本文整理汇总了PHP中remove_xss函数的典型用法代码示例。如果您正苦于以下问题:PHP remove_xss函数的具体用法?PHP remove_xss怎么用?PHP remove_xss使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了remove_xss函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: handleSave
function handleSave($populate = true)
{
if ($populate) {
$this->_populateFromRequest();
if (isset($_REQUEST['subpanel_title']) && isset($_REQUEST['subpanel_title_key'])) {
$authenticatedUserLanguage = !empty($_SESSION['authenticated_user_language']) ? $_SESSION['authenticated_user_language'] : false;
$selected_lang = !empty($_REQUEST['selected_lang']) ? $_REQUEST['selected_lang'] : $authenticatedUserLanguage;
if (empty($selected_lang)) {
$selected_lang = $GLOBALS['sugar_config']['default_language'];
}
require_once 'modules/ModuleBuilder/parsers/parser.label.php';
$labelParser = new ParserLabel($_REQUEST['view_module'], isset($_REQUEST['view_package']) ? $_REQUEST['view_package'] : null);
$labelParser->addLabels($selected_lang, array($_REQUEST['subpanel_title_key'] => remove_xss(from_html($_REQUEST['subpanel_title']))), $_REQUEST['view_module']);
}
}
// Bug 46291 - Missing widget_class for edit_button and remove_button
foreach ($this->_viewdefs as $key => $def) {
if (isset($this->_fielddefs[$key]['widget_class'])) {
$this->_viewdefs[$key]['widget_class'] = $this->_fielddefs[$key]['widget_class'];
}
}
$defs = $this->restoreInvisibleFields($this->_invisibleFields, $this->_viewdefs);
// unlike our parent, do not force the field names back to upper case
$defs = $this->makeRelateFieldsAsLink($defs);
$this->implementation->deploy($defs);
}示例2: save_remote
/**
* 从字符串中抓取远程图片
*
* @author tuzwu
* @createtime
* @modifytime
* @param
* @return string 替换后的字符串
*/
public function save_remote($str = '', $watermark_enable = false)
{
if (empty($str)) {
return false;
}
$list = $replace_array = array();
//这里存放结果map
$c1 = preg_match_all('/<img\\s.*?>/', $str, $m1);
//先取出所有img标签文本
for ($i = 0; $i < $c1; $i++) {
$c2 = preg_match_all('/(\\w+)\\s*=\\s*(?:(?:(["\'])(.*?)(?=\\2))|([^\\/\\s]*))/', $m1[0][$i], $m2);
//匹配所有属性
for ($j = 0; $j < $c2; $j++) {
$img_attr = $m2[1][$j];
if (!in_array($img_attr, array('src', 'alt', 'title'))) {
continue;
}
$list[$i][$img_attr] = !empty($m2[4][$j]) ? $m2[4][$j] : $m2[3][$j];
}
}
foreach ($list as $k => $v) {
if (strpos($v['src'], '://') === false || strpos_array($v['src'], array('127.0.0.1', 'localhost', ATTACHMENT_URL)) !== false) {
continue;
}
$alt = isset($v['alt']) ? remove_xss($v['alt']) : remove_xss($v['title']);
$new_path = $this->get_remote_file($v['src'], array('alt' => $alt));
if ($new_path) {
$replace_array['old'][] = $v['src'];
$replace_array['new'][] = $new_path;
}
}
return empty($replace_array['new']) ? $str : str_ireplace($replace_array['old'], $replace_array['new'], $str);
}示例3: add
/**
* 添加公告
*/
public function add()
{
if (isset($GLOBALS['submit'])) {
if (empty($GLOBALS['usernames'])) {
MSG('收件人不能为空');
}
if (empty($GLOBALS['content'])) {
MSG('不能发送空白内容');
}
$formdata = array();
$formdata['content'] = remove_xss($GLOBALS['content']);
$formdata['addtime'] = SYS_TIME;
$formdata['uid'] = $_SESSION['uid'];
$formdata['username'] = $_SESSION['uid'];
$usernames = $GLOBALS['usernames'];
$usernames = explode(',', $usernames);
$success_user = $error_user = array();
foreach ($usernames as $name) {
$mr = $this->db->get_one('member', array('username' => $name));
if ($mr) {
$success_user[] = $name;
$formdata['touid'] = $mr['uid'];
$this->db->insert('message', $formdata);
} else {
$error_user[] = $name;
}
}
$success_user = implode(',', $success_user);
$error_user = implode(',', $error_user);
MSG('成功发送给:' . $success_user . '<br>失败用户名:' . $error_user);
} else {
$show_formjs = 1;
include $this->template('add');
}
}示例4: push
public function push()
{
load("extend");
$data = array();
if (session('?uid')) {
$uid = session('uid');
$data['uid'] = $uid;
} elseif (session('?oid')) {
$oid = session('oid');
$data['oid'] = $oid;
}
//提交到数据库
$Advice = M('Advice');
//验证
$Advice->check('c', '1,200', 'length');
$content = $this->_post('c');
//过滤
$content = remove_xss($content);
$data['content'] = $content;
$data['ctime'] = time();
//提交
if ($Advice->add($data)) {
$this->ajaxReturn(1, '提交成功', 1);
} else {
$this->ajaxReturn(0, '提交失败', 1);
}
}示例5: add
public function add()
{
$memberinfo = $this->memberinfo;
if (isset($GLOBALS['submit'])) {
$formdata = array();
$formdata['addressee'] = remove_xss($GLOBALS['addressee']);
$formdata['address'] = remove_xss($GLOBALS['address']);
$formdata['uid'] = $memberinfo['uid'];
if ($GLOBALS['LK1_1'] == '0') {
MSG('请选择所在地区省份', HTTP_REFERER);
}
if ($GLOBALS['LK1_2'] == '0') {
MSG('请选择所在地区市级', HTTP_REFERER);
}
$formdata['province'] = remove_xss($GLOBALS['LK1_1']);
$formdata['city'] = remove_xss($GLOBALS['LK1_2']);
$formdata['area'] = remove_xss(trim($GLOBALS['LK1_3'], '0'));
$formdata['mobile'] = remove_xss($GLOBALS['mobile']);
$formdata['tel'] = remove_xss($GLOBALS['tel1']) . '-' . remove_xss($GLOBALS['tel2']) . '-' . remove_xss($GLOBALS['tel2']);
$formdata['tel'] = rtrim($formdata['tel'], '-');
$formdata['zipcode'] = intval($GLOBALS['zipcode']);
$formdata['isdefault'] = intval($GLOBALS['isdefault']);
$GLOBALS['addressid'] = $this->db->insert('express_address', $formdata);
if ($formdata['isdefault']) {
$this->setdefault();
}
if ($GLOBALS['forward'] == 1) {
MSG(L('operation_success'), '/index?m=order&f=order_goods&v=cart');
} else {
MSG(L('operation_success'), '/index.php?m=order&f=address&v=listing&acbar=1');
}
}
include T('order', 'address_add');
}示例6: edit
/**
* 修改公告
*/
public function edit()
{
$id = intval($GLOBALS['id']);
if (isset($GLOBALS['submit'])) {
$formdata = $GLOBALS['form'];
$formdata['title'] = remove_xss($formdata['title']);
$formdata['note'] = remove_xss($formdata['note']);
$formdata['addtime'] = SYS_TIME;
$formdata['endtime'] = strtotime($GLOBALS['endtime']);
$formdata['publisher'] = get_cookie('username');
$formdata['css'] = 'color:#' . remove_xss(ltrim($GLOBALS['title_css'], '#') . ';' . $GLOBALS['font_weight']);
$linkageid = $this->db->update('affiche', $formdata, array('id' => $id));
MSG(L('operation success'), '?m=affiche&f=index&v=listing' . $this->su());
} else {
$show_formjs = 1;
$form = load_class('form');
load_function('admin');
$endtime = SYS_TIME + 86400 * 30;
$endtime = date('Y-m-d');
$r = $this->db->get_one('affiche', array('id' => $id));
$styles = style($r['css']);
//color:#ff0000;font-weight:bold
$font_weight = $styles['font-weight'];
$color = $styles['color'];
include $this->template('edit');
}
}示例7: index
function index()
{
$data = '<LINK REL="stylesheet" href="javascript:alert(\'XSS\');">
<IMG src=\'vbscript:msgbox("XSS")\'>
<IMG src="mocha:[code]">
<IMG src="livescript:[code]">
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert(\'XSS\');">
<IFRAME src=javascript:alert(\'XSS\')></IFRAME>
<FRAMESET><FRAME src=javascript:alert(\'XSS\')></FRAME></FRAMESET>
<TABLE BACKGROUND="javascript:alert(\'XSS\')">
<DIV STYLE="background-image: url(javascript:alert(\'XSS\'))">
<DIV STYLE="behaviour: url(\'http://www.how-to-hack.org/exploit.html\');">
<DIV STYLE="width: expression(alert(\'XSS\'));">
<STYLE>@im\\port\'\\ja\\vasc\\ript:alert("XSS")\';</STYLE>
<IMG STYLE=\'xss:expre\\ssion(alert("XSS"))\'>
<STYLE TYPE="text/javascript">alert(\'XSS\');</STYLE>
<STYLE TYPE="text/css">.XSS{background-image:url("javascript:alert(\'XSS\')");}</STYLE><A class="XSS"></A>
<STYLE type="text/css">BODY{background:url("javascript:alert(\'XSS\')")}</STYLE>
<DIV STYLE="background-image: url(http://www.baidu.com)">
<IMG SRC=javascript:alert('XSS')>
<IMG SRC="jav
ascript:alert(\'XSS\');">
"<IMG SRC=java/0script:alert(\'XSS\')>";’ > out
<IMG SRC=" javascript:alert(\'XSS\');">
<SCRIPT>a=/XSS/alert(a.source)</SCRIPT>
这里是中文
<IMG SRC="jav	ascript:alert(\'XSS\');">
<IMG SRC="jav
ascript:alert(\'XSS\');">
';
echo remove_xss($data);
}示例8: ask
public function ask()
{
$formdata = array();
$formdata['title'] = isset($GLOBALS['title']) ? remove_xss($GLOBALS['title']) : strcut($GLOBALS['content'], 80);
$formdata['content'] = $GLOBALS['content'];
$formdata['addtime'] = SYS_TIME;
$formdata['publisher'] = $this->memberinfo['username'];
$formdata['ip'] = get_ip();
$this->db->insert('guestbook', $formdata);
MSG('您的提问已经提交,我们的专家会尽快给您回复', '?m=guestbook&f=myissue&v=listing');
}示例9: ajax_auto_complete
/**
* ajax获取tags,用于keyword表单字段的自动填充
*
* @author tuzwu
* @createtime
* @modifytime
* @param
* @return
*/
public function ajax_auto_complete()
{
$tag = isset($GLOBALS['term']) ? remove_xss($GLOBALS['term']) : MSG(L('parameter_error'));
$where = ' tag like "%' . $tag . '%" ';
$tag_info = $this->db->get_list('tag', $where, 'tag', 0, 10, 1);
foreach ($tag_info as $k => $v) {
$tag_info[$k]['label'] = $tag_info[$k]['value'] = $v['tag'];
unset($tag_info[$k]['tag']);
}
exit(json_encode($tag_info));
}示例10: search2
/**
* search mec
*/
public function search2()
{
$categorys = get_cache('category', 'content');
$cityname = remove_xss($GLOBALS['cityname']);
$page = max(intval($GLOBALS['page']), 1);
$urlrule = 'javascript:change_pagemap2({$page});';
$where = "`status`=9 AND `title` LIKE '%{$cityname}%'";
$result = $this->db->get_list('mec', $where, '*', 0, 10, $page, 'id DESC', '', '', $urlrule, '', 3);
$pages = $this->db->pages;
include T('content', 'map-search2', TPLID);
}示例11: dxss
function dxss($string, $force = 1)
{
if (is_array($string)) {
$keys = array_keys($string);
foreach ($keys as $key) {
$val = $string[$key];
unset($string[$key]);
$string[$key] = dxss($val, $force);
}
} else {
$string = remove_xss($string);
}
return $string;
}示例12: handleSave
/**
* Takes in the request params from a save request and processes
* them for the save.
* @param REQUEST $params Labels as "label_".System label => Display label pairs
* @param string $language Language key, for example 'en_us'
*/
function handleSave($params, $language)
{
$labels = array();
foreach ($params as $key => $value) {
if (preg_match('/^label_/', $key) && strcmp($value, 'no_change') != 0) {
$labels[strtoupper(substr($key, 6))] = remove_xss(from_html($value), false);
}
}
if (!empty($this->packageName)) {
return self::addLabels($language, $labels, $this->moduleName, "custom/modulebuilder/packages/{$this->packageName}/modules/{$this->moduleName}/language");
} else {
return self::addLabels($language, $labels, $this->moduleName);
}
}示例13: _escape_data
private function _escape_data($data)
{
if (!is_array($data) || count($data) == 0) {
return $data;
}
foreach ($data as $key => $value) {
$html_flg = preg_match('/^html/', $key);
if (is_array($value)) {
$data[$key] = $this->_escape_data($value);
} else {
if (is_string($value) && !$html_flg) {
$data[$key] = remove_xss(htmlspecialchars($value));
}
}
}
return $data;
}示例14: login_sub
function login_sub()
{
$_POST['admin_name'] == NULL || $_POST['admin_pwd'] == NULL && exit;
if (isset($_COOKIE['qcs_auth'])) {
$id = explode("\t", strcode($_COOKIE['qcs_auth'], $this->setting['auth_key'], 'DECODE'));
(!is_numeric($id[0]) || $id[0] != 1) && $this->redirect('Index/index');
} else {
$this->redirect('Account/login');
}
if (M('user')->where(array('name' => remove_xss($_POST['admin_name']), 'pwd' => pwd_encode($_POST['admin_pwd'])))->getField('id') == 1) {
Session::set('aid', 1);
$this->redirect('Admin/main');
} else {
$this->assign('script', '<script>alert("您的输入有误,请重新输入")</script>');
$this->display('Admin/login');
}
}示例15: edit
/**
* 编辑来源
*/
public function edit()
{
$fromid = intval($GLOBALS['fromid']);
if (isset($GLOBALS['submit'])) {
$formdata = array();
$formdata['name'] = remove_xss($GLOBALS['form']['name']);
$formdata['url'] = remove_xss($GLOBALS['form']['url']);
$formdata['logo'] = remove_xss($GLOBALS['form']['logo']);
$formdata['updatetime'] = '0000-00-00 00:00:00';
$this->db->update('copyfrom', $formdata, array('fromid' => $fromid));
MSG(L('operation success'), HTTP_REFERER);
} else {
$show_formjs = 1;
$form = load_class('form');
$r = $this->db->get_one('copyfrom', array('fromid' => $fromid));
include $this->template('copyfrom_edit');
}
}