本文整理汇总了PHP中RemoveXSS函数的典型用法代码示例。如果您正苦于以下问题:PHP RemoveXSS函数的具体用法?PHP RemoveXSS怎么用?PHP RemoveXSS使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了RemoveXSS函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: print_r
/**
$a[0] = $_SERVER['REQUEST_URI'];
//$a[1] = '<script>alert(12313)</script>';
//$a[2] = '<script>alert(12313)</script>';
//$a[3] = '<script>alert(12313)</script>';
echo "<pre>";
echo $a[0];
print_r(DetectXSS($a));
echo "</pre>";
**/
function DetectXSS($val)
{
if (!is_array($val)) {
if (RemoveXSS($val) != $val) {
log(htmlspecialchars($val));
die('warning:found xss attack !');
}
} else {
foreach ($val as $k => $v) {
DetectXSS($v);
}
}
}
示例2: cevapOy
function cevapOy($deger, $userID, $cevapID)
{
global $yol1, $currentFile;
if (!empty($userID) && !empty($cevapID)) {
if (cevapOyVar($userID, $cevapID)) {
$sql2 = "UPDATE eo_askanswerrate \r\n\t\t\t\t\tSET degeri='{$deger}'\r\n\t\t\t\t\tWHERE userID='{$userID}' and cevapID='{$cevapID}'\t\t\t\t\t\r\n\t\t\t\t\t";
} else {
$sql2 = "INSERT INTO eo_askanswerrate \r\n\t\t\t\t\t(degeri,userID,cevapID)\r\n\t\t\t \t\tVALUES\r\n\t\t\t\t\t('{$deger}','{$userID}', '{$cevapID}')\r\n\t\t\t\t\t";
}
$result2 = mysql_query($sql2, $yol1);
if ($result2) {
echo "Oy verdiniz.";
trackUser($currentFile, "success,QuesVote", RemoveXSS($_SESSION["usern"]));
} else {
echo "Oy verilemedi!";
trackUser($currentFile, "fail,QuesVote", RemoveXSS($_SESSION["usern"]));
}
} else {
echo "Oy verilemedi!";
}
}
示例3: header
Demo Site: http://yunus.sourceforge.net/eogr
Source Track: http://eogr.googlecode.com
Support: http://www.ohloh.net/p/eogr
This project is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or any later version. See the GNU
Lesser General Public License for more details.
*/
@session_start();
header("Content-Type: text/html; charset=iso-8859-9");
require "conf.php";
checkLoginLang(true, true, "askForFriendship2.php");
$kisi = RemoveXSS($_POST["kisi"]);
$kabul = RemoveXSS($_POST["kabul"]);
/*
baglan2: parametresiz,
veritabaný baðlantýsý
*/
function baglan2()
{
global $_host;
global $_username;
global $_password;
return @mysql_connect($_host, $_username, $_password);
}
if (!baglan2()) {
die("<font id='hata'> Lüften, 'veritabanı' <a href=install.php>kurulumunu (installation)</a> yapınız!</font>");
}
$yol1 = baglan2();
示例4: elseif
} else {
@unlink((string) $MW->getConfig->generic->avatar_path . $user['id'] . '.' . $ext);
}
}
}
}
} elseif ($_POST['deleteavatar'] == 1 && preg_match("/\\d+\\.\\w+/i", $_POST['avatarfile'])) {
if (@unlink((string) $MW->getConfig->generic->avatar_path . $_POST['avatarfile'])) {
$DB->query("UPDATE account_extend SET avatar=NULL WHERE account_id=?d LIMIT 1", $user['id']);
}
}
if (isset($_POST['profile']['g_id'])) {
unset($_POST['profile']['g_id']);
}
$_POST['profile']['signature'] = htmlspecialchars($_POST['profile']['signature']);
$DB->query("UPDATE account_extend SET ?a WHERE account_id=?d LIMIT 1", RemoveXSS($_POST['profile']), $user['id']);
redirect('index.php?n=account&sub=manage', 1);
} elseif ($_GET['action'] == 'changesecretq') {
if (check_for_symbols($_POST['secreta1']) == FALSE && check_for_symbols($_POST['secreta2']) == FALSE && $_POST[secretq1] != '0' && $_POST[secretq2] != '0' && isset($_POST[secreta1]) && isset($_POST[secreta2]) && strlen($_POST[secreta1]) > 4 && strlen($_POST[secreta2]) > 4 && $_POST['secreta1'] != $_POST['secreta2'] && $_POST['secretq1'] != $_POST['secretq2']) {
$DB->query("UPDATE account_extend SET secretq1=?,secretq2=?,secreta1=?,secreta2=? WHERE account_id=?d", strip_if_magic_quotes($_POST['secretq1']), strip_if_magic_quotes($_POST['secretq2']), strip_if_magic_quotes($_POST['secreta1']), strip_if_magic_quotes($_POST['secreta2']), $user['id']);
output_message('notice', '<b>' . $lang['changed_secretq'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
} else {
output_message('alert', '<b>' . $lang['fail_change_secretq'] . '</b><meta http-equiv=refresh content="3;url=index.php?n=account&sub=manage">');
}
} elseif ($_GET['action'] == 'resetsecretq') {
if ($_POST['reset_secretq']) {
$DB->query("UPDATE account_extend SET secretq1='0',secretq2='0',secreta1='0',secreta2='0' WHERE account_id=?d", $user['id']);
output_message('notice', '<b>' . $lang['reset_succ_secretq'] . '</b><meta http-equiv=refresh content="4;url=index.php?n=account&sub=manage">');
}
} elseif ($_GET['action'] == 'change_gameplay') {
if ($_POST['switch_wow_type'] == 'wotlk') {
示例5: temizle
if (!empty($_GET['siraYap']) and $_GET["yonU"] != "dur" && $_GET['siraYap'] == "OK") {
$siraYonu = $_SESSION["siraYonu2"] == "desc" ? "asc" : "desc";
$_SESSION["siraYonu2"] = $siraYonu;
} else {
$siraYonu = $_SESSION["siraYonu2"];
}
}
$sirAlan = temizle(isset($_GET['order']) ? $_GET['order'] : "");
if ($sirAlan != "") {
$query_eoUsers = "SELECT eo_comments.id as id, eo_comments.konuID as konuID, eo_users.id as userID, eo_comments.active, eo_comments.comment, eo_comments.commentDate,eo_users.userName as userName, eo_4konu.konuAdi as konuAdi FROM eo_comments {$filtr2} ORDER BY {$sirAlan} {$siraYonu}";
} else {
$query_eoUsers = "SELECT eo_comments.id as id, eo_comments.konuID as konuID, eo_users.id as userID, eo_comments.active,eo_comments.comment, eo_comments.commentDate, eo_users.userName as userName, eo_4konu.konuAdi as konuAdi FROM eo_comments {$filtr2} ORDER BY eo_comments.commentDate DESC";
$sirAlan = "commentDate";
}
if (!empty($_GET["upd"]) and $_GET["upd"] == "1") {
$query_limit_eoUsers = "SELECT eo_comments.id as id, eo_comments.comment FROM eo_comments where id='" . RemoveXSS($_GET["id"]) . "'";
} else {
$query_limit_eoUsers = sprintf("%s LIMIT %d, %d", $query_eoUsers, $startRow_eoUsers, $maxRows_eoUsers);
}
$eoUsers = mysql_query($query_limit_eoUsers, $yol);
if (!$eoUsers) {
echo mysql_error();
}
$row_eoUsers = @mysql_fetch_assoc($eoUsers);
$totalRows_eoUsers = @mysql_num_rows($eoUsers);
if (isset($_GET['totalRows_eoUsers'])) {
$totalRows_eoUsers = $_GET['totalRows_eoUsers'];
} else {
$all_eoUsers = mysql_query($query_eoUsers);
$totalRows_eoUsers = @mysql_num_rows($all_eoUsers);
}
示例6: shoutbox
if (!$userid){
write_log("Someone is hacking shoutbox. - IP : ".getip(),'mod');
die($lang_shoutbox['text_no_permission_to_shoutbox']);
}
if ($_GET["toguest"]){
$type ='hb';
}else{
if(strpos($text,"@游客") > 0)
$type = 'hb';
else
$type = 'sb';
}
}
$date=sqlesc(time());
sql_query("INSERT INTO shoutbox (userid, date, text, type, ip) VALUES (" . sqlesc($userid) . ", $date, " . sqlesc(RemoveXSS($text)) . ", ".sqlesc($type).", ".sqlesc(getip()).")") or sqlerr(__FILE__, __LINE__);
file_put_contents("shoutbox_new.html",mysql_insert_id());
if ($memcache->get('robotname') == ''){
$robotname = sql_query("SELECT username from users where id=11") or sqlerr(__FILE__,__LINE__);
$robotname = mysql_fetch_array($robotname);
$memcache->set('robotname',$robotname[0],false,3600*24*7);
}
else
$robot = $memcache->get('robotname');
if (!$memcache->get('app_shoutbox_shoutup'))
{
if(preg_match( "/\[\@$robot\](.*?)(开奖|中奖|彩票)/",$text))
sendshoutbox("[@$CURUSER[username]]:最近一期的彩票是第".($memcache->get('drawid'))."期,中奖号码。。忘记了。。。[url=/lottery.php?action=drawlog]here,here~[/url]","","",$date+5);
elseif(preg_match( "/\[\@$robot\](.*?)(不|别|没|无|非)/",$text))
//sendshoutbox("[@$CURUSER[username]]:我不认识否定词哎,不明白你说的啥意思,不过我的意思是你说的话的意思可能不是本来的意思。要是一直没人喂我的话我就要自己去偷麦粒了(。·`ω´·)[url=steal.php]你偷过麦粒么[/url] ","","",$date+5);
示例7: begin_main_frame
begin_main_frame();
insert_compose_frame($postid, 'edit');
end_main_frame();
stdfoot();
die;
}
//-------- Action: Post
if ($action == "post") {
if ($CURUSER["forumpost"] == 'no') {
stderr($lang_forums['std_sorry'], $lang_forums['std_unauthorized_to_post'], false);
die;
}
$id = $_POST["id"];
$type = $_POST["type"];
$subject = RemoveXSS($_POST["subject"]);
$body = RemoveXSS(trim($_POST["body"]));
$onlyauthor = $_POST["onlyauthor"] + 0;
$hassubject = false;
switch ($type) {
case 'new':
check_whether_exist($id, 'forum');
$forumid = $id;
$hassubject = true;
break;
case 'reply':
check_whether_exist($id, 'topic');
$topicid = $id;
$forumid = get_single_value("topics", "forumid", "WHERE id=" . sqlesc($topicid));
break;
case 'quote':
check_whether_exist($id, 'topic');
示例8: stripslashes
//Vars
require_once '../include/functions.inc.php';
require_once '../include/globalvar.inc.php';
require_once '../include/dbinfo.inc.php';
require_once '../include/loginstate.inc.php';
$tid = $_POST['TopicID'];
//send comment
if (isset($name)) {
$content = $_POST['content'];
if (get_magic_quotes_gpc()) {
$name = stripslashes($name);
$tid = stripslashes($tid);
$content = stripslashes($content);
}
//$content= SafeHTML(UBB2HTML($content));
$content = RemoveXSS(UBB2HTML(strip_tags($content)));
$name = $pdo->quote($name);
$tid = $pdo->quote($tid);
$content = $pdo->quote($content);
$sql = $pdo->prepare("insert into tb_reply(TopicID,Name,content,Time,ip)\n\t\t\t\t\t\tvalues({$tid},{$name},{$content},now(),'127.0.0.1')");
if (!$sql->execute()) {
$pmstate = "0";
} else {
$sql = $pdo->prepare("UPDATE `{$DB_NAME}`.`tb_topic` SET `Lastreply_Time` = now(), `Lastreply_Name`= {$name}, `ReplyCount` = `ReplyCount`+1 WHERE `tb_topic`.`TopicID` = {$tid}");
$sql->execute();
$pmstate = "1";
}
}
echo $pmstate;
if ($hadLogin) {
echo "<script language='javascript'>\n";
示例9: doPost
/**
* 执行发布帖子
*/
public function doPost()
{
//检测用户是否被禁言
if ($isDisabled = model('DisableUser')->isDisableUser($this->mid, 'post')) {
return array('status' => 0, 'msg' => '您已经被禁言了');
}
if ($_GET['post_type'] == 'index') {
$type = false;
} else {
$type = true;
}
$weibaid = intval($_POST['weiba_id']);
if (!CheckPermission('weiba_normal', 'weiba_post')) {
$this->error('对不起,您没有权限进行该操作!', $type);
}
$is_lock = M('weiba_blacklist')->where('weiba_id=' . $weibaid . ' and uid=' . $this->mid)->find();
if ($is_lock) {
$this->error('您是黑名单用户没有发帖权限', $type);
}
$weibaid = intval($_POST['weiba_id']);
if (!$weibaid) {
$this->error('请选择微吧,等待返回选择微吧', $type);
}
$weiba = D('weiba')->where('weiba_id=' . $weibaid)->find();
//黑名单功能添加
if (!CheckPermission('core_admin', 'admin_login')) {
switch ($weiba['who_can_post']) {
case 1:
$map['weiba_id'] = $weibaid;
$map['follower_uid'] = $this->mid;
$res = D('weiba_follow')->where($map)->find();
if (!$res && !CheckPermission('core_admin', 'admin_login')) {
$this->error('对不起,您没有发帖权限,请关注该微吧!', $type);
}
break;
case 2:
$map['weiba_id'] = $weibaid;
$map['level'] = array('in', '2,3');
$weiba_admin = D('weiba_follow')->where($map)->order('level desc')->field('follower_uid')->findAll();
if (!in_array($this->mid, getSubByKey($weiba_admin, 'follower_uid')) && !CheckPermission('core_admin', 'admin_login')) {
$this->error('对不起,您没有发帖权限,仅限该吧管理员发帖!', $type);
}
break;
case 3:
$map['weiba_id'] = $weibaid;
$map['level'] = 3;
$weiba_admin = D('weiba_follow')->where($map)->order('level desc')->field('follower_uid')->find();
if ($this->mid != $weiba_admin['follower_uid'] && !CheckPermission('core_admin', 'admin_login')) {
$this->error('对不起,您没有发帖权限,仅限该吧吧主发帖!', $type);
}
break;
}
}
$checkContent = str_replace(' ', '', $_POST['content']);
$checkContent = str_replace('<br />', '', $checkContent);
$checkContent = str_replace('<p>', '', $checkContent);
$checkContent = str_replace('</p>', '', $checkContent);
$checkContents = preg_replace('/<img(.*?)src=/i', 'img', $checkContent);
$checkContents = preg_replace('/<embed(.*?)src=/i', 'img', $checkContents);
$checkContents = RemoveXSS($checkContents);
if (strlen(t($_POST['title'])) == 0) {
$this->error('帖子标题不能为空,等待返回添加标题', $type);
}
if (strlen(t($checkContents)) == 0) {
$this->error('帖子内容不能为空,等待返回添加内容', $type);
}
preg_match_all('/./us', t($_POST['title']), $match);
if (count($match[0]) > 25) {
//汉字和字母都为一个字
$this->error('帖子标题不能超过25个字,等待返回修改标题', $type);
}
/* # 帖子内容 */
$content = h($_POST['content']);
if (get_str_length($content) >= 20000) {
$this->error('帖子内容过长!无法发布!');
}
unset($content);
if ($_POST['attach_ids']) {
$attach = explode('|', $_POST['attach_ids']);
foreach ($attach as $k => $a) {
if (!$a) {
unset($attach[$k]);
}
}
$attach = array_map('intval', $attach);
$data['attach'] = serialize($attach);
}
$data['weiba_id'] = $weibaid;
$data['title'] = t($_POST['title']);
$data['content'] = h($_POST['content']);
$data['post_uid'] = $this->mid;
$data['post_time'] = time();
$data['last_reply_uid'] = $this->mid;
$data['last_reply_time'] = $data['post_time'];
$data['feed_id'] = 0;
/* # 格式化emoji */
$data['title'] = formatEmoji(true, $data['title']);
//.........这里部分代码省略.........
示例10: RemoveXSS
<td align="right" nowrap="nowrap"><?php
echo $metin[26];
?>
:</td>
<td><?php
echo $row_eoUsers['id'];
?>
</td>
</tr>
<tr valign="baseline">
<td align="right" nowrap="nowrap"><label for="wall"> <?php
echo $metin[597];
?>
:</label></td>
<td bgcolor="#CCFFFF"><textarea name="wall" id="wall" cols="60" rows="8"><?php
echo RemoveXSS($row_eoUsers['duvarYazisi']);
?>
</textarea></td>
</tr>
<tr valign="baseline">
<td colspan="2" align="center" bgcolor="#CCFFFF" class="tabloAlt"><input type="submit" value="<?php
echo $metin[25];
?>
" />
<input name="geri" type="button" id="geri" onclick="location.href = "dataFriendActions.php";" value="<?php
echo $metin[28];
?>
" /></td>
</tr>
</table>
<input type="hidden" name="MM_update" value="form3" />
示例11: foreach
}
foreach ($_GET as $key => $value) {
$_GET[$key] = RemoveXSS($value);
}
foreach ($_POST as $key => $value) {
$_POST[$key] = RemoveXSS($value);
}
$typeid = 5;
//景点栏目
require_once SLINEINC . "/listview.class.php";
if (isset($pageno)) {
$pageno = intval(preg_replace("/[^\\d]/", '', $pageno));
}
//当前页
///没有设置,则默认为全部
$dest_id = RemoveXSS($dest_id);
//防止跨站攻击
$attrid = $attrid ? $attrid : 0;
//防止跨站攻击
$priceid = $priceid ? $priceid : 0;
$sorttype = $sorttype ? $sorttype : 0;
//这里增加子站判断
if ($GLOBALS['sys_child_webid'] != 0 && empty($dest_id)) {
$dest_id = $GLOBALS['sys_child_webid'];
}
if (!is_numeric($dest_id)) {
if ($dest_id != 'all') {
$d_id = Helper_Archive::getDestIdByPinYin($dest_id);
$dest_id = !empty($d_id) ? $d_id : $dest_id;
} else {
$dest_id = 0;
示例12: temizle
$siraYonu = $_SESSION["siraYonu2"] == "desc" ? "asc" : "desc";
$_SESSION["siraYonu2"] = $siraYonu;
} else {
$siraYonu = $_SESSION["siraYonu2"];
}
}
$sirAlan = temizle(isset($_GET['order']) ? $_GET['order'] : "");
if ($sirAlan != "") {
$query_eoUsers = "SELECT * FROM eo_shoutbox {$filtr2} ORDER BY {$sirAlan} {$siraYonu}";
} else {
$query_eoUsers = "SELECT * FROM eo_shoutbox {$filtr2} ORDER BY date DESC";
$sirAlan = "date";
}
//echo $query_eoUsers ;
if (!empty($_GET["upd"]) and $_GET["upd"] == "1") {
$query_limit_eoUsers = "SELECT * FROM eo_shoutbox where messageid='" . RemoveXSS($_GET["messageid"]) . "'";
} else {
$query_limit_eoUsers = sprintf("%s LIMIT %d, %d", $query_eoUsers, $startRow_eoUsers, $maxRows_eoUsers);
}
$eoUsers = mysql_query($query_limit_eoUsers, $yol) or die(mysql_error());
$row_eoUsers = mysql_fetch_assoc($eoUsers);
$totalRows_eoUsers = mysql_num_rows($eoUsers);
if (isset($_GET['totalRows_eoUsers'])) {
$totalRows_eoUsers = $_GET['totalRows_eoUsers'];
} else {
$all_eoUsers = mysql_query($query_eoUsers);
$totalRows_eoUsers = mysql_num_rows($all_eoUsers);
}
$totalPages_eoUsers = ceil($totalRows_eoUsers / $maxRows_eoUsers) - 1;
$queryString_eoUsers = "";
if (!empty($_SERVER['QUERY_STRING'])) {
示例13: RemoveXSS
</div>
<form name='register' id='register' method='get' action='contact_us_exe.php' class='form' style='margin-left:50px;'>
<?if (strlen($_GET["missing_info"]) > 0) {?>
<p><font color=#FF0000>Required information is missing</font></p>
<div align="left">
<?}?>
<?if (strlen($_GET["email_problem"]) > 0) {?>
</div>
<p align="left"><font color=#FF0000>The email address entered appears to be invalid</font></p>
<p>
<?}?>
</p>
<textarea name='comments' rows='8' cols='50'><?php
echo RemoveXSS($_GET["comments"]);
?>
</textarea>
<p align="left"> </p>
<div align="left">
<table width="370" border="0" align="left" cellpadding="2">
<tr>
<td width="77" align="left" class="labelset"><div align="left"><span class="asterix">*</span>Name:</div></td>
<td width="279"><input type='text' name='fullname' value="<?php
echo formFieldSafe($_GET["fullname"]);
?>
" class='field' style='width:250px;'></td>
</tr>
<tr>
<td align="left" class="labelset"><div align="left"><span class="asterix">*</span>Email:</div></td>
示例14: sonBilgileriGetir
echo $metin[478] . "<p class='ozetBilgi'>" . $bilg_6 . "</p>";
}
$bilg_7 = sonBilgileriGetir("soru", $geceliKullID);
if (!empty($bilg_7)) {
echo $metin[644] . "<p class='ozetBilgi'>" . $bilg_7 . "</p>";
}
if (empty($bilg_1) and empty($bilg_2) and empty($bilg_3) and empty($bilg_4) and empty($bilg_6) and empty($bilg_7)) {
echo "<font id='uyari'>{$metin['586']}</font>";
}
?>
</div>
<div id="tab3" class="tabContent">
<?php
//ARKADAS
if (isset($_SESSION["seciliArkadas"])) {
$seciliKisi = RemoveXSS($_SESSION["seciliArkadas"]);
} else {
$seciliKisi = "";
}
if ($seciliKisi != "" and getUserName($seciliKisi) != "-") {
echo "<p>{$metin['584']} : <strong><a href='profil.php?kim=" . $seciliKisi . "' rel='facebox'>" . getUserName($seciliKisi) . "</a></strong></p>";
$bil_1 = sonBilgileriGetir("sohbet", $seciliKisi);
if (!empty($bil_1)) {
echo $metin[474] . "<p class='ozetBilgi'>" . $bil_1 . "</p>";
}
$bil_2 = sonBilgileriGetir("yorum", $seciliKisi);
if (!empty($bil_2)) {
echo $metin[475] . "<p class='ozetBilgi'>" . $bil_2 . "</p>";
}
$bil_3 = sonBilgileriGetir("oy", $seciliKisi);
if (!empty($bil_3)) {
示例15: cevapSil
function cevapSil($cevapID, $userID)
{
global $yol1, $tur, $currentFile;
if (!empty($userID) && !empty($cevapID)) {
if ($tur == "2" or cevapSahibi($cevapID) == $userID) {
$sql2 = "DELETE FROM eo_askanswerrate \r\n\t\t\t\t\t WHERE cevapID = {$cevapID}";
$result2 = mysql_query($sql2, $yol1);
$sql2 = "DELETE FROM eo_askanswer \r\n\t\t\t\t\t WHERE id = {$cevapID}";
$result2 = mysql_query($sql2, $yol1);
if ($result2) {
echo "Cevap ve oylar silindi.";
trackUser($currentFile, "success,DelAnsw", RemoveXSS($_SESSION["usern"]));
} else {
echo "Cevap ve oylar silinemedi!";
trackUser($currentFile, "fail,DelAnsw", RemoveXSS($_SESSION["usern"]));
}
}
} else {
echo "Cevap ve oylar silinemiyor!";
}
}