当前位置: 首页>>代码示例>>PHP>>正文


PHP UTF8::clean方法代码示例

本文整理汇总了PHP中UTF8::clean方法的典型用法代码示例。如果您正苦于以下问题:PHP UTF8::clean方法的具体用法?PHP UTF8::clean怎么用?PHP UTF8::clean使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在UTF8的用法示例。


在下文中一共展示了UTF8::clean方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。

示例1: clean

 public static function clean($var, $charset = NULL)
 {
     if (!$charset) {
         // Use the application character set
         $charset = JsonApiApplication::$charset;
     }
     if (is_array($var) or is_object($var)) {
         foreach ($var as $key => $val) {
             // Recursion!
             $var[UTF8::clean($key)] = UTF8::clean($val);
         }
     } elseif (is_string($var) and $var !== "") {
         // Remove control characters
         $var = UTF8::strip_ascii_ctrl($var);
         if (!UTF8::is_ascii($var)) {
             // Temporarily save the mb_substitute_character() value into a variable
             $mb_substitute_character = mb_substitute_character();
             // Disable substituting illegal characters with the default '?' character
             mb_substitute_character("none");
             // convert encoding, this is expensive, used when $var is not ASCII
             $var = mb_convert_encoding($var, $charset, $charset);
             // Reset mb_substitute_character() value back to the original setting
             mb_substitute_character($mb_substitute_character);
         }
     }
     return $var;
 }
开发者ID:benshez,项目名称:DreamWeddingCeremonies,代码行数:27,代码来源:UTF8.php

示例2: save

 /**
  * Updates or Creates the record depending on loaded()
  *
  * @param   Validation  $validation  Validation object
  * @return  ORM
  *
  * @uses    User::active_user
  * @uses    ACL::check
  * @uses    Text::limit_words
  * @uses    Text::markup
  * @uses    Request::$client_ip
  */
 public function save(Validation $validation = NULL)
 {
     // Set some defaults
     $this->updated = time();
     $this->format = empty($this->format) ? Kohana::$config->load('inputfilter.default_format', 1) : $this->format;
     $this->author = empty($this->author) ? User::active_user()->id : $this->author;
     if (!$this->loaded()) {
         // New comment
         $this->created = $this->updated;
         $this->hostname = substr(Request::$client_ip, 0, 32);
         //set hostname only if its new comment.
         if (empty($this->status)) {
             $this->status = ACL::check('skip comment approval') ? 'publish' : 'draft';
         }
     }
     // Validate the comment's title. If not specified, extract from comment body.
     if (trim($this->title) == '' and !empty($this->body)) {
         // The body may be in any format, so:
         // 1) Filter it into HTML
         // 2) Strip out all HTML tags
         // 3) Convert entities back to plain-text.
         $this->title = Text::limit_words(trim(UTF8::clean(strip_tags(Text::markup($this->body, $this->format)))), 10, '');
         // Edge cases where the comment body is populated only by HTML tags will
         // require a default subject.
         if ($this->title == '') {
             $this->title = __('(No subject)');
         }
     }
     parent::save($validation);
     return $this;
 }
开发者ID:MenZil-Team,项目名称:cms,代码行数:43,代码来源:comment.php

示例3: clean

 /**
  * Recursively cleans arrays, objects, and strings. Removes ASCII control
  * codes and converts to the requested charset while silently discarding
  * incompatible characters.
  *
  *     UTF8::clean($_GET); // Clean GET data
  *
  * @param   mixed   $var        variable to clean
  * @param   string  $charset    character set, defaults to Kohana::$charset
  * @return  mixed
  * @uses    UTF8::clean
  * @uses    UTF8::strip_ascii_ctrl
  * @uses    UTF8::is_ascii
  */
 public static function clean($var, $charset = 'utf-8')
 {
     if (is_array($var) or is_object($var)) {
         foreach ($var as $key => $val) {
             // Recursion!
             $var[UTF8::clean($key)] = UTF8::clean($val);
         }
     } elseif (is_string($var) and $var !== '') {
         // Remove control characters
         $var = UTF8::strip_ascii_ctrl($var);
         if (!UTF8::is_ascii($var)) {
             // Disable notices
             $error_reporting = error_reporting(~E_NOTICE);
             $var = mb_convert_encoding($var, $charset, $charset);
             // Turn notices back on
             error_reporting($error_reporting);
         }
     }
     return $var;
 }
开发者ID:doorframework,项目名称:core,代码行数:34,代码来源:UTF8.php

示例4: test_clean

 /**
  * Tests UTF8::clean
  *
  * @test
  * @dataProvider provider_clean
  */
 public function test_clean($input, $expected)
 {
     $this->assertSame($expected, UTF8::clean($input));
 }
开发者ID:azuya,项目名称:Wi3,代码行数:10,代码来源:UTF8Test.php

示例5: _dump

 /**
  * Helper for Kohana::dump(), handles recursion in arrays and objects.
  *
  * @param   mixed    variable to dump
  * @param   integer  maximum length of strings
  * @param   integer  recursion level (internal)
  * @return  string
  */
 protected static function _dump(&$var, $length = 128, $level = 0)
 {
     if ($var === NULL) {
         return '<small>NULL</small>';
     } elseif (is_bool($var)) {
         return '<small>bool</small> ' . ($var ? 'TRUE' : 'FALSE');
     } elseif (is_float($var)) {
         return '<small>float</small> ' . $var;
     } elseif (is_resource($var)) {
         if (($type = get_resource_type($var)) === 'stream' and $meta = stream_get_meta_data($var)) {
             $meta = stream_get_meta_data($var);
             if (isset($meta['uri'])) {
                 $file = $meta['uri'];
                 if (function_exists('stream_is_local')) {
                     // Only exists on PHP >= 5.2.4
                     if (stream_is_local($file)) {
                         $file = Core::debug_path($file);
                     }
                 }
                 return '<small>resource</small><span>(' . $type . ')</span> ' . htmlspecialchars($file, ENT_NOQUOTES, Core::$charset);
             }
         } else {
             return '<small>resource</small><span>(' . $type . ')</span>';
         }
     } elseif (is_string($var)) {
         // Clean invalid multibyte characters. iconv is only invoked
         // if there are non ASCII characters in the string, so this
         // isn't too much of a hit.
         $var = UTF8::clean($var);
         if (UTF8::strlen($var) > $length) {
             // Encode the truncated string
             $str = htmlspecialchars(UTF8::substr($var, 0, $length), ENT_NOQUOTES, Core::$charset) . '&nbsp;&hellip;';
         } else {
             // Encode the string
             $str = htmlspecialchars($var, ENT_NOQUOTES, Core::$charset);
         }
         return '<small>string</small><span>(' . strlen($var) . ')</span> "' . $str . '"';
     } elseif (is_array($var)) {
         $output = array();
         // Indentation for this variable
         $space = str_repeat($s = '    ', $level);
         static $marker = null;
         if ($marker === null) {
             // Make a unique marker
             $marker = uniqid("");
         }
         if (empty($var)) {
             // Do nothing
         } elseif (isset($var[$marker])) {
             $output[] = "(\n{$space}{$s}*RECURSION*\n{$space})";
         } elseif ($level < 5) {
             $output[] = "<span>(";
             $var[$marker] = TRUE;
             foreach ($var as $key => &$val) {
                 if ($key === $marker) {
                     continue;
                 }
                 if (!is_int($key)) {
                     $key = '"' . htmlspecialchars($key, ENT_NOQUOTES, Core::$charset) . '"';
                 }
                 $output[] = "{$space}{$s}{$key} => " . Docs::_dump($val, $length, $level + 1);
             }
             unset($var[$marker]);
             $output[] = "{$space})</span>";
         } else {
             // Depth too great
             $output[] = "(\n{$space}{$s}...\n{$space})";
         }
         return '<small>array</small><span>(' . count($var) . ')</span> ' . implode("\n", $output);
     } elseif (is_object($var)) {
         // Copy the object as an array
         $array = (array) $var;
         $output = array();
         // Indentation for this variable
         $space = str_repeat($s = '    ', $level);
         $hash = spl_object_hash($var);
         // Objects that are being dumped
         static $objects = array();
         if (empty($var)) {
             // Do nothing
         } elseif (isset($objects[$hash])) {
             $output[] = "{\n{$space}{$s}*RECURSION*\n{$space}}";
         } elseif ($level < 10) {
             $output[] = "<code>{";
             $objects[$hash] = TRUE;
             foreach ($array as $key => &$val) {
                 if ($key[0] === "") {
                     // Determine if the access is protected or protected
                     $access = '<small>' . ($key[1] === '*' ? 'protected' : 'private') . '</small>';
                     // Remove the access level from the variable name
                     $key = substr($key, strrpos($key, "") + 1);
                 } else {
//.........这里部分代码省略.........
开发者ID:google2013,项目名称:myqeecms,代码行数:101,代码来源:Docs.class.php

示例6: _dump

 /**
  * Helper for Debug::dump(), handles recursion in arrays and objects.
  *
  * @param   mixed    $var     Variable to dump
  * @param   integer  $length  Maximum length of strings [Optional]
  * @param   integer  $limit   Recursion limit [Optional]
  * @param   integer  $level   Current recursion level (internal usage only!) [Optional]
  *
  * @return  string
  */
 protected static function _dump(&$var, $length = 128, $limit = 10, $level = 0)
 {
     if ($var === NULL) {
         return '<small style="color: #3465a4">NULL</small>';
     } elseif (is_bool($var)) {
         return '<small>bool</small> <span style="color:#4e9a06">' . ($var ? 'TRUE' : 'FALSE') . '</span>';
     } elseif (is_float($var)) {
         return '<small>float</small> <span style="color:#4e9a06">' . $var . '</span>';
     } elseif (is_integer($var)) {
         return '<small>int</small> <span style="color:#4e9a06">' . $var . '</span>';
     } elseif (is_resource($var)) {
         if (($type = get_resource_type($var)) === 'stream' and $meta = stream_get_meta_data($var)) {
             $meta = stream_get_meta_data($var);
             if (isset($meta['uri'])) {
                 $file = $meta['uri'];
                 if (stream_is_local($file)) {
                     $file = Debug::path($file);
                 }
                 return '<small>resource</small><span>(' . $type . ')</span> ' . htmlspecialchars($file, ENT_NOQUOTES, Kohana::$charset);
             }
         } else {
             return '<small>resource</small><span>(' . $type . ')</span>';
         }
     } elseif (is_string($var)) {
         // Clean invalid multibyte characters. iconv is only invoked
         // if there are non ASCII characters in the string, so this
         // isn't too much of a hit.
         $var = UTF8::clean($var, Kohana::$charset);
         if (UTF8::strlen($var) > $length) {
             // Encode the truncated string
             $str = htmlspecialchars(UTF8::substr($var, 0, $length), ENT_NOQUOTES, Kohana::$charset) . '&nbsp;&hellip;';
         } else {
             // Encode the string
             $str = htmlspecialchars($var, ENT_NOQUOTES, Kohana::$charset);
         }
         return '<small>string</small> <span style="color:#cc0000">\'' . $str . '\'</span>(<span style="font-style:italic">length=' . strlen($var) . '</span>)';
     } elseif (is_array($var)) {
         $output = array();
         // Indentation for this variable
         $space = str_repeat($s = '    ', $level);
         static $marker;
         if ($marker === NULL) {
             // Make a unique marker
             $marker = uniqid("");
         }
         if (empty($var)) {
             // Do nothing
         } elseif (isset($var[$marker])) {
             $output[] = "\n{$space}{$s}*RECURSION*\n{$space}";
         } elseif ($level < $limit) {
             $output[] = "<span>";
             $var[$marker] = TRUE;
             foreach ($var as $key => &$val) {
                 if ($key === $marker) {
                     continue;
                 }
                 if (!is_int($key)) {
                     $key = '"' . htmlspecialchars($key, ENT_NOQUOTES, Kohana::$charset) . '"';
                 }
                 $output[] = "{$space}{$s}{$key} => " . Debug::_dump($val, $length, $limit, $level + 1);
             }
             unset($var[$marker]);
             $output[] = "{$space}</span>";
         } else {
             // Depth too great
             $output[] = "\n{$space}{$s}...\n{$space}";
         }
         return '<strong>array</strong> <span style="font-style:italic">(size=' . count($var) . ')</span> ' . implode(PHP_EOL, $output);
     } elseif (is_object($var)) {
         // Copy the object as an array
         $array = (array) $var;
         $output = array();
         // Indentation for this variable
         $space = str_repeat($s = '    ', $level);
         $hash = spl_object_hash($var);
         // Objects that are being dumped
         static $objects = array();
         if (empty($var)) {
             // Do nothing
         } elseif (isset($objects[$hash])) {
             $output[] = "{\n{$space}{$s}*RECURSION*\n{$space}}";
         } elseif ($level < $limit) {
             $output[] = "<code>";
             $objects[$hash] = TRUE;
             foreach ($array as $key => &$val) {
                 if ($key[0] === "") {
                     // Determine if the access is protected or protected
                     $access = '<span style="font-style:italic">' . ($key[1] === '*' ? 'protected' : 'private') . '</span>';
                     // Remove the access level from the variable name
                     $key = substr($key, strrpos($key, "") + 1);
//.........这里部分代码省略.........
开发者ID:MenZil-Team,项目名称:cms,代码行数:101,代码来源:debug.php

示例7: _dump

 /**
  * Helper for Debug::dump(), handles recursion in arrays and objects.
  *
  * @param   mixed   $var    variable to dump
  * @param   integer $length maximum length of strings
  * @param   integer $limit  recursion limit
  * @param   integer $level  current recursion level (internal usage only!)
  * @return  string
  */
 protected static function _dump(&$var, $length = 128, $limit = 10, $level = 0)
 {
     if ($var === null) {
         return '<small>null</small>';
     } elseif (is_int($var)) {
         return '<small>integer</small> <span class="int">' . $var . '</span>';
     } elseif (is_bool($var)) {
         return '<small>bool</small> <span class="bool">' . ($var ? 'true' : 'false') . '</span>';
     } elseif (is_float($var)) {
         return '<small>float</small> <span class="float">' . $var . '</span>';
     } elseif (is_resource($var)) {
         if (($type = get_resource_type($var)) === 'stream' && ($meta = stream_get_meta_data($var))) {
             $meta = stream_get_meta_data($var);
             if (isset($meta['uri'])) {
                 $file = $meta['uri'];
                 // Only exists on PHP >= 5.2.4
                 if (stream_is_local($file)) {
                     $file = Debug::path($file);
                 }
                 return '<small>resource</small><span>(' . $type . ')</span> ' . htmlspecialchars($file, ENT_NOQUOTES, \Phalcana\Phalcana::$charset);
             }
         } else {
             return '<small>resource</small><span>(' . $type . ')</span>';
         }
     } elseif (is_string($var)) {
         // Clean invalid multibyte characters. iconv is only invoked
         // if there are non ASCII characters in the string, so this
         // isn't too much of a hit.
         $var = UTF8::clean($var, \Phalcana\Phalcana::$charset);
         if (UTF8::strlen($var) > $length) {
             // Encode the truncated string
             $str = htmlspecialchars(UTF8::substr($var, 0, $length), ENT_NOQUOTES, \Phalcana\Phalcana::$charset) . '&nbsp;&hellip;';
             //$str = htmlspecialchars(substr($var, 0, $length), ENT_NOQUOTES, \Phalcana\Phalcana::$charset).'&nbsp;&hellip;';
         } else {
             // Encode the string
             $str = htmlspecialchars($var, ENT_NOQUOTES, \Phalcana\Phalcana::$charset);
         }
         return '<small>string</small><span class="len">(' . strlen($var) . ')</span> <span class="string">"' . $str . '"</span>';
     } elseif (is_array($var)) {
         $output = array();
         // Indentation for this variable
         $space = str_repeat($s = '    ', $level);
         static $marker;
         if ($marker === null) {
             // Make a unique marker - force it to be alphanumeric so that it is always treated as a string array key
             $marker = uniqid("") . "x";
         }
         if (empty($var)) {
             // Do nothing
         } elseif (isset($var[$marker])) {
             $output[] = "(\n{$space}{$s}*RECURSION*\n{$space})";
         } elseif ($level < $limit) {
             $output[] = "<span>(";
             $var[$marker] = true;
             foreach ($var as $key => &$val) {
                 if ($key === $marker) {
                     continue;
                 }
                 if (!is_int($key)) {
                     $key = '<span class="string">"' . htmlspecialchars($key, ENT_NOQUOTES, \Phalcana\Phalcana::$charset) . '"</span>';
                 } else {
                     $key = '<span class="int">' . $key . '</span>';
                 }
                 $output[] = "{$space}{$s}{$key} <span class=\"pointer\">=></span> " . Debug::_dump($val, $length, $limit, $level + 1);
             }
             unset($var[$marker]);
             $output[] = "{$space})</span>";
         } else {
             // Depth too great
             $output[] = "(\n{$space}{$s}...\n{$space})";
         }
         return '<small>array</small><span class="len">(' . count($var) . ')</span> ' . implode("\n", $output);
     } elseif (is_object($var)) {
         // Copy the object as an array
         $array = (array) $var;
         $output = array();
         // Indentation for this variable
         $space = str_repeat($s = '    ', $level);
         $hash = spl_object_hash($var);
         // Objects that are being dumped
         static $objects = array();
         if (empty($var)) {
             // Do nothing
         } elseif ($var instanceof \Phalcon\DI) {
             $output[] = "{\n{$space}{$s}*DEPENDENCY INJECTOR IGNORED*\n{$space}}";
         } elseif (isset($objects[$hash])) {
             $output[] = "{\n{$space}{$s}*RECURSION*\n{$space}}";
         } elseif ($level < $limit) {
             $output[] = "<code>{";
             $objects[$hash] = true;
             foreach ($array as $key => &$val) {
//.........这里部分代码省略.........
开发者ID:braf,项目名称:phalcana-core,代码行数:101,代码来源:Debug.php

示例8: _do

 /**
  * @param string $str
  *
  * @return mixed
  */
 private function _do($str)
 {
     $str = (string) $str;
     $strInt = (int) $str;
     $strFloat = (double) $str;
     /** @noinspection TypeUnsafeComparisonInspection */
     if (!$str || "{$strInt}" == $str || "{$strFloat}" == $str) {
         return $str;
     }
     // removes all non-UTF-8 characters
     // &&
     // remove NULL characters (ignored by some browsers)
     $str = UTF8::clean($str, true, true, false);
     // decode the string
     $str = $this->decode_string($str);
     // and again... removes all non-UTF-8 characters
     $str = UTF8::clean($str, true, true, false);
     // remove all >= 4-Byte chars if needed
     if ($this->_stripe_4byte_chars === true) {
         $str = preg_replace('/[\\x{10000}-\\x{10FFFF}]/u', '', $str);
     }
     // remove strings that are never allowed
     $str = $this->_do_never_allowed($str);
     // make php tags safe for displaying
     $str = $this->make_php_tags_safe($str);
     // corrects words before the browser will do it
     $str = $this->compact_exploded_javascript($str);
     // remove disallowed javascript calls in links, images etc.
     $str = $this->remove_disallowed_javascript($str);
     // remove evil attributes such as style, onclick and xmlns
     $str = $this->remove_evil_attributes($str);
     // sanitize naughty HTML elements
     $str = $this->sanitize_naughty_html($str);
     // sanitize naughty JavaScript elements
     $str = $this->sanitize_naughty_javascript($str);
     // final clean up
     // This adds a bit of extra precaution in case
     // something got through the above filters.
     $str = $this->_do_never_allowed($str);
     $str = $this->_do_never_allowed_afterwards($str);
     return $str;
 }
开发者ID:voku,项目名称:anti-xss,代码行数:47,代码来源:AntiXSS.php

示例9: _dump

 protected static function _dump(&$var, $length = 128, $limit = 10, $level = 0)
 {
     if ($var === NULL) {
         return "<small>NULL</small>";
     } elseif (is_bool($var)) {
         return "<small>bool</small> " . ($var ? "TRUE" : "FALSE");
     } elseif (is_float($var)) {
         return "<small>float</small> " . $var;
     } elseif (is_resource($var)) {
         if (($type = get_resource_type($var)) === "stream" and $meta = stream_get_meta_data($var)) {
             $meta = stream_get_meta_data($var);
             if (isset($meta["uri"])) {
                 $file = $meta["uri"];
                 if (function_exists("stream_is_local")) {
                     // Only exists on PHP >= 5.2.4
                     if (stream_is_local($file)) {
                         $file = Debug::path($file);
                     }
                 }
                 return "<small>resource</small><span>(" . $type . ")</span> " . htmlspecialchars($file, ENT_NOQUOTES, JsonApiApplication::$charset);
             }
         } else {
             return "<small>resource</small><span>(" . $type . ")</span>";
         }
     } elseif (is_string($var)) {
         $var = UTF8::clean($var, JsonApiApplication::$charset);
         if (UTF8::strlen($var) > $length) {
             $str = htmlspecialchars(UTF8::substr($var, 0, $length), ENT_NOQUOTES, JsonApiApplication::$charset) . "&nbsp;&hellip;";
         } else {
             $str = htmlspecialchars($var, ENT_NOQUOTES, JsonApiApplication::$charset);
         }
         return '<small>string</small><span>(' . strlen($var) . ')</span> "' . $str . '"';
     } elseif (is_array($var)) {
         $output = array();
         $space = str_repeat($s = "    ", $level);
         static $marker;
         if ($marker === NULL) {
             $marker = uniqid("") . "x";
         }
         if (empty($var)) {
             // Do nothing
         } elseif (isset($var[$marker])) {
             $output[] = "(\n{$space}{$s}*RECURSION*\n{$space})";
         } elseif ($level < $limit) {
             $output[] = "<span>(";
             $var[$marker] = TRUE;
             foreach ($var as $key => &$val) {
                 if ($key === $marker) {
                     continue;
                 }
                 if (!is_int($key)) {
                     $key = '"' . htmlspecialchars($key, ENT_NOQUOTES, JsonApiApplication::$charset) . '"';
                 }
                 $output[] = "{$space}{$s}{$key} => " . Debug::_dump($val, $length, $limit, $level + 1);
             }
             unset($var[$marker]);
             $output[] = "{$space})</span>";
         } else {
             $output[] = "(\n{$space}{$s}...\n{$space})";
         }
         return "<small>array</small><span>(" . count($var) . ")</span> " . implode("\n", $output);
     } elseif (is_object($var)) {
         $array = (array) $var;
         $output = array();
         $space = str_repeat($s = "    ", $level);
         $hash = spl_object_hash($var);
         static $objects = array();
         if (empty($var)) {
             // Do nothing
         } elseif (isset($objects[$hash])) {
             $output[] = "{\n{$space}{$s}*RECURSION*\n{$space}}";
         } elseif ($level < $limit) {
             $output[] = "<code>{";
             $objects[$hash] = TRUE;
             foreach ($array as $key => &$val) {
                 if ($key[0] === "") {
                     $access = "<small>" . ($key[1] === "*" ? "protected" : "private") . "</small>";
                     $key = substr($key, strrpos($key, "") + 1);
                 } else {
                     $access = "<small>public</small>";
                 }
                 $output[] = "{$space}{$s}{$access} {$key} => " . Debug::_dump($val, $length, $limit, $level + 1);
             }
             unset($objects[$hash]);
             $output[] = "{$space}}</code>";
         } else {
             // Depth too great
             $output[] = "{\n{$space}{$s}...\n{$space}}";
         }
         return "<small>object</small> <span>" . get_class($var) . "(" . count($array) . ")</span> " . implode("\n", $output);
     } else {
         return "<small>" . gettype($var) . "</small> " . htmlspecialchars(print_r($var, TRUE), ENT_NOQUOTES, JsonApiApplication::$charset);
     }
 }
开发者ID:benshez,项目名称:DreamWeddingCeremomies,代码行数:94,代码来源:Debug.php

示例10: xss_clean

 /**
  * XSS Clean
  *
  * Sanitizes data so that Cross Site Scripting Hacks can be
  * prevented.  This method does a fair amount of work but
  * it is extremely thorough, designed to prevent even the
  * most obscure XSS attempts.  Nothing is ever 100% foolproof,
  * of course, but I haven't been able to get anything passed
  * the filter.
  *
  * Note: Should only be used to deal with data upon submission.
  *   It's not something that should be used for general
  *   runtime processing.
  *
  * @link  http://channel.bitflux.ch/wiki/XSS_Prevention
  *    Based in part on some code and ideas from Bitflux.
  *
  * @link  http://ha.ckers.org/xss.html
  *    To help develop this script I used this great list of
  *    vulnerabilities along with a few other hacks I've
  *    harvested from examining vulnerabilities in other programs.
  *
  * @param  string|array $str      input data
  * @param  bool         $is_image whether the input is an image
  *
  * @return  string|array|boolean  boolean: will return a boolean, if the "is_image"-parameter is true
  *                                string: will return a string, if the input is a string
  *                                array: will return a array, if the input is a array
  */
 public function xss_clean($str, $is_image = false)
 {
     if (is_array($str)) {
         foreach ($str as &$value) {
             $value = $this->xss_clean($value);
         }
         return $str;
     }
     // removes all non-UTF-8 characters
     // &&
     // remove NULL characters (ignored by some browsers)
     $str = UTF8::clean($str, true, true, false);
     // decode the string
     $str = $this->decode_string($str);
     // and again... removes all non-UTF-8 characters
     $str = UTF8::clean($str, true, true, false);
     // capture converted string for later comparison
     if ($is_image === true) {
         $converted_string = $str;
     }
     do {
         $old_str = $str;
         $str = $this->_do($str, $is_image);
     } while ($old_str !== $str);
     /*
      * images are Handled in a special way
      *
      * Essentially, we want to know that after all of the character
      * conversion is done whether any unwanted, likely XSS, code was found.
      *
      * If not, we return TRUE, as the image is clean.
      *
      * However, if the string post-conversion does not matched the
      * string post-removal of XSS, then it fails, as there was unwanted XSS
      * code found and removed/changed during processing.
      */
     if ($is_image === true) {
         /** @noinspection PhpUndefinedVariableInspection */
         return $str === $converted_string;
     }
     return $str;
 }
开发者ID:PHPCraftdream,项目名称:anti-xss,代码行数:71,代码来源:AntiXSS.php

示例11: filter

 /**
  * Convert a String to URL.
  *
  * e.g.: "Petty<br>theft" to "Petty-theft"
  *
  * @param string  $string                            <p>The text you want to convert.</p>
  * @param int     $maxLength                         <p>Max. length of the output string, set to -1 to disable it</p>
  * @param string  $language                          <p>The language you want to convert to.</p>
  * @param boolean $fileName                          <p>
  *                                                   Keep the "." from the extension e.g.: "imaäe.jpg" => "image.jpg"
  *                                                   </p>
  * @param boolean $removeWords                       <p>
  *                                                   Remove some "words" from the string.<br />
  *                                                   Info: Set extra words via <strong>remove_words()</strong>.
  *                                                   </p>
  * @param boolean $strToLower                        <p>Use <strong>strtolower()</strong> at the end.</p>
  * @param string  $separator                         <p>Define a new separator for the words.</p>
  * @param boolean $convertToAsciiOnlyViaLanguageMaps <p>
  *                                                   Set to <strong>true</strong> if you only want to convert the
  *                                                   language-maps.
  *                                                   (better performance, but less complete ASCII converting)
  *                                                   </p>
  * @param boolean $convertUtf8Specials               <p>
  *                                                   Convert (html) special chars with portable-utf8 (e.g. \0,
  *                                                   \xE9, %F6, ...).
  *                                                   </p>
  *
  * @return string|false false on error
  */
 public static function filter($string, $maxLength = 200, $language = 'de', $fileName = false, $removeWords = false, $strToLower = false, $separator = '-', $convertToAsciiOnlyViaLanguageMaps = false, $convertUtf8Specials = false)
 {
     if (!$language) {
         return '';
     }
     // separator-fallback
     if (null === $separator) {
         $separator = '';
     } elseif (!$separator) {
         $separator = '-';
     }
     // escaped separator
     $separatorEscaped = preg_quote($separator, '/');
     // set remove-array
     if (!isset(self::$remove_list[$language])) {
         self::reset_remove_list();
     }
     if (0 === count(self::$arrayToSeparator)) {
         self::reset_array_to_separator();
     }
     // get the remove-array
     $removeArray = self::get_remove_list($language);
     // 1) clean invalid chars
     if ($convertUtf8Specials) {
         $string = UTF8::clean($string);
     }
     // 2) replace with $separator
     $string = preg_replace(self::$arrayToSeparator, $separator, $string);
     // 3) remove all other html-tags
     $string = strip_tags($string);
     // 4) use special language replacer
     $string = self::downcode($string, $language, $convertToAsciiOnlyViaLanguageMaps, '', $convertUtf8Specials);
     // 5) replace with $separator, again
     $string = preg_replace(self::$arrayToSeparator, $separator, $string);
     // remove all these words from the string before urlifying
     if ($removeWords === true) {
         $removeWordsSearch = '/\\b(' . implode('|', $removeArray) . ')\\b/i';
     } else {
         $removeWordsSearch = '//';
     }
     // keep the "." from e.g.: a file-extension?
     if ($fileName) {
         $removePattern = '/[^' . $separatorEscaped . '.\\-a-zA-Z0-9\\s]/u';
     } else {
         $removePattern = '/[^' . $separatorEscaped . '\\-a-zA-Z0-9\\s]/u';
     }
     $string = preg_replace(array('/[' . ($separatorEscaped ?: ' ') . ']+/', '[^A-Za-z0-9]', $removePattern, '/[' . ($separatorEscaped ?: ' ') . '\\s]+/', '/^\\s+|\\s+$/', $removeWordsSearch), array($separator, '', '', $separator, '', ''), $string);
     // convert to lowercase
     if ($strToLower === true) {
         $string = strtolower($string);
     }
     // "substr" only if "$length" is set
     if ($maxLength && $maxLength > 0) {
         $string = (string) substr($string, 0, $maxLength);
     }
     // trim "$separator" from beginning and end of the string
     return trim($string, $separator);
 }
开发者ID:voku,项目名称:urlify,代码行数:87,代码来源:URLify.php


注:本文中的UTF8::clean方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。