过滤掉URL传递变量中的可能存在的安全隐患

<?php

foreach ($_GET as $secvalue) {<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

    if ((eregi("<[^>]*script*/"?[^>]*>", $secvalue)) ||

    (eregi("<[^>]*object*/"?[^>]*>", $secvalue)) ||

    (eregi("<[^>]*iframe*/"?[^>]*>", $secvalue)) ||

    (eregi("<[^>]*applet*/"?[^>]*>", $secvalue)) ||

    (eregi("<[^>]*meta*/"?[^>]*>", $secvalue)) ||

    (eregi("<[^>]*style*/"?[^>]*>", $secvalue)) ||

    (eregi("<[^>]*form*/"?[^>]*>", $secvalue)) ||

    (eregi("/([^>]*/"?[^)]*/)", $secvalue)) ||

    (eregi("/"", $secvalue))) {

   die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=/"javascript:history.go(-1)/"><b>Go Back</b></a> ]");

    }

}

 

foreach ($_POST as $secvalue) {

    if ((eregi("<[^>]script*/"?[^>]*>", $secvalue)) ||   (eregi("<[^>]style*/"?[^>]*>", $secvalue))) {

        die ("<center><img src=images/logo.gif><br><br><b>The html tags you attempted to use are not allowed</b><br><br>[ <a href=/"javascript:history.go(-1)/"><b>Go Back</b></a> ]");

    }

}

?>

阅读更多
个人分类: PHP
想对作者说点什么? 我来说一句

没有更多推荐了,返回首页

关闭
关闭
关闭