 | uchome得到:
1. if($_SERVER['REQUEST_URI']) {
2. $temp = urldecode($_SERVER['REQUEST_URI']);
3. if(strexists($temp, '<') || strexists($temp, '"')) {
4. $_GET = shtmlspecialchars($_GET);//XSS
5. }
6. }
1. //取消HTML代码
2. function shtmlspecialchars($string) {
3. if(is_array($string)) {
4. foreach($string as $key => $val) {
5. $string[$key] = shtmlspecialchars($val);
6. }
7. } else {
8. $string = preg_replace('/;((#(\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', ';\\1',
9. str_replace(array(';', '"', '<', '>'), array(';', '"', '<', '>'), $string));
10. }
11. return $string;
12. }
| |
