/** * 防xss过滤 * * @author rentingshuang <tingshuang@rrkd.cn> * @param type $string * @param type $low * @return boolean */ public static function cleanXss(&$string, $low = False) { if (! is_array ( $string )) { $string = trim ( $string ); $string = strip_tags ( $string ); $string = htmlspecialchars ( $string ); if ($low) { return $string; } $string = str_replace ( array ( '"', "'", "..", "../", "./", '/', "//", "<", ">" ), '', $string ); $no = '/%0[0-8bcef]/'; $string = preg_replace ( $no, '', $string ); $no = '/%1[0-9a-f]/'; $string = preg_replace ( $no, '', $string ); $no = '/[x00-x08x0Bx0Cx0E-x1Fx7F]+/S'; $string = preg_replace ( $no, '', $string ); return $string; } $keys = array_keys ( $string ); foreach ( $keys as $key ) { self::cleanXss ( $string [$key] ); } }
有什么不对的请指正。