PHP Filters all malicious characters

Source: Internet
Author: User
Tags foreach cas chr keywords list join keyword list strlen trim

  recently DEDECMS reported vulnerabilities, here to share the filter function of PHP, Daniel floated over bar, to the small black wide to learn exchange with

Function code:   Code as follows://php bulk filter Post,get sensitive data   if (GET_MAGIC_QUOTES_GPC ()) {  $_get = Stripslashes_array ($_get); &n Bsp $_post = Stripslashes_array ($_post); }  function Stripslashes_array (& $array) {  while ($key, $ var) = each ($array)) {  if ($key!= ' argc ' && $key!= ' argv ' && (Strtoupper ($key)!= $key | | '. Intval ($key) = = "$key") {  if (is_string ($var)) {  $array [$key] = stripslashes ($var); }  if (is_a Rray ($var)) {  $array [$key] = Stripslashes_array ($var); } } }  return $array; } / /filter   function HTMLEncode ($STR) {  if (empty ($STR)) return;  if ($str = "") return $str;  $str =trim ($ STR);  $str =str_replace ("&", "&", $str);  $str =str_replace (">", ">", $str);  $str =str_ Replace ("<", "<", $str);  $str =str_replace (CHR), "", $str);  $str =str_replace (Chr (9), "", $str);   $STR =str_replace (Chr (9), "", $str);  $str =str_replaCE (CHR), "&", $str);  $str =str_replace (Chr (), "'", $str);  $str =str_replace (CHR),  , $STR );  $str =str_replace ("'", "" ", $str);  $str =str_replace (" Select "," select ", $str);  $str =str_replace ( "Script", "script", $str);  $str =str_replace ("script", "script", $str);  $str =str_replace ("Join", "join", $ STR);  $str =str_replace ("union", "union", $str);  $str =str_replace ("where", "where", $str);  $str =str_ Replace ("Insert", "Insert", $str);  $str =str_replace ("delete", "delete", $str);  $str =str_replace ("Update" , "Update", $STR);  $str =str_replace ("like", "like", $str);  $str =str_replace ("Drop", "drop", $STR);  $ Str=str_replace ("Create", "create", $str);  $str =str_replace ("Modify", "Modify", $str);  $str =str_replace ( "Rename", "Rename", $str);  $str =str_replace ("Alter", "Alter", $STR);  $str =str_replace ("Cast", "CAS", $STR) ;  return $str; } /decoder   function HtmlDecode ($STR) {  if (empty ($STR)) return;  if ($str = = "") return $str;  $str =str_replace ("Select", "select", $str);  $str =str_replace ("Join", " Join ", $STR);  $str =str_replace (" union "," union ", $str);  $str =str_replace (" where "," where ", $str);  $ Str=str_replace ("Insert", "Insert", $str);  $str =str_replace ("delete", "delete", $str);  $str =str_replace ( "Update", "Update", $STR);  $str =str_replace ("like", "like", $str);  $str =str_replace ("Drop", "drop", $str);   $STR =str_replace ("Create", "create", $str);  $str =str_replace ("Modify", "Modify", $str);  $str =str_ Replace ("rename", "Rename", $str);  $str =str_replace ("Alter", "Alter", $STR);  $str =str_replace ("cas", " Cast ", $str);  $str =str_replace (" & "," & ", $str);  $str =str_replace (" > "," > ", $str);  $str =str_replace ("<", "<", $str);  $str =str_replace ("", Chr (), $str);  $str =str_replace ("", Chr (9), $STR );  $str =str_replace ("", Chr (9), $str);  $str =str_replace ("&", Chr (), $str);  $str =str_replace ("'", Chr (), $str);  $str =str_replace (" ", Chr (), $str);  $str =str_replace ("" "," ", $str) ;  return $str; } /function: String_filter ($string, $match _type=1)  //function: Filter illegal content  //parameter: //$s Tring need to check the string  //$match _type match type, 1 for exact match, 2 for fuzzy match, default for 1 // //return: Illegal content return true, no illegal content return false // Other: illegal keyword list saved in txt file, divided into common illegal keywords and serious illegal keywords two list  //author:heiyeluren //Time:2006-1-18 // //============ ==========================================================  function Lib_lawless_string_filter ($string, $ match_type=1)   { //String null directly returns illegal   $string = Trim ($string);  if (empty ($string))   {  return false; } //Get an important list of keywords and a list of common keywords   $common _file = "Common_list.txt"; Universal Filter Keyword list   $signify _file = "Signify_list.txt"; Important Filter Keywords list  //If no list file exists direct return false, otherwise read two file list to two array   if (!file_exists ($common _file) | |!file_exists ($ signify_file))   {  return false; }&nbsP $common _list = file ($common _file);  $signify _list = file ($signify _file); //Exact match   if ($match _type = 1) & nbsp {  $is _lawless = Exact_match ($string, $common _list); } //Fuzzy matching   if ($match _type = = 2)   {  $ is_lawless = Blur_match ($string, $common _list, $signify _list); } //Determine whether there is data in the array of retrieved results, and if so, prove to be illegal   if (is_ Array ($is _lawless) &&!empty ($is _lawless))   {  return true; }  else {  return false;& nbsp } } //--------------------- //exact match for filtration service  //---------------------  function Exact_match ( $string, $common _list)   {  $string = Trim ($string);  $string = Lib_replace_end_tag ($string); // Retrieves the generic filter keyword list   foreach ($common _list as $block)   {  $block = Trim ($block);  if (Preg_match ("/^ $string $ /i ", $block))   {  $blist [] = $block; } } //Judge There is no filtered content in the array   if (!empty ($blist))   {&NB Sp Return Array_unique ($blist); &nBsp }  return false; } //---------------------- //fuzzy matching, for filtering services  //----------------------  function Blur_match ($string, $common _list, $signify _list)   {  $string = Trim ($string);  $s _len = strlen ($ String);  $string = Lib_replace_end_tag ($string); //Retrieving Generic filter keywords list   foreach ($common _list as $block)   {  $block = Trim ($block);  if (Preg_match ("/^ $string $/i", $block))   {  $blist [] = $block; &nbsp ; } } //Retrieving Critical filter keywords list   foreach ($signify _list as $block)   {  $block = Trim ($block);  if ($s _le N>=strlen ($block) && preg_match ("/$block/I", $string))   {  $blist [] = $block; } }  //Judge if there is no filtered content in the array   if (!empty ($blist))   {  return Array_unique ($blist); }  return false;  } //-------------------------- //replace HTML tail tag, for filter services  //--------------------------  function Lib_replace_end_tag ($str)   {  if (empty($STR)) return false;  $str = Htmlspecialchars ($str);  $str = Str_replace ('/', "", $str);  $str = Str_replace ("", "", $str);  $str = Str_replace (">", "", $str);  $str = Str_replace ("<", "", $str);  $str = Str_replac E ("", "", $str);  $str = Str_replace ("", "", $str);  $str =str_replace ("Select", "select", $str);  $str =str _replace ("Join", "join", $str);  $str =str_replace ("union", "union", $str);  $str =str_replace ("where", " where ", $str);  $str =str_replace (" Insert "," Insert ", $str);  $str =str_replace (" delete "," delete ", $str);   $STR =str_replace ("Update", "Update", $STR);  $str =str_replace ("like", "like", $str);  $str =str_ Replace ("Drop", "drop", $str);  $str =str_replace ("Create", "create", $str);  $str =str_replace ("Modify", " Modify ", $str);  $str =str_replace (" rename "," Rename ", $str);  $str =str_replace (" Alter "," Alter ", $STR);   $STR =str_replace ("cas", "cast", $str);  $str =str_replace ("&", "&", $stR);  $str =str_replace (">", ">", $str);  $str =str_replace ("<", "<", $str);  $str =str_ Replace ("", Chr (), $str);  $str =str_replace ("", Chr (9), $str);  $str =str_replace ("", Chr (9), $STR);  $ Str=str_replace ("&", Chr, $str);  $str =str_replace ("'", Chr (), $str);  $str =str_replace (" " , Chr (), $str);  $str =str_replace ("" "," ", $str);  $str =str_replace (" CSS "," ' ", $str);  $str =str_ Replace ("CSS", "'", $str);  return $str; //html tag, which can be used as an extended filter  /*  $tags = Array ("/html", "/head", "/ Body ","/div ","/span ","/doctype ","/title ","/link ","/meta ","/style ","/P ","/h1, ","/h2, ","/h3, ","/h4, "", ""/h5, "", "" H6 ","/strong ","/em ","/abbr ","/acronym ","/address ","/bdo ","/blockquote ","/cite "," Q ","/code ","/ins ","/del "," D FN ","/KBD ","/pre ","/samp ","/var ","/br ","/A ","/img ","/area ","/map ","/object ","/param ","/ul ","/ol ","/li ","/DL " ","/dt ","/dd ","/table ","/tr ","/td ","/th ","/tbody ","/thead "," tFoot ","/col ","/colgroup ","/caption ","/form ","/input ","/textarea ","/select ","/option ","/optgroup ","/button "," l Abel ","/fieldset ","/legend ","/script ","/noscript ","/b "," I ","/tt ","/sub ","/sup ","/big ","/small ","/hr ");  */}     Code:   Reference is directly like this:   code is as follows: $xxx = htmlspecialchars ($_post[' xxx '));   or code as follows: $xxx = htmlspecialchars ($_get[' xxx '));

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.