360 XSS protection script
Reprint address: http://blog.qita.in /? Posting = 275
Usage:
Require_once ('2014. php ');
- // Http://blog.qita.in
- Function customError ($ errno, $ errstr, $ errfile, $ errline)
- {
- Echo"Error number:[$ Errno], error on line $ errline in $ errfile
";
- Die ();
- }
- Set_error_handler ("customError", E_ERROR );
- $ Getfilter = "'| (and | or) \ B. +? (>|<|=| In | like) |\/\\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
- $ Postfilter = "\ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
- $ Cookiefilter = "\ B (and | or) \ B. {1, 6 }? (=|>|<|\\ Bin \ B |\\ blike \ B) |\\/ \\ *. +? \ * \/| <\ S * script \ B | \ bEXEC \ B | UNION. +? SELECT | UPDATE. +? SET | INSERT \ s + INTO. +? VALUES | (SELECT | DELETE). +? FROM | (CREATE | ALTER | DROP | TRUNCATE) \ s + (TABLE | DATABASE )";
- Function StopAttack ($ StrFiltKey, $ StrFiltValue, $ ArrFiltReq ){
- If (is_array ($ StrFiltValue ))
- {
- $ StrFiltValue = implode ($ StrFiltValue );
- }
- If (preg_match ("/". $ ArrFiltReq. "/is", $ StrFiltValue) = 1 ){
- // Slog ("
Operation IP address: ". $ _ SERVER [" REMOTE_ADDR "]."
Operation Time: ". strftime (" % Y-% m-% d % H: % M: % S ")."
Operation page: ". $ _ SERVER [" PHP_SELF "]."
Submission method: ". $ _ SERVER [" REQUEST_METHOD "]."
Parameter submitted: ". $ StrFiltKey ."
Submit data: ". $ StrFiltValue );
- Print "360 websec notice: Illegal operation! ";
- Exit ();
- }
- }
- // $ ArrPGC = array_merge ($ _ GET, $ _ POST, $ _ COOKIE );
- Foreach ($ _ GET as $ key => $ value ){
- StopAttack ($ key, $ value, $ getfilter );
- }
- Foreach ($ _ POST as $ key => $ value ){
- StopAttack ($ key, $ value, $ postfilter );
- }
- Foreach ($ _ COOKIE as $ key => $ value ){
- StopAttack ($ key, $ value, $ cookiefilter );
- }
- Function slog ($ logs)
- {
- $ Toppath = $ _ SERVER ["DOCUMENT_ROOT"]. "/log.htm ";
- $ Ts = fopen ($ toppath, "a + ");
- Fputs ($ Ts, $ logs. "\ r \ n ");
- Fclose ($ Ts );
- }
- ?>
|
