php的安全函数

设置安全函数,为了方便过滤客户端传输过来的信息,使得系统更加安全。
为了自己的代码写得更加优美,我们要学会学习优秀的开源系统的代码。
以下代码摘自destoon

<?php
/*
    [Destoon B2B System] Copyright (c) 2008-2014 Destoon.COM
    This is NOT a freeware, use is subject to license.txt
*/
defined('IN_DESTOON') or exit('Access Denied');//是否由定义了IN_DESTOON的页面引入
function dhtmlspecialchars($string) {
    if(is_array($string)) {
        return array_map('dhtmlspecialchars', $string);
    } else {
        if(defined('DT_ADMIN')) {
            return str_replace(array('&amp;'), array('&'), htmlspecialchars($string, ENT_QUOTES));
            //ENT_QUOTES –对单引号和双引号进行编码
        } else {
            return str_replace(array('&amp;', '&quot;', '&#34;', '"'), array('&', '', '', ''), htmlspecialchars($string, ENT_QUOTES));
        }
    }
}

function dsafe($string) {
    if(is_array($string)) {
        return array_map('dsafe', $string);
    } else {
        $string = preg_replace("/\<\!\-\-([\s\S]*?)\-\-\>/", "", $string);//过滤注释<!--str-->
        $string = preg_replace("/\/\*([\s\S]*?)\*\//", "", $string);//过滤注释/*str*/
        $string = preg_replace("/&#([a-z0-9]+)([;]*)/i", "", $string);//过滤html十进制字符
        if(preg_match("/&#([a-z0-9]+)([;]*)/i", $string)) return nl2br(strip_tags($string));//剥去html标签以及换行
        $match = array("/s[\s]*c[\s]*r[\s]*i[\s]*p[\s]*t/i","/d[\s]*a[\s]*t[\s]*a[\s]*\:/i","/b[\s]*a[\s]*s[\s]*e/i","/e[\\\]*x[\\\]*p[\\\]*r[\\\]*e[\\\]*s[\\\]*s[\\\]*i[\\\]*o[\\\]*n/i","/i[\\\]*m[\\\]*p[\\\]*o[\\\]*r[\\\]*t/i","/on([a-z]{2,})([\(|\=|\s]+)/i","/about/i","/frame/i","/link/i","/meta/i","/textarea/i","/eval/i","/alert/i","/confirm/i","/prompt/i","/cookie/i","/document/i","/newline/i","/colon/i","/<style/i","/\\\x/i");
        $replace = array("s<em></em>cript","da<em></em>ta:","ba<em></em>se","ex<em></em>pression","im<em></em>port","o<em></em>n\\1\\2","a<em></em>bout","f<em></em>rame","l<em></em>ink","me<em></em>ta","text<em></em>area","e<em></em>val","a<em></em>lert","/con<em></em>firm/i","prom<em></em>pt","coo<em></em>kie","docu<em></em>ment","new<em></em>line","co<em></em>lon","<sty1e","\<em></em>x");
        return preg_replace($match, $replace, $string);//过滤一些字符串script等
    }
}

function strip_sql($string) {//过滤sql关键词&#110对应ascii表的e(十进制是110)
    $match = array("/union/i","/where/i","/outfile/i","/dumpfile/i","/0x([a-z0-9]{2,})/i","/select([\s\S]*?)from/i","/select([\s\*\/\-\(\+@])/i","/update([\s\*\/\-\(\+@])/i","/replace([\s\*\/\-\(\+@])/i","/delete([\s\*\/\-\(\+@])/i","/drop([\s\*\/\-\(\+@])/i","/load_file[\s]*\(/i","/substring[\s]*\(/i","/substr[\s]*\(/i","/left[\s]*\(/i","/concat[\s]*\(/i","/concat_ws[\s]*\(/i","/make_set[\s]*\(/i","/ascii[\s]*\(/i","/hex[\s]*\(/i","/ord[\s]*\(/i","/char[\s]*\(/i");
    $replace = array('unio&#110;','wher&#101;','outfil&#101;','dumpfil&#101;','0&#120;\\1','selec&#116;\\1from','selec&#116;\\1','updat&#101;\\1','replac&#101;\\1','delet&#101;\\1','dro&#112;\\1','load_fil&#101;(','substrin&#103;(','subst&#114;(','lef&#116;(','conca&#116;(','concat_w&#115;(','make_se&#116;(','asci&#105;(','he&#120;(','or&#100;(','cha&#114;(');
    return is_array($string) ? array_map('strip_sql', $string) : preg_replace($match, $replace, $string);
}

function strip_uri($uri) {
    //将十六进制转成中文
    if(strpos($uri, '%') !== false) {
        while($uri != urldecode($uri)) {
            $uri = urldecode($uri);
        }
    }
    //过滤url中<  '  " 0x
    if(strpos($uri, '<') !== false || strpos($uri, "'") !== false || strpos($uri, '"') !== false || strpos($uri, '0x') !== false) {
        dhttp(403, 0);//跳转
        dalert('HTTP 403 Forbidden', DT_PATH);
    }
}

function strip_kw($kw) {
    $kw = htmlspecialchars(trim(urldecode($kw)));//把预定义字符转换为html实体,即把标签等原样输出
    if($kw) {
        if(strpos($kw, '%') !== false) return '';
        $kw = str_replace("'", '', $kw);//过滤单引号
    }
    return $kw;
}

function strip_key($array, $deep = 0) {
    foreach($array as $k=>$v) {
        if($deep && !preg_match("/^[a-z0-9_\-]{1,}$/i", $k)) {
            dhttp(403, 0);
            dalert('HTTP 403 Forbidden', DT_PATH);
        }
        if(is_array($v)) strip_key($v, 1);//递归
    }
}

function strip_str($string, $level = 0) {
    return str_replace(array('\\','"', "'"), array('', '', ''), $string);//过滤 ' "  \
}
?>
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

kitt15

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值