码迷,mamicode.com
首页 > Web开发 > 详细

PHP几个工具函数

时间:2017-11-21 15:50:21      阅读:226      评论:0      收藏:0      [点我收藏+]

标签:工具   scroll   move   ons   func   sel   focus   cap   xss   

移除XSS攻击脚本

function RemoveXSS($val) {
        // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
        // this prevents some character re-spacing such as <java\0script>
        // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
        $val = preg_replace(/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/, ‘‘, $val);
        // straight replacements, the user should never need these since they‘re normal characters
        // this prevents like <IMG SRC=@avascript:alert(‘XSS‘)>
        $search = abcdefghijklmnopqrstuvwxyz;
        $search .= ABCDEFGHIJKLMNOPQRSTUVWXYZ;
        $search .= 1234567890!@#$%^&*();
        $search .= ~`";:?+/={}[]-_|\‘\\;
        for ($i = 0; $i < strlen($search); $i++) {
            // ;? matches the ;, which is optional
            // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
            
            // @ @ search for the hex values
            $val = preg_replace(/(&#[xX]0{0,8}.dechex(ord($search[$i])).;?)/i, $search[$i], $val); // with a ;
            // @ @ 0{0,7} matches ‘0‘ zero to seven times
            $val = preg_replace(/(&#0{0,8}.ord($search[$i]).;?)/, $search[$i], $val); // with a ;
        }
        
        // now the only remaining whitespace attacks are \t, \n, and \r
        $ra1 = array(javascript, vbscript, expression, applet, meta, xml, blink, link, style, script, embed, object, iframe, frame, frameset, ilayer, layer, bgsound, title, base);
        $ra2 = array(onabort, onactivate, onafterprint, onafterupdate, onbeforeactivate, onbeforecopy, onbeforecut, onbeforedeactivate, onbeforeeditfocus, onbeforepaste, onbeforeprint, onbeforeunload, onbeforeupdate, onblur, onbounce, oncellchange, onchange, onclick, oncontextmenu, oncontrolselect, oncopy, oncut, ondataavailable, ondatasetchanged, ondatasetcomplete, ondblclick, ondeactivate, ondrag, ondragend, ondragenter, ondragleave, ondragover, ondragstart, ondrop, onerror, onerrorupdate, onfilterchange, onfinish, onfocus, onfocusin, onfocusout, onhelp, onkeydown, onkeypress, onkeyup, onlayoutcomplete, onload, onlosecapture, onmousedown, onmouseenter, onmouseleave, onmousemove, onmouseout, onmouseover, onmouseup, onmousewheel, onmove, onmoveend, onmovestart, onpaste, onpropertychange, onreadystatechange, onreset, onresize, onresizeend, onresizestart, onrowenter, onrowexit, onrowsdelete, onrowsinserted, onscroll, onselect, onselectionchange, onselectstart, onstart, onstop, onsubmit, onunload);
        $ra = array_merge($ra1, $ra2);
        
        $found = true; // keep replacing as long as the previous round replaced something
        while ($found == true) {
            $val_before = $val;
            for ($i = 0; $i < sizeof($ra); $i++) {
                $pattern = /;
                for ($j = 0; $j < strlen($ra[$i]); $j++) {
                    if ($j > 0) {
                        $pattern .= (;
                        $pattern .= (&#[xX]0{0,8}([9ab]););
                        $pattern .= |;
                        $pattern .= |(&#0{0,8}([9|10|13]););
                        $pattern .= )*;
                    }
                    $pattern .= $ra[$i][$j];
                }
                $pattern .= /i;
                $replacement = substr($ra[$i], 0, 2).<x>.substr($ra[$i], 2); // add in <> to nerf the tag
                $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
                if ($val_before == $val) {
                    // no replacements were made, so exit the loop
                    $found = false;
                }
            }
        }
        return $val;
    }

GBK转UTF8

function GBKtoUTF8($str)
{
    if(is_array($str))
    {
        foreach ($str as &$value) 
        {
            $value = GBKtoUTF8($value);
        }
        return $str;            
    }elseif(is_string($str)){   
        $str = iconv("GB18030", "UTF-8//IGNORE", $str);
        return $str;
    }else{
        return $str;
    }
}

UTF8转GBK

function UTF8toGBK(&$str)
{
    if(is_array($str))
    {
        foreach ($str as &$value) 
        {
            $value = UTF8toGBK($value);
        }
        return $str;            
    }elseif (is_string($str)){   
        $str = iconv("UTF-8", "GB18030//IGNORE", $str);
        return $str;
    }else{
        return $str;
    }
}

 

PHP几个工具函数

标签:工具   scroll   move   ons   func   sel   focus   cap   xss   

原文地址:http://www.cnblogs.com/isuben/p/7873255.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!