• php防注入和XSS攻击通用过滤

    public function SafeFilter($arr){
        $ra=Array('/([x00-x08,x0b-x0c,x0e-x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/','/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/','/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/','/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/','/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');
        if (is_array($arr)){
            foreach ($arr as $key => $value){
                if (!is_array($value)){
                    //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
                    if (!get_magic_quotes_gpc()){
                        $value = addslashes($value);  //给单引号(')、双引号(")、反斜线()与 NUL(NULL 字符)加上反斜线转义
                    }
                    $value = preg_replace($ra,'',$value); //删除非打印字符,粗暴式过滤xss可疑字符串

                    $arr[$key] = htmlentities(strip_tags($value)); //去除 HTML 和 PHP 标记并转换为 HTML 实体
                }else{
                    SafeFilter($arr[$key]);
                }
            }
        }
    }
  • 相关阅读:
    gps示例代码
    UART 串口示例代码
    Linux soft lockup 和 hard lockup
    Linux嵌入式kgdb调试环境搭建
    Linux嵌入式GDB调试环境搭建
    Linux-workqueue讲解
    USB之hub3
    USB之设备插入波形变化2
    我运营公众号这一个月
    从12306帐号泄漏谈用户密码安全
  • 原文地址:https://www.cnblogs.com/luqiang213917/p/11758290.html
Copyright © 2020-2023  润新知