public function filter ($data){
$xss=[
'/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/',
'/script/',
'/javascript/',
'/vbscript/',
'/expression/',
'/applet/',
'/meta/',
'/xml/',
'/blink/',
'/link/',
'/style/',
'/embed/',
'/object/',
'/frame/',
'/layer/',
'/title/',
'/bgsound/',
'/base/',
'/onload/',
'/onunload/',
'/onchange/',
'/onsubmit/',
'/onreset/',
'/onselect/',
'/onblur/',
'/onfocus/',
'/onabort/',
'/onkeydown/',
'/onkeypress/',
'/onkeyup/',
'/onclick/',
'/ondblclick/',
'/onmousedown/',
'/onmousemove/',
'/onmouseout/',
'/onmouseover/',
'/onmouseup/',
'/onunload/'
];
if (is_array($data)){
foreach ($data as $key => &$value){
if (!is_array($value)){
//不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
//给单引号(')、双引号(")、反斜线(\)与NUL(NULL字符)加上反斜线转义
$value = addslashes($value);
//删除非打印字符,粗暴式过滤xss可疑字符串
$value = preg_replace($xss,'',$value);
//去除 HTML 和 PHP 标记并转换为HTML实体
$value = htmlentities(strip_tags($value));
} else {
filter ($data[$key]);
}
}
}
return $data;
}
XSS SQL攻击过滤
最新推荐文章于 2020-12-21 13:25:50 发布