/** * General Vulnerability Protection Patch * Function Description: Protection Xss,sql, code execution, file contains a variety of high-risk vulnerabilities * Class checkrequestserver */class checkrequestserver{/** * Filter Submissions According to the regular * @var array */protected static $FILTERURL = [' XSS ' = ' = ' \\=\\+\\/v (?: 8|9|\\+|\\/) |\\%0acontent\ \-(?: id|location|type|transfer\\-encoding) ",]; /** * Filter Submission Data regular * @var array */protected static $filterArgs = [' XSS ' = ' = ' [\ \ ' \\\ ' \\;\\*\\<\ \>].*\\bon[a-za-z]{3,15}[\\s\\r\\n\\v\\f]*\\=|\\b (?: expression) \ \ (|\\<script[\\s\\\\\\/]|\\<\\!\\[ cdata\\[|\\b (?: Eval|alert|prompt|msgbox) \\s*\\ (|url\\ (?: \ \#|data|javascript) ", ' sql ' = =" [^\\{\\s]{1} (\\s|\\b) + (?: Select\\b|update\\b|insert (?:( \\/\\*.*?\\*\\/)| (\\s) | (\\+)) +into\\b). +? (?: from\\b|set\\b) | [^\\{\\s]{1} (\\s|\\b) + (?: Create|delete|drop|truncate|rename|desc) (?:( \\/\\*.*?\\*\\/)| (\\s) | (\\+)) + (?: table\\b|from\\b|database\\b) |into (?:( \\/\\*.*?\\*\\/) |\\s|\\+) + (?:d ump|out) file\\b|\\bsleep\\ ([\\s]*[\\d]+[\\s]*\\) |benchmark\\ ([^\\,]*] \ \ ([^\\,] *)\\)|(?:d eclare|set|select) \\b.*@|union\\b.* (?: Select|all) \\b| (?: Select|update|insert|create|delete|drop|grant|truncate|rename|exec|desc|from|table|database|set|where) \\b.* (charset|ascii|bin|char|uncompress|concat|concat_ws|conv|export_set|hex|instr|left|load_file|locate|mid|sub| Substring|oct|reverse|right|unhex) \ \ (?: master\\.\\.sysdatabases|msysaccessobjects|msysqueries|sysmodules| mysql\\.db|sys\\.database_name|information_schema\\.| Sysobjects|sp_makewebtask|xp_cmdshell|sp_oamethod|sp_addextendedproc|sp_oacreate|xp_regread|sys\\.dbms_export_ extension) ", ' other ' = ' \\.\\. [\\\\\\/].*\\%00 ([^0-9a-fa-f]|$) |%0 0[\\ ' \\\ ' \ \.] "; /** * Data Filter * @param $filterData * @param $filterArgs */protected static function Filterdata ($filterDat A, $filterArgs) {foreach ($filterData as $key = + $value) {if (!is_array ($key)) { Self::filtercheck ($key, $filterArgs); } else {self::filterdata ($key, $filterArgs); } if (!is_array ($value)) {Self::filtercheck ($value, $filterArgs); } else {self::filterdata ($value, $filterArgs); }}}/** * data check * @param $str * @param $filterArgs */protected static function Filterche CK ($STR, $filterArgs) {foreach ($filterArgs as $key = $value) {if (Preg_match ("/". $value. "/is", $str) = = 1 | | Preg_match ("/". $value. "/is", UrlEncode ($str)) = = 1) {//Logging-Information interception exit (' Your submission has an illegal parameter, thank you for your cooperation '); }}}/** * Data Check entry */public static function run () {$referer = empty ($_server[' HTTP _referer '])? []: [$_server[' Http_referer ']; $queryString = Empty ($_server["query_string"])? []: [$_server["query_string"]; Self::filterdata ($queryString, Self:: $FILTERURL); Self::filterdata ($_get, Self:: $filterArgs); Self::filterdata ($_post, self:: $filtErargs); Self::filterdata ($_cookie, Self:: $filterArgs); Self::filterdata ($referer, Self:: $filterArgs); }}checkrequestserver::run ();
PHP Check Vulnerability Protection Patch-protection Xss,sql, file contains a variety of high-risk vulnerabilities