$name] != null) {
    return $this->datas[$name];
    } else {
    return '';
    }
    } else {
    return $this->datas;
    }
    }
    //php防注入和XSS攻击过滤.
    function SafeFilter(&$arr) {

    $ra = Array('/([x00-x08,x0b-x0c,x0e-x19])/', '/script/', '/javascript/', '/vbscript/', '/expression/', '/applet/', '/meta/', '/xml/', '/blink/', '/link/', '/style/', '/embed/', '/object/',
    '/frame/', '/layer/', '/title/', '/bgsound/', '/base/', '/onload/', '/onunload/', '/onchange/', '/onsubmit/', '/onreset/', '/onselect/', '/onblur/', '/onfocus/', '/onabort/',
    '/onkeydown/', '/onkeypress/', '/onkeyup/', '/onclick/', '/ondblclick/', '/onmousedown/', '/onmousemove/', '/onmouseout/', '/onmouseover/', '/onmouseup/', '/onunload/');

    if (is_array($arr)) {
    foreach ($arr as $key => $value) {
    if (!is_array($value)) {
    if (!get_magic_quotes_gpc()) { //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
    $value = addslashes($value); //给单引号(')、双引号(")、反斜线()与 NUL(NULL 字符)加上反斜线转义
    }
    $value = preg_replace($ra, '', $value); //删除非打印字符,粗暴式过滤xss可疑字符串
    $arr[$key] = htmlentities(strip_tags($value)); //去除 HTML 和 PHP 标记并转换为 HTML 实体
    } else {
    $this->SafeFilter($arr[$key]);
    }
    }
    }
    }
  • 相关阅读:
    部分页面开启宽屏模式
    门户diy实现翻页功能的方法
    git命令详解,从入门到装逼
    array方法常用记载
    vue 生命周期的理解(created && mouted的区别)
    微信小程序传值的几种方式
    data-*
    本地存储和会话存储以及cookie的处理
    vue的安装和项目构建
    进击的UI----------动画
  • 原文地址:https://www.cnblogs.com/mike1314/p/7244566.html
Copyright © 2011-2022 走看看