码迷,mamicode.com
首页 > Web开发 > 详细

Yii-CHtmlPurifier- 净化器的使用(yii过滤不良代码)

时间:2015-01-30 17:20:12      阅读:216      评论:0      收藏:0      [点我收藏+]

标签:

1. 在控制器中使用:

public function actionCreate()  
{  
    $model=new News;  
      
    $purifier = new CHtmlPurifier();  
    $purifier->options = array(  
        ‘URI.AllowedSchemes‘=>array(  
                            ‘http‘ => true,  
                           ‘https‘ => true,  
        ),  
              ‘HTML.Allowed‘=>‘div‘,  
    );  
  
    if(isset($_POST[‘News‘]))  
    {     
        $model->attributes=$_POST[‘News‘];  
        $model->attributes[‘content‘] = $purifier->purify($model->attributes[‘content‘]);  
        if($model->save())  
            $this->redirect(array(‘view‘,‘id‘=>$model->id));  
    }  
}  

  

2. 在模型中的使用:

protected function beforeSave()  
{  
    $purifier = new CHtmlPurifier();  
    $purifier->options = array(  
        ‘URI.AllowedSchemes‘=>array(  
                            ‘http‘ => true,  
                           ‘https‘ => true,  
        ),  
              ‘HTML.Allowed‘=>‘div‘,  
    );  
  
    if(parent::beforeSave()){  
        if($this->isNewRecord){  
            $this->create_data = date(‘y-m-d H:m:s‘);  
            $this->content = $purifier->purify($this->content);  
        }  
        return true;  
    }else{  
        return false;  
    }  
}  

  

3. 在过滤器中的使用:

public function filters()  
{  
    return array(  
        ‘accessControl‘, // perform access control for CRUD operations  
        ‘postOnly + delete‘, // we only allow deletion via POST request  
        ‘purifier + create‘, //载入插入页面时进行些过滤操作  
    );  
}  
  
public function filterPurifier($filterChain){  
    $purifier = new CHtmlPurifier();  
    $purifier->options = array(  
        ‘URI.AllowedSchemes‘=>array(  
                            ‘http‘ => true,  
                           ‘https‘ => true,  
        ),  
              ‘HTML.Allowed‘=>‘div‘,  
    );  
    if(isset($_POST[‘news‘]){  
        $_POST[‘news‘][‘content‘] = $purify($_POST[‘news‘][‘content‘]);  
    }  
        $filterChain->run();  
}  

  

4. 在视图中的使用:

<?php $this->beginWidget(‘CHtmlPurifier‘); ?>    
...display user-entered content here...    
<?php $this->endWidget(); ?>  

  

 

Yii-CHtmlPurifier- 净化器的使用(yii过滤不良代码)

标签:

原文地址:http://www.cnblogs.com/freespider/p/4262462.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!