Safe filter input [JB]
function Check_str ($string, $isurl = False)
{
$string = preg_replace ('/[\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]/', ', ', $string);
$string = Str_replace (Array ("", "%00", "\ R"), ", $string);
Empty ($isurl) && $string = preg_replace ("/&"?! (#[0-9]+| [a-z]+);)/si ", ' & ', $string);
$string = Str_replace (Array ("%3c", ' < '), ' < ', $string);
$string = Str_replace (Array ("%3e", ' > '), ' > ', $string);
$string = str_replace (Array (' "'," ' "," \ T ", '), Array ('" ', ', ', ', ', '), $string);
Return trim ($string);
}
/**
* Safe Filter Class-filter javascript,css,iframes,object and other unsafe parameters filter Level high
* Use in Controller: $this->controller->fliter_script ($value)
* @param string $value The value to be filtered
* @return String
*/
function Fliter_script ($value) {
$value = Preg_replace ("/javascript:)? On" (Click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset |resize|submit)/I "," &111n\\2 ", $value);
$value = Preg_replace ("/(. *?) <\/script>/si "," ", $value);
$value = Preg_replace ("/(. *?) <\/iframe>/si "," ", $value);
$value = Preg_replace ("//iesu", "", $value);
return $value;
}
/**
* Safe Filter Class-Filter HTML tags
* Use in Controller: $this->controller->fliter_html ($value)
* @param string $value The value to be filtered
* @return String
*/
function fliter_html ($value) {
if (function_exists (' Htmlspecialchars ')) return Htmlspecialchars ($value);
Return Str_replace ("&", "", "" "," < "," > "), Array (" & "," \ "", "" "," < "," > "), $value);
}
/**
* Security Filter Class-underline incoming data to prevent SQL injection
* Use in Controller: $this->controller->fliter_sql ($value)
* @param string $value The value to be filtered
* @return String
*/
function Fliter_sql ($value) {
$sql = Array ("Select", ' Insert ', "Update", "delete", "\", "\/\*",
"\.\.\/", "\.\/", "union", "into", "Load_file", "outfile");
$sql _re = Array ("", "," "," "," "," ",", "," "," "," "," "," "
Return Str_replace ($sql, $sql _re, $value);
}
/**
* Security Filtering Class-Universal Data Filtering
* Controller use method: $this->controller->fliter_escape ($value)
* @param String $value variables that need to be filtered
* @return string|array
*/
Function Fliter_escape ($value) {
if (Is_array ($value)) { foreach ($value as $k => $v) {
$value [$k] = Self::fliter_str ($v);
}
} else { br> $value = Self::fliter_str ($value);
}
return $value;
}
/**
* Security Filter Class-string filter filter Special hazardous characters
* Controller use method: $this->controller->fliter_str ($value)
* @ param string $value the value that needs to be filtered
* @return String
*/
Function fliter_str ($value) {
$badstr = Array ("." %00 "," \ R ", ' & ', ', '" "," "," < "," > "," ","%3c ","%3e ");
$newstr = Array (', ', ', ', ' & ', ', ', ' ', ', ', ' ', ', ', ' < ', ' > ', ' ', ' < ', ' > ');
$value = Str_replace ($badstr, $newstr, $value);
$value = preg_replace ('/& ((# (\d{3,5}|x[a-fa-f0-9]{4}));)/', ' &\\1 ', $value);
return $value;
}
/**
* Safe conversion of private road strength
* Use in Controller: $this->controller->filter_dir ($fileName)
* @param string $fileName
* @return String
*/
function Filter_dir ($fileName) {
$tmpname = Strtolower ($fileName);
$temp = Array (':/', "n", "...");
if (Str_replace ($temp, ', $tmpname)!== $tmpname) {
return false;
}
return $fileName;
}
/**
* Filter Directory
* Use in Controller: $this->controller->filter_path ($path)
* @param string $path
* @return Array
*/
Public Function Filter_path ($path) {
$path = Str_replace (Array ("'", ' # ', ' = ', ' ', ' $ ', '% ', ' & ', '; '), ', $path);
return RTrim (Preg_replace ('/\/) {2,}| ( \\\) {1,}/', '/', $path), '/');
}
/**
* Filter PHP tags
* Use in Controller: $this->controller->filter_phptag ($string)
* @param string $string
* @return String
*/
Public Function Filter_phptag ($string) {
return Str_replace (Array ('), array (';? ', '?> '), $string);
}
/**
* Safe Filter Class-return function
* Use in Controller: $this->controller->str_out ($value)
* @param string $value The value to be filtered
* @return String
*/
Public Function Str_out ($value) {
$badstr = Array ("<", ">", "%3c", "%3e");
$newstr = Array ("<", ">", "<", ">");
$value = Str_replace ($newstr, $badstr, $value);
Return stripslashes ($value); Underline
}