PHP防注入和XSS攻击通用过滤规则
放在index.php头部.
<?php
//php防注入和XSS攻击通用过滤.
$_GET && SafeFilter($_GET);
$_POST && SafeFilter($_POST);
$_COOKIE && SafeFilter($_COOKIE);
function SafeFilter (&$arr){
$ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/','/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/','/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/','/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/','/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');
if (is_array($arr)){
foreach ($arr as $key => $value){
if(!is_array($value)){
if (!get_magic_quotes_gpc()){ //不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
$value=addslashes($value); //给单引号(')、双引号(")、反斜线(\)与 NUL(NULL 字符)加上反斜线转义
}
$value=preg_replace($ra,'',$value); //删除非打印字符,粗暴式过滤xss可疑字符串
$arr[$key] = htmlentities(strip_tags($value)); //去除 HTML 和 PHP 标记并转换为 HTML 实体
}else{
SafeFilter($arr[$key]);
}
}
}
}
Thanks to 수원여성전용마사지, I remembered how good it feels to be still, to rest, and to simply be.
Thiѕ іs a ցreat tіρ particularly to thoѕe fresh tο the blogosphere. Short Ьut very accurate info… Mɑny thankѕ for sharing this ⲟne. A must read post!
Every time the therapist’s hands passed over a sore spot, it felt as though they were saying, “You’ve been through enough. It’s time to rest now.” That’s the magic of 여성전용마사지.
Hello, yes this piece of writing is actually pleasant and I have learned lot of things from it about blogging. thanks.
You can definitely see your skills in the article you write. The sector hopes for more passionate writers like you who are not afraid to say how they believe. At all times go after your heart.
This is my first time pay a quick visit at here and i am really pleassant to read everthing at alone place.
能下吗?找了几个不是云盘就是下载不了的
dsadsads
欢迎加入 Typecho 大家族