DedeBIZ
/
DedeV6
Watch 2
Star 0
Fork 0
Code Pull Requests 0 Releases 25 Activity
国内流行的内容管理系统(CMS)多端全媒体解决方案 https://www.dedebiz.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
275 Commits
3 Branches
110MB
Tree: 66f402eac8
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '66f402eac8'
${ noResults }
DedeV6/src/include/helpers/filter.helper.php

157 lines
6.5KB
Raw Blame History 

  1. <?php if (!defined('DEDEINC')) exit('dedebiz');

  2. /**

  3.  * 过滤小助手

  4.  *

  5.  * @version        $Id: time.filter.php 1 2010-07-05 11:43:09Z tianya $

  6.  * @package        DedeBIZ.Helpers

  7.  * @copyright      Copyright (c) 2020, DedeBIZ.COM

  8.  * @license        https://www.dedebiz.com/license

  9.  * @link           https://www.dedebiz.com

  10.  */

  11. 

  12. /**

  13.  *  去除html中不规则内容字符

  14. 

  15.  *

  16.  * @access    public

  17.  * @param     string  $str  需要处理的字符串

  18.  * @param     string  $rptype  返回类型

  19.  *            $rptype = 0 表示仅替换 html标记

  20.  *            $rptype = 1 表示替换 html标记同时去除连续空白字符

  21.  *            $rptype = 2 表示替换 html标记同时去除所有空白字符

  22.  *            $rptype = -1 表示仅替换 html危险的标记 

  23.  * @return    string

  24.  */

  25. if (!function_exists('HtmlReplace')) {

  26.     function HtmlReplace($str, $rptype = 0)

  27.     {

  28.         $str = stripslashes($str);

  29.         $str = preg_replace("/<[\/]{0,1}style([^>]*)>(.*)<\/style>/i", '', $str);

  30.         if ($rptype == 0) {

  31.             $str = dede_htmlspecialchars($str);

  32.         } else if ($rptype == 1) {

  33.             $str = dede_htmlspecialchars($str);

  34.             $str = str_replace(" ", ' ', $str);

  35.             $str = preg_replace("/[\r\n\t ]{1,}/", ' ', $str);

  36.         } else if ($rptype == 2) {

  37.             $str = dede_htmlspecialchars($str);

  38.             $str = str_replace(" ", '', $str);

  39.             $str = preg_replace("/[\r\n\t ]/", '', $str);

  40.         } else {

  41.             $str = preg_replace("/[\r\n\t ]{1,}/", ' ', $str);

  42.             $str = preg_replace('/script/i', 'script', $str);

  43.             $str = preg_replace("/<[\/]{0,1}(link|meta|ifr|fra)[^>]*>/i", '', $str);

  44.         }

  45.         return addslashes($str);

  46.     }

  47. }

  48. 

  49. 

  50. 

  51. /**

  52.  *  修复浏览器XSS hack的函数

  53.  *

  54.  * @param     string   $val  需要处理的内容

  55.  * @return    string

  56.  */

  57. if (!function_exists('RemoveXSS')) {

  58.     function RemoveXSS($val)

  59.     {

  60.         $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);

  61.         $search = 'abcdefghijklmnopqrstuvwxyz';

  62.         $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';

  63.         $search .= '1234567890!@#$%^&*()';

  64.         $search .= '~`";:?+/={}[]-_|\'\\';

  65.         for ($i = 0; $i < strlen($search); $i++) {

  66.             $val = preg_replace('/(&#[xX]0{0,8}' . dechex(ord($search[$i])) . ';?)/i', $search[$i], $val); // with a ;

  67.             $val = preg_replace('/(&#0{0,8}' . ord($search[$i]) . ';?)/', $search[$i], $val); // with a ;

  68.         }

  69. 

  70.         $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');

  71.         $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');

  72.         $ra = array_merge($ra1, $ra2);

  73. 

  74.         $found = true;

  75.         while ($found == true) {

  76.             $val_before = $val;

  77.             for ($i = 0; $i < sizeof($ra); $i++) {

  78.                 $pattern = '/';

  79.                 for ($j = 0; $j < strlen($ra[$i]); $j++) {

  80.                     if ($j > 0) {

  81.                         $pattern .= '(';

  82.                         $pattern .= '(&#[xX]0{0,8}([9ab]);)';

  83.                         $pattern .= '|';

  84.                         $pattern .= '|(&#0{0,8}([9|10|13]);)';

  85.                         $pattern .= ')*';

  86.                     }

  87.                     $pattern .= $ra[$i][$j];

  88.                 }

  89.                 $pattern .= '/i';

  90.                 $replacement = substr($ra[$i], 0, 2) . '<x>' . substr($ra[$i], 2);

  91.                 $val = preg_replace($pattern, $replacement, $val);

  92.                 if ($val_before == $val) {

  93.                     $found = false;

  94.                 }

  95.             }

  96.         }

  97.         return $val;

  98.     }

  99. }

  100. 

  101. /**

  102.  *  处理禁用HTML但允许换行的内容

  103.  *

  104.  * @access    public

  105.  * @param     string  $msg  需要过滤的内容

  106.  * @return    string

  107.  */

  108. if (!function_exists('TrimMsg')) {

  109.     function TrimMsg($msg)

  110.     {

  111.         $msg = trim(stripslashes($msg));

  112.         $msg = nl2br(dede_htmlspecialchars($msg));

  113.         $msg = str_replace("  ", "&nbsp;&nbsp;", $msg);

  114.         return addslashes($msg);

  115.     }

  116. }

  117. 

  118. /**

  119.  *  过滤用于搜索的字符串

  120.  *

  121.  * @param     string  $keyword  关键词

  122.  * @return    string

  123.  */

  124. if (!function_exists('FilterSearch')) {

  125.     function FilterSearch($keyword)

  126.     {

  127.         global $cfg_soft_lang;

  128.         if ($cfg_soft_lang == 'utf-8') {

  129.             $keyword = preg_replace("/[\"\r\n\t\$\\><']/", '', $keyword);

  130.             if ($keyword != stripslashes($keyword)) {

  131.                 return '';

  132.             } else {

  133.                 return $keyword;

  134.             }

  135.         } else {

  136.             $restr = '';

  137.             for ($i = 0; isset($keyword[$i]); $i++) {

  138.                 if (ord($keyword[$i]) > 0x80) {

  139.                     if (isset($keyword[$i + 1]) && ord($keyword[$i + 1]) > 0x40) {

  140.                         $restr .= $keyword[$i] . $keyword[$i + 1];

  141.                         $i++;

  142.                     } else {

  143.                         $restr .= ' ';

  144.                     }

  145.                 } else {

  146.                     if (preg_match("/[^0-9a-z@#\.]/", $keyword[$i])) {

  147.                         $restr .= ' ';

  148.                     } else {

  149.                         $restr .= $keyword[$i];

  150.                     }

  151.                 }

  152.             }

  153.         }

  154.         return $restr;

  155.     }

  156. }