本文整理汇总了PHP中check_xss函数的典型用法代码示例。如果您正苦于以下问题:PHP check_xss函数的具体用法?PHP check_xss怎么用?PHP check_xss使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了check_xss函数的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: search_vuln
function search_vuln($scanID)
{
$pScanID = $scanID;
// echo $pScanID.'<br>';
if ($userid = get_userid()) {
// echo $userid . '<br>';
} else {
die;
}
$query = "SELECT Vuln.IP_URL,Plugin.Name,Vuln.Vuln_Info,Vuln.Level FROM Plugin,Scan,Vuln WHERE Vuln.Scan_ID=Scan.ID AND Vuln.Plugin_ID=Plugin.ID AND Scan.ID={$scanID} AND Scan.User_ID='{$userid}' ORDER BY Vuln.IP_URL,Vuln.Level,Vuln.ID";
// echo $query.'<br>';
$ret = array();
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
// var_dump($row);
foreach ($row as $key => $value) {
// echo $key.' => '.$value;
$row[$key] = check_xss($value);
}
$ipurl = $row[0];
$ret[$ipurl][] = array_slice($row, 1);
}
// var_dump($ret);
return $ret;
}
示例2: StopAttack
function StopAttack($StrFiltKey, $StrFiltValue, $ArrFiltReq)
{
if (is_array($StrFiltValue)) {
$StrFiltValue = implode($StrFiltValue);
}
if (preg_match("/" . $ArrFiltReq . "/is", $StrFiltValue) == 1 || check_xss($StrFiltValue)) {
//slog("<br><br>操作IP: ".$_SERVER["REMOTE_ADDR"]."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>操作页面:".$_SERVER["PHP_SELF"]."<br>提交方式: ".$_SERVER["REQUEST_METHOD"]."<br>提交参数: ".$StrFiltKey."<br>提交数据: ".$StrFiltValue);
error_log("操作IP: " . $_SERVER["REMOTE_ADDR"] . ",操作时间: " . strftime("%Y-%m-%d %H:%M:%S") . ",操作页面:" . $_SERVER["PHP_SELF"] . ",提交方式: " . $_SERVER["REQUEST_METHOD"] . ",提交参数: " . $StrFiltKey . ",提交数据: " . $StrFiltValue . "\n", 3, $_SERVER['DOCUMENT_ROOT'] . "/log/360safe-" . date("Y-m-d", time()) . ".log");
print "notice:Illegal operation!";
exit;
}
}
示例3: get_code
function get_code($name = '', $id = 1)
{
// $pName = check_sql($name);
$query = "SELECT Code FROM Plugin WHERE Name='{$name}'";
// print($query.'<br>');
// $ret = array('data' => array(), );
$result = mysql_query($query);
if ($row = mysql_fetch_row($result)) {
// $code = check_xss($row[0]);
$code = $row[0];
// print $code.'<br>';
return check_xss($code);
}
}
示例4: search_dist
function search_dist($status, $os, $mac, $distid = 0)
{
// $pKeyword = check_sql($keyword);
$pStatus = $status;
$pOS = $os;
$pMAC = $mac;
$pId = $distid;
$time = time();
$ip = $_SERVER["REMOTE_ADDR"];
if ($userid = get_userid()) {
// echo $userid . '<br>';
} else {
die;
}
// echo $userid . '<br>';
// echo $time . '<br>';
// if Last_Time bigger than now time too much, such as 1 min, then set online status off
$query = "UPDATE Dispatcher SET Status=0 WHERE {$time}-Last_Time>60";
$result = mysql_query($query);
// then select information
$query = "SELECT Dispatcher.ID,Dispatcher.OS,Dispatcher.MAC,Dispatcher.IP,Dispatcher.Last_Time,Dispatcher.Status,User.Name FROM Dispatcher,User WHERE Dispatcher.User_ID=User.ID AND Dispatcher.User_ID='{$userid}'";
if (is_int($pStatus) and $pStatus >= 0 and $pStatus < 2) {
$query .= " AND Dispatcher.Status='{$pStatus}'";
}
if ($pOS) {
$query .= " AND Dispatcher.OS like'%{$pOS}%'";
}
if ($pMAC) {
$query .= " AND Dispatcher.MAC='{$pMAC}'";
}
if (is_int($pId) and $pId > 0) {
$query .= " AND Dispatcher.ID={$pId}";
}
// echo $query.'<br>';
$ret = array('data' => array());
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
// var_dump($row);
foreach ($row as $key => $value) {
// echo $key.' => '.$value;
$row[$key] = check_xss($value);
}
$ret['data'][] = $row;
// var_dump($row);
}
return $ret;
}
示例5: search_config
function search_config($s)
{
$name = check_sql($name);
$userId = $_SESSION['userID'];
$query = "SELECT Config.Name,Config.Description FROM Config,User WHERE Config.User_ID=User.ID AND Config.Name like '%{$name}%'";
// echo $query.'<br>';
$ret = array();
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
foreach ($row as $key => $value) {
$row[$key] = check_xss($value);
}
$ret[] = $row;
// var_dump($row);
}
return $ret;
}
示例6: search_task
function search_task($level, $keyword = '', $taskid = 0)
{
// $pKeyword = check_sql($keyword);
$pLevel = $level;
// echo $pLevel.'<br>';
$pKeyword = $keyword;
$pId = $taskid;
if ($userid = get_userid()) {
// echo $userid . '<br>';
} else {
die;
}
// echo $userid . '<br>';
// print $pLevel.$pKeyword;
$query = "SELECT Task.ID,Task.Target,Task.Start_Time,Task.End_Time,Task.Arguments,Task.Status,User.Name,CONCAT(Dispatcher.ID,':',Dispatcher.MAC,':',Dispatcher.OS,':',Dispatcher.IP) \n\t\t\tFROM Task\n\t\t\tINNER JOIN User ON Task.User_ID=User.ID\n\t\t\tLEFT JOIN Dispatcher ON Dispatcher.ID=Task.Dispatcher_ID \n\t\t\tWHERE Task.User_ID='{$userid}'";
if (is_int($pLevel) and $pLevel > 0 and $pLevel < 4) {
$pLevel = $pLevel == 1 ? 'done' : ($pLevel == 2 ? 'running' : ($pLevel == 3 ? 'waiting' : 'others'));
$query .= " AND Task.Status='{$pLevel}'";
}
if ($pKeyword != '') {
$query .= " AND Task.Target LIKE '%{$pKeyword}%'";
}
if (is_int($pId) and $pId > 0) {
$query .= " AND Task.ID={$pId}";
}
// echo $query.'<br>';
$ret = array('data' => array());
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
// var_dump($row);
foreach ($row as $key => $value) {
// echo $key.' => '.$value;
$row[$key] = check_xss($value);
}
$ret['data'][] = $row;
// var_dump($row);
}
return $ret;
}
示例7: get_code
function get_code($id = 0, $name = '')
{
$pID = intval($id);
$pName = check_sql($name);
$query = "SELECT ID,Name,Type,Author,Time,Version,Web,Description,Code FROM Plugin";
if (is_int($pID) and $pID > 0) {
$query .= " WHERE ID={$pID}";
} elseif ($pName != '') {
$query .= " WHERE Name={$pName}";
}
// print($query.'<br>');
// $ret = array('data' => array(), );
$result = mysql_query($query);
if ($row = mysql_fetch_row($result)) {
foreach ($row as $key => $value) {
// echo $key.' => '.$value;
$row[$key] = check_xss($value);
}
$ret['data'][] = $row;
return $ret;
}
}
示例8: search_scan
function search_scan($level, $keyword = '', $scanid = 0)
{
// $pKeyword = check_sql($keyword);
$pLevel = $level;
$pKeyword = $keyword;
$pId = $scanid;
if ($userid = get_userid()) {
// echo $userid . '<br>';
} else {
die;
}
// echo $userid . '<br>';
// print $pLevel.$pKeyword;
$query = "SELECT Scan.ID,Scan.Url,Scan.Start_Time,Scan.End_Time,Scan.Level,Scan.Arguments,User.Name FROM Scan,User WHERE Scan.User_ID=User.ID AND Scan.User_ID='{$userid}'";
if (is_int($pLevel) and $pLevel > 0 and $pLevel < 5) {
$query .= " AND Scan.Level={$pLevel}";
}
if ($pKeyword != '') {
$query .= " AND Scan.Url LIKE '%{$pKeyword}%'";
}
if (is_int($pId) and $pId > 0) {
$query .= " AND Scan.ID={$pId}";
}
// echo $query.'<br>';
$ret = array('data' => array());
$result = mysql_query($query);
while ($row = mysql_fetch_row($result)) {
// var_dump($row);
foreach ($row as $key => $value) {
// echo $key.' => '.$value;
$row[$key] = check_xss($value);
}
$ret['data'][] = $row;
// var_dump($row);
}
return $ret;
}
示例9: explode
@ini_set('error_reporting', E_ALL ^ E_WARNING ^ E_NOTICE);
include ENGINE_DIR . '/data/config.php';
if ($config['http_home_url'] == "") {
$config['http_home_url'] = explode("engine/print.php", $_SERVER['PHP_SELF']);
$config['http_home_url'] = reset($config['http_home_url']);
$config['http_home_url'] = "http://" . $_SERVER['HTTP_HOST'] . $config['http_home_url'];
}
require_once ENGINE_DIR . '/classes/mysql.php';
include_once ENGINE_DIR . '/data/dbconfig.php';
include_once ENGINE_DIR . '/modules/functions.php';
require_once ENGINE_DIR . '/classes/templates.class.php';
dle_session();
if ($config['site_offline'] == "yes") {
die("The site in offline mode");
}
check_xss();
$_TIME = time() + $config['date_adjust'] * 60;
if (isset($_COOKIE['dle_skin'])) {
$_COOKIE['dle_skin'] = trim(totranslit($_COOKIE['dle_skin'], false, false));
if ($_COOKIE['dle_skin'] != '' and @is_dir(ROOT_DIR . '/templates/' . $_COOKIE['dle_skin'])) {
$config['skin'] = $_COOKIE['dle_skin'];
}
}
if ($config["lang_" . $config['skin']]) {
if (file_exists(ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng')) {
include_once ROOT_DIR . '/language/' . $config["lang_" . $config['skin']] . '/website.lng';
} else {
die("Language file not found");
}
} else {
include_once ROOT_DIR . '/language/' . $config['langs'] . '/website.lng';
示例10: print_import
print_import();
}elseif ($_REQUEST['doim']){
check_xss();do_import();
}elseif ($_REQUEST['dosht']){
check_xss();do_sht();
}elseif (!$_REQUEST['refresh'] || preg_match('/^select|show|explain|desc/i',$SQLq) ){
if ($SQLq)check_xss();
do_sql($SQLq);#perform non-select SQL only if not refresh (to avoid dangerous delete/drop)
}
}else{
if ( $_REQUEST['refresh'] ){
check_xss();do_sql($SHOW_D);
}elseif ($_REQUEST['crdb']){
check_xss();do_sql('CREATE DATABASE `'.$_REQUEST['new_db'].'`');do_sql($SHOW_D);
}elseif ( preg_match('/^(?:show\s+(?:databases|status|variables|process)|create\s+database|grant\s+)/i',$SQLq) ){
check_xss();do_sql($SQLq);
}else{
$err_msg="Select Database first";
if (!$SQLq) do_sql($SHOW_D);
}
}
}
$time_all=ceil((microtime_float()-$time_start)*10000)/10000;
print_screen();
}else{
print_cfg();
}
function do_sql($q){
global $dbh,$last_sth,$last_sql,$reccount,$out_message,$SQLq,$SHOW_T;