|
本篇文章是对PHP安全检测代码的片段进行了详细的分析介绍,需要的朋友参考下
复制代码 代码如下: /** * html转换输出(只转义' " 保留Html正常运行) * @param $param * @return string */ function htmlEscape($param) { return trim(htmlspecialchars($param, ENT_QUOTES)); }
/** * 是否数组(同时检测数组中是否存在值) * @param $params * @return boolean */ function isArray($params) { return (!is_array($params) || !count($params)) ? false : true; }
/** * 变量是否在数组中存在(参数容错, 字符串是否存在于数组中) * @param $param * @param $params * @return boolean */ function inArray($param, $params) { return (!in_array((string)$param, (array)$params)) ? false : true; }
/** * 通用多类型混合转义函数 * @param $var * @param $strip * @param $isArray * @return mixture */ function sqlEscape($var, $strip = true, $isArray = false) { if (is_array($var)) { if (!$isArray) return " '' "; foreach ($var as $key => $value) { $var[$key] = trim(S::sqlEscape($value, $strip)); } return $var; } elseif (is_numeric($var)) { return " '" . $var . "' "; } else { return " '" . addslashes($strip ? stripslashes($var) : $var) . "' "; } }
/** * 获取服务器变量 * @param $keys * @return string */ function getServer($keys) { $server = array(); $array = (array) $keys; foreach ($array as $key) { $server[$key] = NULL; if (isset($_SERVER[$key])) { $server[$key] = str_replace(array('<','>','"',"'",'%3C','%3E','%22','%27','%3c','%3e'), '', $_SERVER[$key]); } } return is_array($keys) ? $server : $server[$keys]; }
/** * 变量转义 * @param $array */ function slashes(&$array) { if (is_array($array)) { foreach ($array as $key => $value) { if (is_array($value)) { S::slashes($array[$key]); } else { $array[$key] = addslashes($value); } } } }
/** * 目录转换 * @param unknown_type $dir * @return string */ function escapeDir($dir) { $dir = str_replace(array("'",'#','=','`','$','%','&',';'), '', $dir); return rtrim(preg_replace('/(\/){2,}|(\\\){1,}/', '/', $dir), '/'); } /** * 通用多类型转换 * @param $mixed * @param $isint * @param $istrim * @return mixture */ function escapeChar($mixed, $isint = false, $istrim = false) { if (is_array($mixed)) { foreach ($mixed as $key => $value) { $mixed[$key] = S::escapeChar($value, $isint, $istrim); } } elseif ($isint) { $mixed = (int) $mixed; } elseif (!is_numeric($mixed) && ($istrim ? $mixed = trim($mixed) : $mixed) && $mixed) { $mixed = S::escapeStr($mixed); } return $mixed; } /** * 字符转换 * @param $string * @return string */ function escapeStr($string) { $string = str_replace(array("\0","%00","\r"), '', $string); //modified@2010-7-5 $string = preg_replace(array('/[\\x00-\\x08\\x0B\\x0C\\x0E-\\x1F]/','/&(?!(#[0-9]+|[a-z]+);)/is'), array('', '&'), $string); $string = str_replace(array("%3C",'<'), '<', $string); $string = str_replace(array("%3E",'>'), '>', $string); $string = str_replace(array('"',"'","\t",' '), array('"',''',' ',' '), $string); return $string; } /** * 变量检查 * @param $var */ function checkVar(&$var) { if (is_array($var)) { foreach ($var as $key => $value) { S::checkVar($var[$key]); } } elseif (P_W != 'admincp') { $var = str_replace(array('..',')','<','='), array('..',')','<','='), $var); } elseif (str_replace(array('<iframe','<meta','<script'), '', $var) != $var) { global $basename; $basename = 'javascript:history.go(-1);'; adminmsg('word_error'); } }
|
|