edit_note帖子
1,551
stars积分
20,071
event加入
2011-05-19
怀旧国机
php防御XSS攻击
schedule发表于 2013-04-17 17:47:00
visibility查看 672
chat_bubble回复 2
#1 楼主
uchome得到:
1. if($$$$_SERVER[‘REQUEST_URI‘]) {
2. $$$$temp = urldecode($$$$_SERVER[‘REQUEST_URI‘]);
3. if(strexists($$$$temp, ‘<‘) || strexists($$$$temp, ‘“‘)) {
4. $$$$_GET = shtmlspecialchars($$$$_GET);//XSS
5. }
6. }
1. //取消HTML代码
2. function shtmlspecialchars($$$$string) {
3. if(is_array($$$$string)) {
4. foreach($$$$string as $$$$key =>$$$$val) {
5. $$$$string[$$$$key] = shtmlspecialchars($$$$val);
6. }
7. } else {
8. $$$$string = preg_replace(‘/&((#(d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/‘, ‘&\1‘,
9. str_replace(array(‘&‘, ‘“‘, ‘<‘, ‘>‘), array(‘&‘, ‘“‘, ‘<‘, ‘>‘), $$$$string));
10. }
11. return $$$$string;
12. }
1. if($$$$_SERVER[‘REQUEST_URI‘]) {
2. $$$$temp = urldecode($$$$_SERVER[‘REQUEST_URI‘]);
3. if(strexists($$$$temp, ‘<‘) || strexists($$$$temp, ‘“‘)) {
4. $$$$_GET = shtmlspecialchars($$$$_GET);//XSS
5. }
6. }
1. //取消HTML代码
2. function shtmlspecialchars($$$$string) {
3. if(is_array($$$$string)) {
4. foreach($$$$string as $$$$key =>$$$$val) {
5. $$$$string[$$$$key] = shtmlspecialchars($$$$val);
6. }
7. } else {
8. $$$$string = preg_replace(‘/&((#(d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/‘, ‘&\1‘,
9. str_replace(array(‘&‘, ‘“‘, ‘<‘, ‘>‘), array(‘&‘, ‘“‘, ‘<‘, ‘>‘), $$$$string));
10. }
11. return $$$$string;
12. }
全部回复 (2)
2013-04-17 17:53:00
沙发
<br/>钓鱼岛是中国的,苍井空才是全世界的!
2013-04-17 21:00:00
板凳
<br/>钓鱼岛是中国的,苍井空才是全世界的!
登录 后才能回复
flag举报帖子