Home >php教程 >php手册 >PHP利用str_replace()函数防注入

PHP利用str_replace()函数防注入

WBOY
WBOYOriginal
2016-06-13 09:50:14847browse

str_replace()函数的使用就是用来替换指定字符了,那么我们正好可以利用它这一点来过滤敏感字符以太到防注入的效果,下面我来给大家总结了一些方法,给大家分享一下。


PHP各种过滤字符函数

 

 代码如下 复制代码

       /**
    * 安全过滤函数
    *
    * @param $string
    * @return string
    */
    function safe_replace($string) {
    $string = str_replace('%20','',$string);
    $string = str_replace('%27','',$string);
    $string = str_replace('%2527','',$string);
    $string = str_replace('*','',$string);
    $string = str_replace('"','"',$string);
    $string = str_replace("'",'',$string);
    $string = str_replace('"','',$string);
    $string = str_replace(';','',$string);
    $string = str_replace('     $string = str_replace("{",'',$string);
    $string = str_replace('}','',$string);
    $string = str_replace('','',$string);
    return $string;
    }
    ?>


        /**
    * 返回经addslashes处理过的字符串或数组
    * @param $string 需要处理的字符串或数组
    * @return mixed
    */
    function new_addslashes($string) {
    if(!is_array($string)) return addslashes($string);
    foreach($string as $key => $val) $string[$key] = new_addslashes($val);
    return $string;
    }
    ?>


        //对请求的字符串进行安全处理
    /*
    $safestep
    0 为不处理,
    1 为禁止不安全HTML内容(javascript等),
    2 完全禁止HTML内容,并替换部份不安全字符串(如:eval(、union、CONCAT(、--、等)
    */
    function StringSafe($str, $safestep=-1){
    $safestep = ($safestep > -1) ? $safestep : 1;
    if($safestep == 1){
    $str = preg_replace("#script:#i", "script:", $str);
    $str = preg_replace("#]*>#isU", '', $str);
    $str = preg_replace("#[ ]{1,}#", ' ', $str);
    return $str;
    }else if($safestep == 2){
    $str = addslashes(htmlspecialchars(stripslashes($str)));
    $str = preg_replace("#eval#i", 'eval', $str);
    $str = preg_replace("#union#i", 'union', $str);
    $str = preg_replace("#concat#i", 'concat', $str);
    $str = preg_replace("#--#", '--', $str);
    $str = preg_replace("#[ ]{1,}#", ' ', $str);
    return $str;
    }else{
    return $str;
    }
    }
    ?>


           /**
        +----------------------------------------------------------
        * 输出安全的html,用于过滤危险代码
        +----------------------------------------------------------
        * @access public
        +----------------------------------------------------------
        * @param string $text 要处理的字符串
        * @param mixed $tags 允许的标签列表,如 table|td|th|td
        +----------------------------------------------------------
        * @return string
        +----------------------------------------------------------
        */
       static public function safeHtml($text, $tags = null)
       {
           $text =  trim($text);
           //完全过滤注释
           $text = preg_replace('//','',$text);
           //完全过滤动态代码
           $text =  preg_replace('/|?'.'>/','',$text);
           //完全过滤js
           $text = preg_replace('/<script>/','',$text);<br /> $text = str_replace('[','&#091;',$text);<br /> $text = str_replace(']','&#093;',$text);<br /> $text = str_replace('|','&#124;',$text);<br /> //过滤换行符<br /> $text = preg_replace('/ ? /','',$text);<br /> //br<br /> $text = preg_replace('/<br(s/)?'.'>/i','[br]',$text);<br /> $text = preg_replace('/([br]s*){10,}/i','[br]',$text);<br /> //过滤危险的属性,如:过滤on事件lang js<br /> while(preg_match('/(<[^><]+)(lang|on|action|background|codebase|dynsrc|lowsrc)[^><]+/i',$text,$mat)){<br /> $text=str_replace($mat[0],$mat[1],$text);<br /> }<br /> while(preg_match('/(<[^><]+)(window.|javascript:|js:|about:|file:|document.|vbs:|cookie)([^><]*)/i',$text,$mat)){<br /> $text=str_replace($mat[0],$mat[1].$mat[3],$text);<br /> }<br /> if( empty($allowTags) ) { $allowTags = self::$htmlTags['allow']; }<br /> //允许的HTML标签<br /> $text = preg_replace('/<('.$allowTags.')( [^><[]]*)>/i','[12]',$text);<br /> //过滤多余html<br /> if ( empty($banTag) ) { $banTag = self::$htmlTags['ban']; }<br /> $text = preg_replace('/</?('.$banTag.')[^><]*>/i','',$text);<br /> //过滤合法的html标签<br /> while(preg_match('/<([a-z]+)[^><[]]*>[^><]*</1>/i',$text,$mat)){<br /> $text=str_replace($mat[0],str_replace('>',']',str_replace('<','[',$mat[0])),$text);<br /> }<br /> //转换引号<br /> while(preg_match('/([[^[]]*=s*)("|')([^2=[]]+)2([^[]]*])/i',$text,$mat)){<br /> $text=str_replace($mat[0],$mat[1].'|'.$mat[3].'|'.$mat[4],$text);<br /> }<br /> //空属性转换<br /> $text = str_replace('''','||',$text);<br /> $text = str_replace('""','||',$text);<br /> //过滤错误的单个引号<br /> while(preg_match('/[[^[]]*("|')[^[]]*]/i',$text,$mat)){<br /> $text=str_replace($mat[0],str_replace($mat[1],'',$mat[0]),$text);<br /> }<br /> //转换其它所有不合法的 < ><br /> $text = str_replace('<','<',$text);<br /> $text = str_replace('>','>',$text);<br /> $text = str_replace('"','"',$text);<br /> //反转换<br /> $text = str_replace('[','<',$text);<br /> $text = str_replace(']','>',$text);<br /> $text = str_replace('|','"',$text);<br /> //过滤多余空格<br /> $text = str_replace(' ',' ',$text);<br /> return $text;<br /> }<br /> ?></script>


        function RemoveXSS($val) {
       // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
       // this prevents some character re-spacing such as
       // note that you have to handle splits with , , and later since they *are* allowed in some          // inputs
       $val = preg_replace('/([x00-x08,x0b-x0c,x0e-x19])/', '', $val);
       // straight replacements, the user should never need these since they're normal characters
       // this prevents like PHP利用str_replace()函数防注入
       $search = 'abcdefghijklmnopqrstuvwxyz';
       $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
       $search .= '1234567890!@#$%^&*()';
       $search .= '~`";:?+/={}[]-_|'';
       for ($i = 0; $i            // ;? matches the ;, which is optional
           // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
           // @ @ search for the hex values
           $val = preg_replace('/([xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val);//with a ;
           // @ @ 0{0,7} matches '0' zero to seven times
           $val = preg_replace('/({0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
       }
       // now the only remaining whitespace attacks are , , and 
       $ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
       $ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
       $ra = array_merge($ra1, $ra2);
       $found = true; // keep replacing as long as the previous round replaced something
       while ($found == true) {
           $val_before = $val;
           for ($i = 0; $i                $pattern = '/';
               for ($j = 0; $j                    if ($j > 0) {
                       $pattern .= '(';
                       $pattern .= '([xX]0{0,8}([9ab]);)';
                       $pattern .= '|';
                       $pattern .= '|({0,8}([9|10|13]);)';
                       $pattern .= ')*';
                   }
                   $pattern .= $ra[$i][$j];
               }
               $pattern .= '/i';
               $replacement = substr($ra[$i], 0, 2).''.substr($ra[$i], 2); // add in to nerf the tag
               $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
               if ($val_before == $val) {
                   // no replacements were made, so exit the loop
                   $found = false;
               }
           }
       }
       return $val;
    }
    ?>

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn