php 基 础 - 安 全 过 滤 封 装

php基础-安全过滤封装

<?php
/**
 * $_REQUEST过滤
 * @param $str  字段名
 */
function Request($str)
{
	return isset($_REQUEST[$str]) ? SafeSql(trim($_REQUEST[$str])) : null;
}
/**
 * $_GET过滤
 *
 * @param $str 字段名        	
 */
function Get($str)
{
	return isset($_GET[$str]) ? SafeSql(trim($_GET[$str])) : null;
}
/**
 * $_POST过滤
 *
 * @param $str 字段名        	
 */
function Post($str)
{
	return isset($_POST[$str]) ? SafeSql(trim($_POST[$str])) : null;
}
/**
 * $_COOKIE过滤
 *
 * @param $str 字段名        	
 */
function Cookie($str)
{
	return isset($_COOKIE[$str]) ? SafeSql(trim($_COOKIE[$str])) : null;
}
/**
 * $_SESSION过滤
 *
 * @param $str 字段名        	
 */
function Session($str)
{
	return isset($_SESSION[$str]) ? $_SESSION[$str] : null;
}
/*
 * $_REQUEST过滤表单数组 @param $str 字段名
 */
function RequestArray($str)
{
	$arr = array();
	if (isset($_REQUEST[$str]))
	{
		foreach ($_REQUEST[$str] as $key => $value)
		{
			$arr[$key] = SafeSql(trim($value));
		}
	}
	return $arr;
}
/*
 * $_GET过滤表单数组 @param $str 字段名
 */
function GetArray($str)
{
	$arr = array();
	if (isset($_GET[$str]))
	{
		foreach ($_GET[$str] as $key => $value)
		{
			$arr[$key] = SafeSql(trim($value));
		}
	}
	return $arr;
}
/*
 * $_POST过滤表单数组 @param $str 字段名
 */
function PostArray($str)
{
	$arr = array();
	if (isset($_POST[$str]))
	{
		foreach ($_POST[$str] as $key => $value)
		{
			$arr[$key] = SafeSql(trim($value));
		}
	}
	return $arr;
}
/*
 * 整型变量GET取值
 */
function GetInt($str)
{
	return intval(Get($str));
}
/*
 * 整型变量POST取值
 */
function PostInt($str)
{
	return intval(Post($str));
}
/*
 * 整型变量REQUEST取值
 */
function RequestInt($str)
{
	return intval(Request($str));
}
/**
 * SQL安全过滤
 *
 * @param $str 待过滤内容        	
 * @param $mode 是否过滤XSS脚本        	
 */
function SafeSql($str, $mode = "1")
{
	if (! get_magic_quotes_gpc())
	{
		$str = addslashes($str);
	}
	if ($mode)
	{
		$str = RemoveXSS($str);
	}
	return $str;
}
/**
 * TEXT安全过滤输出
 */
function FormatText($str)
{
	return strip_tags($str);
}
/**
 * 过滤HTML标签
 */
function RemoveHtml($str)
{
	$str = str_replace("&nbsp;", "", $str);
	$str = strip_tags($str);
	return $str;
}
/**
 * 过滤链接
 */
function RemoveUrl($string)
{
	$string = preg_replace('/<a(.*?)href=(.*?)>(.*?)<\/a>/i', '$3', $string);
	return $string;
}
/**
 * XSS跨站脚本过滤
 */
function RemoveXSS($str)
{
	// 转义javascript:js:vbscript:vbs:
	if (strpos($str, "&#") >= 0)
	{
		// 小写部分
		$str = str_replace("&#106", "j", $str);
		$str = str_replace("&#97", "a", $str);
		$str = str_replace("&#118", "v", $str);
		$str = str_replace("&#115", "s", $str);
		$str = str_replace("&#99", "c", $str);
		$str = str_replace("&#114", "r", $str);
		$str = str_replace("&#105", "i", $str);
		$str = str_replace("&#112", "p", $str);
		$str = str_replace("&#116", "t", $str);
		$str = str_replace("&#98", "b", $str);
		// 大写部分
		$str = str_replace("&#74", "j", $str);
		$str = str_replace("&#65", "a", $str);
		$str = str_replace("&#86", "v", $str);
		$str = str_replace("&#83", "s", $str);
		$str = str_replace("&#67", "c", $str);
		$str = str_replace("&#82", "r", $str);
		$str = str_replace("&#73", "i", $str);
		$str = str_replace("&#80", "p", $str);
		$str = str_replace("&#84", "t", $str);
		$str = str_replace("&#66", "b", $str);
		$str = str_replace("&#58", ":", $str);
	}
	$str = preg_replace('/<script([\s|\S]*?)\/script([\s|\S]*?)>/i', '', $str);
	$str = preg_replace('/<iframe([\s|\S]*?)\/iframe([\s|\S]*?)>/i', '', $str);
	while (preg_match('/(<[^><]+)( lang|onabort|onactivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror|onerrorupdate|onfilterchange|onfinish|onfocus|onfocusin|onfocusout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture|onmousedown|onmouseenter|onmouseleave|onmousemove|onmouseout|onmouseover|onmouseup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|onresize|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|onsubmit|onunload|action|expression|codebase|dynsrc|lowsrc)[^><]+/i', $str, $mat))
	{
		$str = str_replace($mat[0], $mat[1], $str);
	}
	while (preg_match('/(<[^><]+)(window\.|javascript:|js:|about:|file:|document\.|vbs:|cookie)([^><]*)/i', $str, $mat))
	{
		$str = str_replace($mat[0], $mat[1] . $mat[3], $str);
	}
	return $str;
}
/**
 * HTML安全过滤输出
 */
function FormatHtml($str)
{
	$str = RemoveXSS($str);
	$str = preg_replace('/<div([\s|\S]*?)>/i', '<div>', $str);
	$str = preg_replace('/<p([\s|\S]*?)>/i', '<p>', $str);
	$str = preg_replace('/<span([\s|\S]*?)>/i', '<span>', $str);
	$str = preg_replace('/<li([\s|\S]*?)>/i', '<li>', $str);
	$str = preg_replace('/<font([\s|\S]*?)>/i', '<font>', $str);
	$str = preg_replace('/<table([\s|\S]*?)>/i', '<table>', $str);
	$str = preg_replace('/<tr([\s|\S]*?)>/i', '<tr>', $str);
	$str = preg_replace('/<th([\s|\S]*?)>/i', '<th>', $str);
	$str = preg_replace('/<td([\s|\S]*?)>/i', '<td>', $str);
	$str = preg_replace('/<ul([\s|\S]*?)>/i', '<ul>', $str);
	$str = preg_replace('/<ol([\s|\S]*?)>/i', '<ol>', $str);
	$str = preg_replace('/<dd([\s|\S]*?)>/i', '<dd>', $str);
	$str = preg_replace('/<dt([\s|\S]*?)>/i', '<dt>', $str);
	$str = preg_replace('/<a(.*?)href=(.*?)>(.*?)<\/a>/i', '$3', $str);
	return $str;
}
?>