php源码安全检测,PHP 安全检测代码片段

/**

* html转换输出(只转义' " 保留Html正常运行)  * @param $param

* @return string

*/

function htmlEscape($param) {

return trim(htmlspecialchars($param, ENT_QUOTES));

}

/**

* 是否数组(同时检测数组中是否存在值)  * @param $params

* @return boolean

*/

function isArray($params) {

return (!is_array($params) || !count($params)) ? false : true;

}

/**

* 变量是否在数组中存在(参数容错, 字符串是否存在于数组中)  * @param $param

* @param $params

* @return boolean

*/

function inArray($param, $params) {

return (!in_array((string)$param, (array)$params)) ? false : true;

}

/**

* 通用多类型混合转义函数  * @param $var

* @param $strip

* @param $isArray

* @return mixture

*/

function sqlEscape($var, $strip = true, $isArray = false) {

if (is_array($var)) {

if (!$isArray) return " '' ";

foreach ($var as $key => $value) {

$var[$key] = trim(S::sqlEscape($value, $strip));

}

return $var;

} elseif (is_numeric($var)) {

return " '" . $var . "' ";

} else {

return " '" . addslashes($strip ? stripslashes($var) : $var) . "' ";

}

}

/**

* 获取服务器变量      * @param $keys

* @return string

*/

function getServer($keys) {

$server = array();

$array = (array) $keys;

foreach ($array as $key) {

$server[$key] = NULL;

if (isset($_SERVER[$key])) {

$server[$key] = str_replace(array('','"',"'",'%3C','%3E','%22','%27','%3c','%3e'), '', $_SERVER[$key]);

}

}

return is_array($keys) ? $server : $server[$keys];

}

/**

* 变量转义      * @param $array

*/

function slashes(&$array) {

if (is_array($array)) {

foreach ($array as $key => $value) {

if (is_array($value)) {

S::slashes($array[$key]);

} else {

$array[$key] = addslashes($value);

}

}

}

}

/**

* 目录转换      * @param unknown_type $dir

* @return string

*/

function escapeDir($dir) {

$dir = str_replace(array("'",'#','=','`','$','%','&',';'), '', $dir);

return rtrim(preg_replace('/(/){2,}|(\){1,}/', '/', $dir), '/');

}

/**

* 通用多类型转换      * @param $mixed

* @param $isint

* @param $istrim

* @return mixture

*/

function escapeChar($mixed, $isint = false, $istrim = false) {

if (is_array($mixed)) {

foreach ($mixed as $key => $value) {

$mixed[$key] = S::escapeChar($value, $isint, $istrim);

}

} elseif ($isint) {

$mixed = (int) $mixed;

} elseif (!is_numeric($mixed) && ($istrim ? $mixed = trim($mixed) : $mixed) && $mixed) {

$mixed = S::escapeStr($mixed);

}

return $mixed;

}

/**

* 字符转换      * @param $string

* @return string

*/

function escapeStr($string) {

$string = str_replace(array("","%00"," "), '', $string); //modified@2010-7-5

$string = preg_replace(array('/[\x00-\x08\x0B\x0C\x0E-\x1F]/','/&(?!(#[0-9]+|[a-z]+);)/is'), array('', '&'), $string);

$string = str_replace(array("%3C",'

$string = str_replace(array("%3E",'>'), '>', $string);

$string = str_replace(array('"',"'"," ",'  '), array('"',''','    ','  '), $string);

return $string;

}

/**

* 变量检查      * @param $var

*/

function checkVar(&$var) {

if (is_array($var)) {

foreach ($var as $key => $value) {

S::checkVar($var[$key]);

}

} elseif (P_W != 'admincp') {

$var = str_replace(array('..',')','

} elseif (str_replace(array('

global $basename;

$basename = 'javascript:history.go(-1);';

adminmsg('word_error');

}

}

你可能感兴趣的