AI闂備浇顕х换鎰崲閹邦喗宕叉俊銈勮兌椤╃兘鏌ㄩ悤鍌涘 闂傚倷鑳堕崢褔鎮块崶顬盯宕熼姘辨焾闂佸湱鍋撳ḿ娆擃敋鏉堛劍鍙忔俊顖氭健閸濇椽鏌¢崱顓熷
闂傚倷鑳剁涵鍫曞疾濠靛绐楅幖娣妼缁犳牠鏌ㄩ悤鍌涘
闂傚倷娴囬~澶嬬娴犲绀夐煫鍥ㄦ尵閺嗭箓鏌ㄩ悤鍌涘
PHP技巧:过滤在线编辑器产生的不安全html代码_PHP教程
教程Tag:暂无Tag,欢迎添加,赚取U币!
缂傚倸鍊搁崐椋庣矆娴h娲晝閸屾氨鍔电紓浣插亾闁硅京顒CMS闂備浇宕甸崰鎰版偡閵夈儙娑樷攽鐎c劉鍋撻崒鐐查唶闁哄洨鍋為悗顒€鈹戦悙鍙夘棡闁搞劎鍠栧濠氭晸閿燂拷婵犵數鍋為崹璺侯潖鐟欏嫮鐝堕柛鈩冪☉閻撴﹢鏌″搴″箺闁抽攱甯¢弻銊╂偆閸屾稑顏� 缂傚倸鍊风粈渚€藝闁秴绐楅柟閭﹀墾閼板潡鏌涢妷顔煎缂佲偓婢舵劖鐓冮柕澶堝妽閻濐亪鏌e┑鎾村 闂傚倸鍊风欢锟犲磻閸曨垁鍥ㄦ綇閳哄啰顦繝銏f硾閺堫剟宕楀⿰鍫熺厸闁搞儯鍔嶉惃鎴︽⒒婢跺﹦效闁哄被鍊栧ḿ蹇涘Ω閿旂粯顥涚紓鍌欑劍閸炲骞忛敓锟� 闂傚倷绀侀幖顐﹀疮閻楀牊鍙忛柟缁㈠枛濡炰粙鏌″搴′簽闁告纰嶇换娑㈠幢濡闉嶅┑顕嗙稻閸旀鍩€椤掑喚娼愰柟顔肩埣瀹曟洟鏌嗗鍛厬闂佽法鍣﹂幏锟�,闂傚倷娴囬惃顐﹀礋椤愩垹袘闂佽姘﹂~澶嬬箾婵犲偆鍤曢柛顐f礀缁€鍐┿亜閺傚灝鎮戞い蹇曞枑缁绘盯骞嬮悙鏉戠殤闂佺ǹ顑嗛幑鍥ь潖閸濆嫧鏋庨柟顖嗗嫮浜梻浣告啞閻熴儳鎹㈠Ο渚殨濠电姵纰嶉弲鎼佹煥閻曞倹瀚�!
推荐:浅析FCKeditor 的配置和使用方法
FCKeditor 是一个十分强大的网页文本编辑器,它支持多种脚本编程语言(包括 PHP)和支持多国语言。 FCKeditor 截至 2008年4月6日,其最新版本是 2.6RC,RC 就是 Release Candidate,修订后的候选版本,很可能作为该版本的稳定版在未来发布。目前的最新的稳定版
<?php
/**
* 过滤在线编辑器产生的不安全html代码.
*
* PHP versions 4 and 5
*
* @copyright 版权所无,任意传播.
* @link http://www.52sunny.net
* @name html过滤
* @version v 0.0.10
* @author Lucklrj (sunny_lrj@yeah.net,qq:7691272)
* @lastmodified 2006-06-09 10:42 (Tue, 2006-06-09)
* @notice 此版本只过滤js,框架,表单。
作者能力有限,使用本程序若产生任何安全问题,与本人无关。
欢迎来信与我交流。
*/ str="<tr><td bgcolor='#FFFFFF'>
<div style='url(123.offsetWidth)>";
//str="url(javascript:x)";
/*不需要过滤的数组*/
htm_on=array(
"<acronym","acronym>",
"<baseFont","baseFont>",
"<button","button>",
"<caption","caption>",
"<clientInformation","clientInformation>",
"<font","font>",
"<implementation","implementation>",
"<button","button>",
"<location","location>",
"<option","option>",
"<selection","selection>",
"<strong","strong>");
htm_on_uper=array(
"<ACRONYM","ACRONYM>",
"<BASEFONT","BASEFONT>",
"<BUTTON","BUTTON>",
"<CAPTION","CAPTION>",
"<CLIENTINFORMATION","CLIENTINFORMATION>",
"<FONT","FONT>",
"<IMPLEMENTATION","IMPLEMENTATION>",
"<BUTTON","BUTTON>",
"<LOCATION","LOCATION>",
"<OPTION","OPTION>",
"<SELECTION","SELECTION>",
"<STRONG","STRONG>");
/*字符格式*/
str=strtolower(str);
str=preg_replace("/s+/", " ", str);//过滤回车
str=preg_replace("/ +/", " ", str);//过滤多个空格
/*过滤/替换几种形式的js*/
str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",str);//删除<script>。。。</script>格式,
//str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","<\1>\2<\3>",str);//替换为可以显示的,
str=preg_replace("/<(script.*?)>/si","",str);//删除<script>未封闭
//str=preg_replace("/<(script.*?)>/si","<\1>",str);//替换未封闭
/*删除/替换表单*/
str=preg_replace("/<(/?form.*?)>/si","",str);//删除表单
//str=preg_replace("/<(/?form.*?)>/si","<\1>",str);//替换表单
str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","",str);//删除框架
//str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","<\1>\2<\3>",str);//替换框架
/*过滤on事件*/
str=preg_replace("/href=(.+?)(["|'| |>])/ie","'href='.strtoupper('\1').'\2'",str);//把href=涉及到的on转换为大写。
str=str_replace(htm_on,htm_on_uper,str);//把<font,font>换为大写,dhtml标签字符,正则判断太烦琐,采用转换办法。
str=preg_replace("/(on[^ .<>]+?)([ |>])/s","\2",str);//取掉on事件
/*过滤超级连接的js*/
str=preg_replace("/(href|src|background|url|dynsrc|expression|codebase)[=:(]([ "']*?w+..*?|javascript|vbscript:[^>]*?)()?)([ >/])/si","\1='#' \3\4",str);//取掉href=javascript:
//返回小写字符
str=strtolower(str);
str=str_replace("&","&",str);
echo str;
?>
/**
* 过滤在线编辑器产生的不安全html代码.
*
* PHP versions 4 and 5
*
* @copyright 版权所无,任意传播.
* @link http://www.52sunny.net
* @name html过滤
* @version v 0.0.10
* @author Lucklrj (sunny_lrj@yeah.net,qq:7691272)
* @lastmodified 2006-06-09 10:42 (Tue, 2006-06-09)
* @notice 此版本只过滤js,框架,表单。
作者能力有限,使用本程序若产生任何安全问题,与本人无关。
欢迎来信与我交流。
*/ str="<tr><td bgcolor='#FFFFFF'>
<div style='url(123.offsetWidth)>";
//str="url(javascript:x)";
/*不需要过滤的数组*/
htm_on=array(
"<acronym","acronym>",
"<baseFont","baseFont>",
"<button","button>",
"<caption","caption>",
"<clientInformation","clientInformation>",
"<font","font>",
"<implementation","implementation>",
"<button","button>",
"<location","location>",
"<option","option>",
"<selection","selection>",
"<strong","strong>");
htm_on_uper=array(
"<ACRONYM","ACRONYM>",
"<BASEFONT","BASEFONT>",
"<BUTTON","BUTTON>",
"<CAPTION","CAPTION>",
"<CLIENTINFORMATION","CLIENTINFORMATION>",
"<FONT","FONT>",
"<IMPLEMENTATION","IMPLEMENTATION>",
"<BUTTON","BUTTON>",
"<LOCATION","LOCATION>",
"<OPTION","OPTION>",
"<SELECTION","SELECTION>",
"<STRONG","STRONG>");
/*字符格式*/
str=strtolower(str);
str=preg_replace("/s+/", " ", str);//过滤回车
str=preg_replace("/ +/", " ", str);//过滤多个空格
/*过滤/替换几种形式的js*/
str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","",str);//删除<script>。。。</script>格式,
//str=preg_replace("/<(script.*?)>(.*?)<(/script.*?)>/si","<\1>\2<\3>",str);//替换为可以显示的,
str=preg_replace("/<(script.*?)>/si","",str);//删除<script>未封闭
//str=preg_replace("/<(script.*?)>/si","<\1>",str);//替换未封闭
/*删除/替换表单*/
str=preg_replace("/<(/?form.*?)>/si","",str);//删除表单
//str=preg_replace("/<(/?form.*?)>/si","<\1>",str);//替换表单
str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","",str);//删除框架
//str=preg_replace("/<(i?frame.*?)>(.*?)<(/i?frame.*?)>/si","<\1>\2<\3>",str);//替换框架
/*过滤on事件*/
str=preg_replace("/href=(.+?)(["|'| |>])/ie","'href='.strtoupper('\1').'\2'",str);//把href=涉及到的on转换为大写。
str=str_replace(htm_on,htm_on_uper,str);//把<font,font>换为大写,dhtml标签字符,正则判断太烦琐,采用转换办法。
str=preg_replace("/(on[^ .<>]+?)([ |>])/s","\2",str);//取掉on事件
/*过滤超级连接的js*/
str=preg_replace("/(href|src|background|url|dynsrc|expression|codebase)[=:(]([ "']*?w+..*?|javascript|vbscript:[^>]*?)()?)([ >/])/si","\1='#' \3\4",str);//取掉href=javascript:
//返回小写字符
str=strtolower(str);
str=str_replace("&","&",str);
echo str;
?>
分享:解析PHP中多张图片上传并校验的实现
单张的图片上传是不复杂的,这里涉及到多张图片上传和对图片格式的校验,保证上传的一定是图片,防止上传其他文件到服务器。 基本实现算法是使用数组的形式,把所有的图片提交个一个数组,对数组的元素进行一个个的处理。 ?php /***************************
相关PHP教程:
- 相关链接:
- 教程说明:
PHP教程-PHP技巧:过滤在线编辑器产生的不安全html代码
。