PHP利用str_replace防注入的方法


Posted in PHP onNovember 10, 2013

PHP各种过滤字符函数

   <?php
    /**
    * 安全过滤函数
    *
    * @param $string
    * @return string
    */
    function safe_replace($string) {
    $string = str_replace('%20','',$string);
    $string = str_replace('%27','',$string);
    $string = str_replace('%2527','',$string);
    $string = str_replace('*','',$string);
    $string = str_replace('"','"',$string);
    $string = str_replace("'",'',$string);
    $string = str_replace('"','',$string);
    $string = str_replace(';','',$string);
    $string = str_replace('<','<',$string);
    $string = str_replace('>','>',$string);
    $string = str_replace("{",'',$string);
    $string = str_replace('}','',$string);
    $string = str_replace('','',$string);
    return $string;
    }
    ?>

    <?php
    /**
    * 返回经addslashes处理过的字符串或数组
    * @param $string 需要处理的字符串或数组
    * @return mixed
    */
    function new_addslashes($string) {
    if(!is_array($string)) return addslashes($string);
    foreach($string as $key => $val) $string[$key] = new_addslashes($val);
    return $string;
    }
    ?>

    <?php
    //对请求的字符串进行安全处理
    /*
    $safestep
    0 为不处理,
    1 为禁止不安全HTML内容(javascript等),
    2 完全禁止HTML内容,并替换部份不安全字符串(如:eval(、union、CONCAT(、--、等)
    */
    function StringSafe($str, $safestep=-1){
    $safestep = ($safestep > -1) ? $safestep : 1;
    if($safestep == 1){
    $str = preg_replace("#script:#i", "script:", $str);
    $str = preg_replace("#<[/]{0,1}(link|meta|ifr|fra|scr)[^>]*>#isU", '', $str);
    $str = preg_replace("#[ ]{1,}#", ' ', $str);
    return $str;
    }else if($safestep == 2){
    $str = addslashes(htmlspecialchars(stripslashes($str)));
    $str = preg_replace("#eval#i", 'eval', $str);
    $str = preg_replace("#union#i", 'union', $str);
    $str = preg_replace("#concat#i", 'concat', $str);
    $str = preg_replace("#--#", '--', $str);
    $str = preg_replace("#[ ]{1,}#", ' ', $str);
    return $str;
    }else{
    return $str;
    }
    }
    ?>

    <?php
       /**
        +----------------------------------------------------------
        * 输出安全的html,用于过滤危险代码
        +----------------------------------------------------------
        * @access public
        +----------------------------------------------------------
        * @param string $text 要处理的字符串
        * @param mixed $tags 允许的标签列表,如 table|td|th|td
        +----------------------------------------------------------
        * @return string
        +----------------------------------------------------------
        */
       static public function safeHtml($text, $tags = null)
       {
           $text =  trim($text);
           //完全过滤注释
           $text = preg_replace('/<!--?.*-->/','',$text);
           //完全过滤动态代码
           $text =  preg_replace('/<?|?'.'>/','',$text);
           //完全过滤js
           $text = preg_replace('/<script?.*/script>/','',$text);
           $text =  str_replace('[','[',$text);
           $text = str_replace(']',']',$text);
           $text =  str_replace('|','|',$text);
           //过滤换行符
           $text = preg_replace('/ ? /','',$text);
           //br
           $text =  preg_replace('/<br(s/)?'.'>/i','[br]',$text);
           $text = preg_replace('/([br]s*){10,}/i','[br]',$text);
           //过滤危险的属性,如:过滤on事件lang js
           while(preg_match('/(<[^><]+)(lang|on|action|background|codebase|dynsrc|lowsrc)[^><]+/i',$text,$mat)){
               $text=str_replace($mat[0],$mat[1],$text);
           }
           while(preg_match('/(<[^><]+)(window.|javascript:|js:|about:|file:|document.|vbs:|cookie)([^><]*)/i',$text,$mat)){
               $text=str_replace($mat[0],$mat[1].$mat[3],$text);
           }
           if( empty($allowTags) ) { $allowTags = self::$htmlTags['allow']; }
           //允许的HTML标签
           $text =  preg_replace('/<('.$allowTags.')( [^><[]]*)>/i','[12]',$text);
           //过滤多余html
           if ( empty($banTag) ) { $banTag = self::$htmlTags['ban']; }
           $text =  preg_replace('/</?('.$banTag.')[^><]*>/i','',$text);
           //过滤合法的html标签
           while(preg_match('/<([a-z]+)[^><[]]*>[^><]*</1>/i',$text,$mat)){
               $text=str_replace($mat[0],str_replace('>',']',str_replace('<','[',$mat[0])),$text);
           }
           //转换引号
           while(preg_match('/([[^[]]*=s*)("|')([^2=[]]+)2([^[]]*])/i',$text,$mat)){
               $text=str_replace($mat[0],$mat[1].'|'.$mat[3].'|'.$mat[4],$text);
           }
           //空属性转换
           $text =  str_replace('''','||',$text);
           $text = str_replace('""','||',$text);
           //过滤错误的单个引号
           while(preg_match('/[[^[]]*("|')[^[]]*]/i',$text,$mat)){
               $text=str_replace($mat[0],str_replace($mat[1],'',$mat[0]),$text);
           }
           //转换其它所有不合法的 < >
           $text =  str_replace('<','<',$text);
           $text = str_replace('>','>',$text);
           $text = str_replace('"','"',$text);
           //反转换
           $text =  str_replace('[','<',$text);
           $text =  str_replace(']','>',$text);
           $text =  str_replace('|','"',$text);
           //过滤多余空格
           $text =  str_replace('  ',' ',$text);
           return $text;
       }
    ?>

    <?php
    function RemoveXSS($val) { 
       // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed 
       // this prevents some character re-spacing such as <javascript> 
       // note that you have to handle splits with , , and later since they *are* allowed in some          // inputs 
       $val = preg_replace('/([x00-x08,x0b-x0c,x0e-x19])/', '', $val); 
       // straight replacements, the user should never need these since they're normal characters 
       // this prevents like <IMG SRC=@avascript:alert('XSS')> 
       $search = 'abcdefghijklmnopqrstuvwxyz'; 
       $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; 
       $search .= '1234567890!@#$%^&*()'; 
       $search .= '~`";:?+/={}[]-_|''; 
       for ($i = 0; $i < strlen($search); $i++) { 
           // ;? matches the ;, which is optional 
           // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars 
           // @ @ search for the hex values 
           $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val);//with a ; 
           // @ @ 0{0,7} matches '0' zero to seven times 
           $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; 
       } 
       // now the only remaining whitespace attacks are , , and  
       $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); 
       $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); 
       $ra = array_merge($ra1, $ra2); 
       $found = true; // keep replacing as long as the previous round replaced something 
       while ($found == true) { 
           $val_before = $val; 
           for ($i = 0; $i < sizeof($ra); $i++) { 
               $pattern = '/'; 
               for ($j = 0; $j < strlen($ra[$i]); $j++) { 
                   if ($j > 0) { 
                       $pattern .= '('; 
                       $pattern .= '(&#[xX]0{0,8}([9ab]);)'; 
                       $pattern .= '|'; 
                       $pattern .= '|(�{0,8}([9|10|13]);)'; 
                       $pattern .= ')*'; 
                   } 
                   $pattern .= $ra[$i][$j]; 
               } 
               $pattern .= '/i'; 
               $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2); // add in <> to nerf the tag 
               $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags 
               if ($val_before == $val) { 
                   // no replacements were made, so exit the loop 
                   $found = false; 
               } 
           } 
       } 
       return $val; 
    }
    ?>
PHP 相关文章推荐
我的论坛源代码(十)
Oct 09 PHP
php设计模式 Delegation(委托模式)
Jun 26 PHP
Erlang的运算符(比较运算符,数值运算符,移位运算符,逻辑运算符)
Jul 23 PHP
ThinkPHP中的三大自动简介
Aug 22 PHP
php递归实现无限分类的方法
Jul 28 PHP
php验证手机号码
Nov 11 PHP
Yii2.0表关联查询实例分析
Jul 18 PHP
微信开发之php表单微信中自动提交两次问题解决办法
Jan 08 PHP
wordpress网站转移到本地运行测试的方法
Mar 15 PHP
thinkphp 验证码 的使用小结
May 07 PHP
php数据序列化测试实例详解
Aug 12 PHP
php命令行写shell实例详解
Jul 19 PHP
PHP加密扩展库Mcrypt安装和实例
Nov 10 #PHP
php中autoload的用法总结
Nov 08 #PHP
PHP用身份证号获取星座和生肖的方法
Nov 07 #PHP
php旋转图片90度的方法
Nov 07 #PHP
提高PHP编程效率的方法
Nov 07 #PHP
PHP imagegrabscreen和imagegrabwindow(截取网站缩略图)的实例代码
Nov 07 #PHP
php获取汉字首字母的函数
Nov 07 #PHP
You might like
session 的生命周期是多长
2006/10/09 PHP
php定义参数数量可变的函数用法实例
2015/03/16 PHP
浅谈php错误提示及查错方法
2015/07/14 PHP
php生成图片验证码-附五种验证码
2015/08/19 PHP
PHP创建单例后台进程的方法示例
2017/05/23 PHP
php实现生成code128条形码的方法详解
2017/07/19 PHP
PHP查找一列有序数组是否包含某值的方法
2020/02/07 PHP
静态的动态续篇之来点XML
2006/12/23 Javascript
JS画5角星方法介绍
2013/09/17 Javascript
js判断上传文件类型判断FileUpload文件类型代码
2014/05/20 Javascript
jQuery窗口、文档、网页各种高度的精确理解
2014/07/02 Javascript
轻松创建nodejs服务器(3):代码模块化
2014/12/18 NodeJs
javascript运算符语法全面概述
2016/07/14 Javascript
Vue.js每天必学之过渡与动画
2016/09/06 Javascript
Vue.js第一天学习笔记(数据的双向绑定、常用指令)
2016/12/01 Javascript
bootstrap按钮插件(Button)使用方法解析
2017/01/13 Javascript
Vue中的ref作用详解(实现DOM的联动操作)
2017/08/21 Javascript
Three.js基础学习教程
2017/11/16 Javascript
javascript面向对象程序设计实践常用知识点总结
2019/07/29 Javascript
Vue基本指令实例图文讲解
2021/02/25 Vue.js
[03:54]DOTA2英雄梦之声_第06期_昆卡
2014/06/23 DOTA
深入理解Python变量与常量
2016/06/02 Python
【Python】Python的urllib模块、urllib2模块批量进行网页下载文件
2016/11/19 Python
Python 中 Virtualenv 和 pip 的简单用法详解
2017/08/18 Python
Python脚本完成post接口测试的实例
2018/12/17 Python
基于python实现KNN分类算法
2020/04/23 Python
用python做游戏的细节详解
2019/06/25 Python
解决jupyter notebook 出现In[*]的问题
2020/04/13 Python
使用python实现CGI环境搭建过程解析
2020/04/28 Python
详解python 内存优化
2020/08/17 Python
实习期自我鉴定
2013/10/11 职场文书
行政前台岗位职责
2015/04/16 职场文书
心灵点滴观后感
2015/06/02 职场文书
小数乘法教学反思
2016/02/22 职场文书
开发一个封装iframe的vue组件
2021/03/29 Vue.js
python分分钟绘制精美地图海报
2022/02/15 Python