本文整理汇总了PHP中InputFilter::badAttributeValue方法的典型用法代码示例。如果您正苦于以下问题:PHP InputFilter::badAttributeValue方法的具体用法?PHP InputFilter::badAttributeValue怎么用?PHP InputFilter::badAttributeValue使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类InputFilter的用法示例。
在下文中一共展示了InputFilter::badAttributeValue方法的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: check
/** overloaded check function */
function check()
{
// filter malicious code
$ignoreList = array('params');
$this->filter($ignoreList);
// specific filters
$iFilter = new InputFilter();
if ($iFilter->badAttributeValue(array('href', $this->url))) {
$this->_error = 'Please provide a valid URL';
return false;
}
/** check for valid name */
if (trim($this->title) == '') {
$this->_error = _WEBLINK_TITLE;
return false;
}
if (!(preg_match('http://', $this->url) || preg_match('https://', $this->url) || preg_match('ftp://', $this->url))) {
$this->url = 'http://' . $this->url;
}
/** check for existing name */
$query = "SELECT id" . "\n FROM #__weblinks " . "\n WHERE title = " . $this->_db->Quote($this->title) . "\n AND catid = " . (int) $this->catid;
$this->_db->setQuery($query);
$xid = intval($this->_db->loadResult());
if ($xid && $xid != intval($this->id)) {
$this->_error = _WEBLINK_EXIST;
return false;
}
return true;
}示例2: extRedirect
/**
* Utility function redirect the browser location to another url
*
* Can optionally provide a message.
* @param string The file system path
* @param string A filter for the names
*/
function extRedirect($url, $msg = '')
{
global $mainframe;
// specific filters
$iFilter = new InputFilter();
$url = $iFilter->process($url);
if (!empty($msg)) {
$msg = $iFilter->process($msg);
}
if ($iFilter->badAttributeValue(array('href', $url))) {
$url = $GLOBALS['home_dir'];
}
if (trim($msg)) {
if (strpos($url, '?')) {
$url .= '&extmsg=' . urlencode($msg);
} else {
$url .= '?extmsg=' . urlencode($msg);
}
}
if (headers_sent()) {
echo "<script>document.location.href='{$url}';</script>\n";
} else {
@ob_end_clean();
// clear output buffer
header('HTTP/1.1 301 Moved Permanently');
header("Location: " . $url);
}
exit;
}示例3: filterAttr
/**
* Internal method to strip a tag of certain attributes
*
* @access protected
* @param array $attrSet Array of attribute pairs to filter
* @return array $newSet Filtered array of attribute pairs
*/
function filterAttr($attrSet)
{
/*
* Initialize variables
*/
$newSet = array();
/*
* Iterate through attribute pairs
*/
for ($i = 0; $i < count($attrSet); $i++) {
/*
* Skip blank spaces
*/
if (!$attrSet[$i]) {
continue;
}
/*
* Split into name/value pairs
*/
$attrSubSet = explode('=', trim($attrSet[$i]), 2);
list($attrSubSet[0]) = explode(' ', $attrSubSet[0]);
/*
* Remove all "non-regular" attribute names
* AND blacklisted attributes
*/
if (!eregi("^[a-z]*\$", $attrSubSet[0]) || $this->xssAuto && (in_array(strtolower($attrSubSet[0]), $this->attrBlacklist) || substr($attrSubSet[0], 0, 2) == 'on')) {
continue;
}
/*
* XSS attribute value filtering
*/
if ($attrSubSet[1]) {
// strips unicode, hex, etc
$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
// strip normal newline within attr value
$attrSubSet[1] = preg_replace('/\\s+/', '', $attrSubSet[1]);
// strip double quotes
$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
// [requested feature] convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value)
if (substr($attrSubSet[1], 0, 1) == "'" && substr($attrSubSet[1], strlen($attrSubSet[1]) - 1, 1) == "'") {
$attrSubSet[1] = substr($attrSubSet[1], 1, strlen($attrSubSet[1]) - 2);
}
// strip slashes
$attrSubSet[1] = stripslashes($attrSubSet[1]);
}
/*
* Autostrip script tags
*/
if (InputFilter::badAttributeValue($attrSubSet)) {
continue;
}
/*
* Is our attribute in the user input array?
*/
$attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
/*
* If the tag is allowed lets keep it
*/
if (!$attrFound && $this->attrMethod || $attrFound && !$this->attrMethod) {
/*
* Does the attribute have a value?
*/
if ($attrSubSet[1]) {
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
} elseif ($attrSubSet[1] == "0") {
/*
* Special Case
* Is the value 0?
*/
$newSet[] = $attrSubSet[0] . '="0"';
} else {
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"';
}
}
}
return $newSet;
}示例4: shRedirect
function shRedirect($url, $msg = '', $redirKind = '301', $msgType = 'message')
{
global $mainframe;
$sefConfig =& shRouter::shGetConfig();
// specific filters
if (class_exists('InputFilter')) {
$iFilter = new InputFilter();
$url = $iFilter->process($url);
if (!empty($msg)) {
$msg = $iFilter->process($msg);
}
if ($iFilter->badAttributeValue(array('href', $url))) {
$url = $GLOBALS['shConfigLiveSite'];
}
}
// If the message exists, enqueue it
if (JString::trim($msg)) {
$mainframe->enqueueMessage($msg, $msgType);
}
// Persist messages if they exist
if (count($mainframe->_messageQueue)) {
$session =& JFactory::getSession();
$session->set('application.queue', $mainframe->_messageQueue);
}
if (headers_sent()) {
echo "<script>document.location.href='{$url}';</script>\n";
} else {
@ob_end_clean();
// clear output buffer
switch ($redirKind) {
case '302':
$redirHeader = 'HTTP/1.1 302 Moved Temporarily';
break;
case '303':
$redirHeader = 'HTTP/1.1 303 See Other';
break;
default:
$redirHeader = 'HTTP/1.1 301 Moved Permanently';
break;
}
header($redirHeader);
header("Location: " . $url);
}
$mainframe->close();
}示例5: shRedirect
function shRedirect( $url, $msg='', $redirKind = '301', $msgType='message' ) {
$mainframe = JFactory::getApplication();
$sefConfig = & Sh404sefFactory::getConfig();
// specific filters
if (class_exists('InputFilter')) {
$iFilter = new InputFilter();
$url = $iFilter->process( $url );
if (!empty($msg)) {
$msg = $iFilter->process( $msg );
}
if ($iFilter->badAttributeValue( array( 'href', $url ))) {
$url = Sh404sefFactory::getPageInfo()->getDefaultLiveSite();
}
}
// If the message exists, enqueue it
if (JString::trim( $msg )) {
$mainframe->enqueueMessage($msg, $msgType);
}
// Persist messages if they exist
$queue = $mainframe->getMessageQueue();
if (count($queue)) {
$session = JFactory::getSession();
$session->set('application.queue', $queue);
}
$document = JFactory::getDocument();
@ob_end_clean(); // clear output buffer
if (headers_sent()) {
echo '<html><head><meta http-equiv="content-type" content="text/html; charset='.$document->getCharset().'" /><script>document.location.href=\''.$url.'\';</script></head><body></body></html>';
} else {
switch ($redirKind) {
case '302':
$redirHeader ='HTTP/1.1 302 Moved Temporarily';
break;
case '303':
$redirHeader ='HTTP/1.1 303 See Other';
break;
default:
$redirHeader = 'HTTP/1.1 301 Moved Permanently';
break;
}
header( 'Cache-Control: no-cache'); // prevent Firefox5+ and IE9+ to consider this a cacheable redirect
header( $redirHeader );
header( 'Location: ' . $url );
header( 'Content-Type: text/html; charset='.$document->getCharset());
}
$mainframe->close();
}示例6: filterAttr
/**
* Internal method to strip a tag of certain attributes
*
* @access protected
* @param array $attrSet Array of attribute pairs to filter
* @return array $newSet Filtered array of attribute pairs
*/
function filterAttr($attrSet)
{
/*
* Initialize variables
*/
$newSet = array();
/*
* Iterate through attribute pairs
*/
for ($i = 0; $i < count($attrSet); $i++) {
/*
* Skip blank spaces
*/
if (!$attrSet[$i]) {
continue;
}
/*
* Split into name/value pairs
*/
$attrSubSet = explode('=', trim($attrSet[$i]), 2);
list($attrSubSet[0]) = explode(' ', $attrSubSet[0]);
/*
* Remove all "non-regular" attribute names
* AND blacklisted attributes
*/
if (!preg_match("/^[a-z]*\$/", $attrSubSet[0]) || $this->xssAuto && (in_array(strtolower($attrSubSet[0]), $this->attrBlacklist) || substr(strtolower($attrSubSet[0]), 0, 2) == 'on')) {
continue;
/*
* XSS attribute value filtering
*/
if ($attrSubSet[1]) {
// strips unicode, hex, etc
$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
// strip normal newline within attr value
$attrSubSet[1] = preg_replace('/\\s+/', '', $attrSubSet[1]);
// strip double quotes
$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
// [requested feature] convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value)
if (substr($attrSubSet[1], 0, 1) == "'" && substr($attrSubSet[1], strlen($attrSubSet[1]) - 1, 1) == "'") {
$attrSubSet[1] = substr($attrSubSet[1], 1, strlen($attrSubSet[1]) - 2);
}
// strip slashes
$attrSubSet[1] = stripslashes($attrSubSet[1]);
}
/*
* Autostrip script tags
*/
if (InputFilter::badAttributeValue($attrSubSet)) {
continue;
}
/*
* Is our attribute in the user input array?
*/
$attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
/*
* If the tag is allowed lets keep it
*/
if (!$attrFound && $this->attrMethod || $attrFound && !$this->attrMethod) {
/*
* Does the attribute have a value?
*/
if ($attrSubSet[1]) {
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
} elseif ($attrSubSet[1] == "0") {
/*
* Special Case
* Is the value 0?
*/
$newSet[] = $attrSubSet[0] . '="0"';
} else {
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"';
}
}
}
return $newSet;
}
/**
* Try to convert to plaintext
*
* @access protected
* @param string $source
* @return string Plaintext string
*/
/**
* Method to be called by another php script. Processes for SQL injection
*
* @access public
* @param mixed $source input string/array-of-string to be 'cleaned'
* @param resource $connection - An open MySQL connection
* @return string 'cleaned' version of input parameter
*/
function safeSQL($source, &$connection)
{
//.........这里部分代码省略.........
示例7: filterAttr
/**
* Internal method to strip a tag of certain attributes
* @access protected
* @param Array $attrSet
* @return Array $newSet
*/
function filterAttr($attrSet)
{
$newSet = array();
// process attributes
for ($i = 0; $i < count($attrSet); $i++) {
// skip blank spaces in tag
if (!$attrSet[$i]) {
continue;
}
// split into attr name and value
$attrSubSet = explode('=', trim($attrSet[$i]), 2);
list($attrSubSet[0]) = explode(' ', $attrSubSet[0]);
// removes all "non-regular" attr names AND also attr blacklisted
if (!eregi("^[a-z]*\$", $attrSubSet[0]) || $this->xssAuto && (in_array(strtolower($attrSubSet[0]), $this->attrBlacklist) || substr($attrSubSet[0], 0, 2) == 'on')) {
continue;
}
// xss attr value filtering
if ($attrSubSet[1]) {
// strips unicode, hex, etc
$attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]);
// strip normal newline within attr value
$attrSubSet[1] = preg_replace('/\\s+/', '', $attrSubSet[1]);
// strip double quotes
$attrSubSet[1] = str_replace('"', '', $attrSubSet[1]);
// [requested feature] convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value)
if (substr($attrSubSet[1], 0, 1) == "'" && substr($attrSubSet[1], strlen($attrSubSet[1]) - 1, 1) == "'") {
$attrSubSet[1] = substr($attrSubSet[1], 1, strlen($attrSubSet[1]) - 2);
}
// strip slashes
$attrSubSet[1] = stripslashes($attrSubSet[1]);
}
// auto strip attr's with "javascript:
if (InputFilter::badAttributeValue($attrSubSet)) {
continue;
}
// if matches user defined array
$attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray);
// keep this attr on condition
if (!$attrFound && $this->attrMethod || $attrFound && !$this->attrMethod) {
// attr has value
if ($attrSubSet[1]) {
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"';
} else {
if ($attrSubSet[1] == "0") {
$newSet[] = $attrSubSet[0] . '="0"';
} else {
$newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"';
}
}
}
}
return $newSet;
}示例8: mosRedirect
/**
* Utility function redirect the browser location to another url
*
* Can optionally provide a message.
* @param string The file system path
* @param string A filter for the names
*/
function mosRedirect($url, $msg = '')
{
global $mainframe;
// specific filters
$iFilter = new InputFilter();
$url = $iFilter->process($url);
if (!empty($msg)) {
$msg = $iFilter->process($msg);
}
// Strip out any line breaks and throw away the rest
$url = preg_split("/[\r\n]/", $url);
$url = $url[0];
if ($iFilter->badAttributeValue(array('href', $url))) {
$url = $GLOBALS['mosConfig_live_site'];
}
if (trim($msg)) {
if (strpos($url, '?')) {
$url .= '&mosmsg=' . urlencode($msg);
} else {
$url .= '?mosmsg=' . urlencode($msg);
}
}
if (headers_sent()) {
echo "<script>document.location.href='{$url}';</script>\n";
} else {
@ob_end_clean();
// clear output buffer
header('HTTP/1.1 301 Movido permanentemente');
header("Location: " . $url);
}
exit;
}