首页 >php教程 >PHP源码 >安全 防XSS跨站 SQL注入

安全 防XSS跨站 SQL注入

PHP中文网
PHP中文网原创
2016-05-25 17:08:221200浏览

sql注入

<?php
 
defined(&#39;TC_CMS&#39;) or exit(&#39;Access Denied&#39;);
 
/**
 * TC_CMS
 * =======================================================
 * 版权所有 (C) 2010-2020 www.teamcen.com,并保留所有权利。
 * 网站地址: http://www.teamcen.com
 * Q Q: 9877633
 * -------------------------------------------------------
 *
 * @author :     milkcy <milkcy@foxmail.com>
 * @version :    v1.0
 * =======================================================
 */
 
class safe {
    const getfilter="&#39;|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    const postfilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    const cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
 
    public function __construct() {
 
    }
 
    public function initLogHacker() {
         
        foreach($_GET as $key=>$value){
            $this->StopAttack($key,$value,self::getfilter);
            $_GET[$key] = $this->safe_replace($value);
            $_GET[$key] = $this->remove_xss($_GET[$key]);
        }
         
        foreach($_COOKIE as $key=>$value){
            $this->StopAttack($key,$value,self::cookiefilter);
        }
         
        foreach($_POST as $key=>$value){
            if (!is_array($value)) {
                $_POST[$key] = $this->trim_script($value);
            }
            $this->StopAttack($key,$value,self::postfilter);
        }
    }
     
    private function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){
        if(is_array($StrFiltValue)) {
            $StrFiltValue=implode($StrFiltValue);
        }     
        if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
            $attackStr = "<br><br>SubmitIP:".$_SERVER["REMOTE_ADDR"]."<br>SubmitTime:".strftime("%Y-%m-%d %H:%M:%S")."<br>SubmitPage:".$_SERVER["PHP_SELF"]."<br>SubmitMethod:".$_SERVER["REQUEST_METHOD"]."<br>SubmitParams:".$StrFiltKey."<br>SubmitData:".$StrFiltValue;
            exit("Illegal operation:" . $attackStr);
        }
    }
     
    /**
     * 安全过滤函数
     *
     * @param $string
     * @return string
     */
    private function safe_replace($string) {
        $string = str_replace(&#39;%20&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;%27&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;%2527&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;*&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;"&#39;, &#39;&quot;&#39;, $string);
        $string = str_replace("&#39;", &#39;&#39;, $string);
        $string = str_replace(&#39;"&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;;&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;<&#39;, &#39;&lt;&#39;, $string);
        $string = str_replace(&#39;>&#39;, &#39;&gt;&#39;, $string);
        $string = str_replace("{", &#39;&#39;, $string);
        $string = str_replace(&#39;}&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;\\&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;or&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;insert&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;update&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;delete&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;and&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;union&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;load_file&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;outfil&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;TRUNCATE&#39;, &#39;&#39;, $string);
        return $string;
    }
     
    /**
     * 转义 javascript 代码标记
     *
     * @param $str
     * @return mixed
     */
    private function trim_script($str) {
        if (is_array($str)) {
            foreach ($str as $key => $val) {
                $str[$key] = trim_script($val);
            }
        } else {
            $str = preg_replace(&#39;/\<([\/]?)script([^\>]*?)\>/si&#39;, &#39;&lt;\\1script\\2&gt;&#39;, $str);
            $str = preg_replace(&#39;/\<([\/]?)iframe([^\>]*?)\>/si&#39;, &#39;&lt;\\1iframe\\2&gt;&#39;, $str);
            $str = preg_replace(&#39;/\<([\/]?)frame([^\>]*?)\>/si&#39;, &#39;&lt;\\1frame\\2&gt;&#39;, $str);
            $str = preg_replace(&#39;/]]\>/si&#39;, &#39;]] >&#39;, $str);
        }
        return $str;
    }
     
    /**
     * 防止XSS攻击,用在表单textarea中内容过滤较多
     *
     * @param $str
     * @return mixed
     */
    private function remove_xss($val) {
        $val = preg_replace(&#39;/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/&#39;, &#39;&#39;, $val);
        $search = &#39;abcdefghijklmnopqrstuvwxyz&#39;;
        $search .= &#39;ABCDEFGHIJKLMNOPQRSTUVWXYZ&#39;;
        $search .= &#39;1234567890!@#$%^&*()&#39;;
        $search .= &#39;~`";:?+/={}[]-_|\&#39;\\&#39;;
        for ($i = 0; $i < strlen($search); $i++) {
            $val = preg_replace(&#39;/(&#[xX]0{0,8}&#39; . dechex(ord($search[$i])) . &#39;;?)/i&#39;, $search[$i], $val); // with a ;
            $val = preg_replace(&#39;/(&#0{0,8}&#39; . ord($search[$i]) . &#39;;?)/&#39;, $search[$i], $val); // with a ;
        }
 
        $ra1 = array(
            &#39;javascript&#39;,
            &#39;vbscript&#39;,
            &#39;expression&#39;,
            &#39;applet&#39;,
            &#39;meta&#39;,
            &#39;xml&#39;,
            &#39;blink&#39;,
            &#39;link&#39;,
            &#39;style&#39;,
            &#39;script&#39;,
            &#39;embed&#39;,
            &#39;object&#39;,
            &#39;iframe&#39;,
            &#39;frame&#39;,
            &#39;frameset&#39;,
            &#39;ilayer&#39;,
            &#39;layer&#39;,
            &#39;bgsound&#39;,
            &#39;title&#39;,
            &#39;base&#39;
            );
            $ra2 = array(
            &#39;onabort&#39;,
            &#39;onactivate&#39;,
            &#39;onafterprint&#39;,
            &#39;onafterupdate&#39;,
            &#39;onbeforeactivate&#39;,
            &#39;onbeforecopy&#39;,
            &#39;onbeforecut&#39;,
            &#39;onbeforedeactivate&#39;,
            &#39;onbeforeeditfocus&#39;,
            &#39;onbeforepaste&#39;,
            &#39;onbeforeprint&#39;,
            &#39;onbeforeunload&#39;,
            &#39;onbeforeupdate&#39;,
            &#39;onblur&#39;,
            &#39;onbounce&#39;,
            &#39;oncellchange&#39;,
            &#39;onchange&#39;,
            &#39;onclick&#39;,
            &#39;oncontextmenu&#39;,
            &#39;oncontrolselect&#39;,
            &#39;oncopy&#39;,
            &#39;oncut&#39;,
            &#39;ondataavailable&#39;,
            &#39;ondatasetchanged&#39;,
            &#39;ondatasetcomplete&#39;,
            &#39;ondblclick&#39;,
            &#39;ondeactivate&#39;,
            &#39;ondrag&#39;,
            &#39;ondragend&#39;,
            &#39;ondragenter&#39;,
            &#39;ondragleave&#39;,
            &#39;ondragover&#39;,
            &#39;ondragstart&#39;,
            &#39;ondrop&#39;,
            &#39;onerror&#39;,
            &#39;onerrorupdate&#39;,
            &#39;onfilterchange&#39;,
            &#39;onfinish&#39;,
            &#39;onfocus&#39;,
            &#39;onfocusin&#39;,
            &#39;onfocusout&#39;,
            &#39;onhelp&#39;,
            &#39;onkeydown&#39;,
            &#39;onkeypress&#39;,
            &#39;onkeyup&#39;,
            &#39;onlayoutcomplete&#39;,
            &#39;onload&#39;,
            &#39;onlosecapture&#39;,
            &#39;onmousedown&#39;,
            &#39;onmouseenter&#39;,
            &#39;onmouseleave&#39;,
            &#39;onmousemove&#39;,
            &#39;onmouseout&#39;,
            &#39;onmouseover&#39;,
            &#39;onmouseup&#39;,
            &#39;onmousewheel&#39;,
            &#39;onmove&#39;,
            &#39;onmoveend&#39;,
            &#39;onmovestart&#39;,
            &#39;onpaste&#39;,
            &#39;onpropertychange&#39;,
            &#39;onreadystatechange&#39;,
            &#39;onreset&#39;,
            &#39;onresize&#39;,
            &#39;onresizeend&#39;,
            &#39;onresizestart&#39;,
            &#39;onrowenter&#39;,
            &#39;onrowexit&#39;,
            &#39;onrowsdelete&#39;,
            &#39;onrowsinserted&#39;,
            &#39;onscroll&#39;,
            &#39;onselect&#39;,
            &#39;onselectionchange&#39;,
            &#39;onselectstart&#39;,
            &#39;onstart&#39;,
            &#39;onstop&#39;,
            &#39;onsubmit&#39;,
            &#39;onunload&#39;
            );
            $ra = array_merge($ra1, $ra2);
 
            $found = true; // keep replacing as long as the previous round replaced something
            while ($found == true) {
                $val_before = $val;
                for ($i = 0; $i < sizeof($ra); $i++) {
                    $pattern = &#39;/&#39;;
                    for ($j = 0; $j < strlen($ra[$i]); $j++) {
                        if ($j > 0) {
                            $pattern .= &#39;(&#39;;
                            $pattern .= &#39;(&#[xX]0{0,8}([9ab]);)&#39;;
                            $pattern .= &#39;|&#39;;
                            $pattern .= &#39;|(&#0{0,8}([9|10|13]);)&#39;;
                            $pattern .= &#39;)*&#39;;
                        }
                        $pattern .= $ra[$i][$j];
                    }
                    $pattern .= &#39;/i&#39;;
                    $replacement = substr($ra[$i], 0, 2) . &#39;<x>&#39; . substr($ra[$i], 2); // add in <> to nerf the tag
                    $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
                    if ($val_before == $val) {
                        // no replacements were made, so exit the loop
                        $found = false;
                    }
                }
            }
            return $val;
    }
}
 
?>

safe.class.php

<?php
 
defined(&#39;TC_CMS&#39;) or exit(&#39;Access Denied&#39;);
 
/**
 * TC_CMS
 * =======================================================
 * 版权所有 (C) 2010-2020 www.teamcen.com,并保留所有权利。
 * 网站地址: http://www.teamcen.com
 * Q Q: 9877633
 * -------------------------------------------------------
 *
 * @author :     milkcy <milkcy@foxmail.com>
 * @version :    v1.0
 * =======================================================
 */
 
class safe {
    const getfilter="&#39;|(and|or)\\b.+?(>|<|=|in|like)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    const postfilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
    const cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
 
    public function __construct() {
 
    }
 
    public function initLogHacker() {
         
        foreach($_GET as $key=>$value){
            $this->StopAttack($key,$value,self::getfilter);
            $_GET[$key] = $this->safe_replace($value);
            $_GET[$key] = $this->remove_xss($_GET[$key]);
        }
         
        foreach($_COOKIE as $key=>$value){
            $this->StopAttack($key,$value,self::cookiefilter);
        }
         
        foreach($_POST as $key=>$value){
            if (!is_array($value)) {
                $_POST[$key] = $this->trim_script($value);
            }
            $this->StopAttack($key,$value,self::postfilter);
        }
    }
     
    private function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){
        if(is_array($StrFiltValue)) {
            $StrFiltValue=implode($StrFiltValue);
        }     
        if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
            $attackStr = "<br><br>SubmitIP:".$_SERVER["REMOTE_ADDR"]."<br>SubmitTime:".strftime("%Y-%m-%d %H:%M:%S")."<br>SubmitPage:".$_SERVER["PHP_SELF"]."<br>SubmitMethod:".$_SERVER["REQUEST_METHOD"]."<br>SubmitParams:".$StrFiltKey."<br>SubmitData:".$StrFiltValue;
            exit("Illegal operation:" . $attackStr);
        }
    }
     
    /**
     * 安全过滤函数
     *
     * @param $string
     * @return string
     */
    private function safe_replace($string) {
        $string = str_replace(&#39;%20&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;%27&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;%2527&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;*&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;"&#39;, &#39;&quot;&#39;, $string);
        $string = str_replace("&#39;", &#39;&#39;, $string);
        $string = str_replace(&#39;"&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;;&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;<&#39;, &#39;&lt;&#39;, $string);
        $string = str_replace(&#39;>&#39;, &#39;&gt;&#39;, $string);
        $string = str_replace("{", &#39;&#39;, $string);
        $string = str_replace(&#39;}&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;\\&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;or&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;insert&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;update&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;delete&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;and&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;union&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;load_file&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;outfil&#39;, &#39;&#39;, $string);
        $string = str_replace(&#39;TRUNCATE&#39;, &#39;&#39;, $string);
        return $string;
    }
     
    /**
     * 转义 javascript 代码标记
     *
     * @param $str
     * @return mixed
     */
    private function trim_script($str) {
        if (is_array($str)) {
            foreach ($str as $key => $val) {
                $str[$key] = trim_script($val);
            }
        } else {
            $str = preg_replace(&#39;/\<([\/]?)script([^\>]*?)\>/si&#39;, &#39;&lt;\\1script\\2&gt;&#39;, $str);
            $str = preg_replace(&#39;/\<([\/]?)iframe([^\>]*?)\>/si&#39;, &#39;&lt;\\1iframe\\2&gt;&#39;, $str);
            $str = preg_replace(&#39;/\<([\/]?)frame([^\>]*?)\>/si&#39;, &#39;&lt;\\1frame\\2&gt;&#39;, $str);
            $str = preg_replace(&#39;/]]\>/si&#39;, &#39;]] >&#39;, $str);
        }
        return $str;
    }
     
    /**
     * 防止XSS攻击,用在表单textarea中内容过滤较多
     *
     * @param $str
     * @return mixed
     */
    private function remove_xss($val) {
        $val = preg_replace(&#39;/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/&#39;, &#39;&#39;, $val);
        $search = &#39;abcdefghijklmnopqrstuvwxyz&#39;;
        $search .= &#39;ABCDEFGHIJKLMNOPQRSTUVWXYZ&#39;;
        $search .= &#39;1234567890!@#$%^&*()&#39;;
        $search .= &#39;~`";:?+/={}[]-_|\&#39;\\&#39;;
        for ($i = 0; $i < strlen($search); $i++) {
            $val = preg_replace(&#39;/(&#[xX]0{0,8}&#39; . dechex(ord($search[$i])) . &#39;;?)/i&#39;, $search[$i], $val); // with a ;
            $val = preg_replace(&#39;/(&#0{0,8}&#39; . ord($search[$i]) . &#39;;?)/&#39;, $search[$i], $val); // with a ;
        }
 
        $ra1 = array(
            &#39;javascript&#39;,
            &#39;vbscript&#39;,
            &#39;expression&#39;,
            &#39;applet&#39;,
            &#39;meta&#39;,
            &#39;xml&#39;,
            &#39;blink&#39;,
            &#39;link&#39;,
            &#39;style&#39;,
            &#39;script&#39;,
            &#39;embed&#39;,
            &#39;object&#39;,
            &#39;iframe&#39;,
            &#39;frame&#39;,
            &#39;frameset&#39;,
            &#39;ilayer&#39;,
            &#39;layer&#39;,
            &#39;bgsound&#39;,
            &#39;title&#39;,
            &#39;base&#39;
            );
            $ra2 = array(
            &#39;onabort&#39;,
            &#39;onactivate&#39;,
            &#39;onafterprint&#39;,
            &#39;onafterupdate&#39;,
            &#39;onbeforeactivate&#39;,
            &#39;onbeforecopy&#39;,
            &#39;onbeforecut&#39;,
            &#39;onbeforedeactivate&#39;,
            &#39;onbeforeeditfocus&#39;,
            &#39;onbeforepaste&#39;,
            &#39;onbeforeprint&#39;,
            &#39;onbeforeunload&#39;,
            &#39;onbeforeupdate&#39;,
            &#39;onblur&#39;,
            &#39;onbounce&#39;,
            &#39;oncellchange&#39;,
            &#39;onchange&#39;,
            &#39;onclick&#39;,
            &#39;oncontextmenu&#39;,
            &#39;oncontrolselect&#39;,
            &#39;oncopy&#39;,
            &#39;oncut&#39;,
            &#39;ondataavailable&#39;,
            &#39;ondatasetchanged&#39;,
            &#39;ondatasetcomplete&#39;,
            &#39;ondblclick&#39;,
            &#39;ondeactivate&#39;,
            &#39;ondrag&#39;,
            &#39;ondragend&#39;,
            &#39;ondragenter&#39;,
            &#39;ondragleave&#39;,
            &#39;ondragover&#39;,
            &#39;ondragstart&#39;,
            &#39;ondrop&#39;,
            &#39;onerror&#39;,
            &#39;onerrorupdate&#39;,
            &#39;onfilterchange&#39;,
            &#39;onfinish&#39;,
            &#39;onfocus&#39;,
            &#39;onfocusin&#39;,
            &#39;onfocusout&#39;,
            &#39;onhelp&#39;,
            &#39;onkeydown&#39;,
            &#39;onkeypress&#39;,
            &#39;onkeyup&#39;,
            &#39;onlayoutcomplete&#39;,
            &#39;onload&#39;,
            &#39;onlosecapture&#39;,
            &#39;onmousedown&#39;,
            &#39;onmouseenter&#39;,
            &#39;onmouseleave&#39;,
            &#39;onmousemove&#39;,
            &#39;onmouseout&#39;,
            &#39;onmouseover&#39;,
            &#39;onmouseup&#39;,
            &#39;onmousewheel&#39;,
            &#39;onmove&#39;,
            &#39;onmoveend&#39;,
            &#39;onmovestart&#39;,
            &#39;onpaste&#39;,
            &#39;onpropertychange&#39;,
            &#39;onreadystatechange&#39;,
            &#39;onreset&#39;,
            &#39;onresize&#39;,
            &#39;onresizeend&#39;,
            &#39;onresizestart&#39;,
            &#39;onrowenter&#39;,
            &#39;onrowexit&#39;,
            &#39;onrowsdelete&#39;,
            &#39;onrowsinserted&#39;,
            &#39;onscroll&#39;,
            &#39;onselect&#39;,
            &#39;onselectionchange&#39;,
            &#39;onselectstart&#39;,
            &#39;onstart&#39;,
            &#39;onstop&#39;,
            &#39;onsubmit&#39;,
            &#39;onunload&#39;
            );
            $ra = array_merge($ra1, $ra2);
 
            $found = true; // keep replacing as long as the previous round replaced something
            while ($found == true) {
                $val_before = $val;
                for ($i = 0; $i < sizeof($ra); $i++) {
                    $pattern = &#39;/&#39;;
                    for ($j = 0; $j < strlen($ra[$i]); $j++) {
                        if ($j > 0) {
                            $pattern .= &#39;(&#39;;
                            $pattern .= &#39;(&#[xX]0{0,8}([9ab]);)&#39;;
                            $pattern .= &#39;|&#39;;
                            $pattern .= &#39;|(&#0{0,8}([9|10|13]);)&#39;;
                            $pattern .= &#39;)*&#39;;
                        }
                        $pattern .= $ra[$i][$j];
                    }
                    $pattern .= &#39;/i&#39;;
                    $replacement = substr($ra[$i], 0, 2) . &#39;<x>&#39; . substr($ra[$i], 2); // add in <> to nerf the tag
                    $val = preg_replace($pattern, $replacement, $val); // filter out the hex tags
                    if ($val_before == $val) {
                        // no replacements were made, so exit the loop
                        $found = false;
                    }
                }
            }
            return $val;
    }
}
 
?>
声明:
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn