diff --git a/Think/Filter.php b/Think/Filter.php
new file mode 100644
index 00000000..617bd64a
--- /dev/null
+++ b/Think/Filter.php
@@ -0,0 +1,221 @@
+
+// +----------------------------------------------------------------------
+// $Id$
+namespace Think;
+class Filter {
+ //html标签设置
+ public static $htmlTags = array(
+ 'allow' => 'table|td|th|tr|i|b|u|strong|img|p|br|div|strong|em|ul|ol|li|dl|dd|dt|a',
+ 'ban' => 'html|head|meta|link|base|basefont|body|bgsound|title|style|script|form|iframe|frame|frameset|applet|id|ilayer|layer|name|script|style|xml',
+ );
+
+ static public function filter($data,$filter,$option=''){
+ return filter_var($data,is_int($filter)?$filter:filter_id($filter),$option);
+ }
+
+ static private function filter_input($type,$name,$filter,$options=''){
+ return filter_input($type,$name,is_int($filter)?$filter:filter_id($filter),$option);
+ }
+
+ static public function get($name,$filter,$option=''){
+ return self::filter_input(INPUT_GET,$name,$filter,$option);
+ }
+
+ static public function post($name,$filter,$option=''){
+ return self::filter_input(INPUT_POST,$name,$filter,$option);
+ }
+
+ static public function cookie($name,$filter,$option=''){
+ return self::filter_input(INPUT_COOKIE,$name,$filter,$option);
+ }
+
+ static public function server($name,$filter,$option=''){
+ return self::filter_input(INPUT_SERVER,$name,$filter,$option);
+ }
+
+ /**
+ * 处理字符串,以便可以正常进行搜索
+ * @access public
+ * @param string $string 要处理的字符串
+ * @return string
+ */
+ static public function forSearch($string) {
+ return str_replace( array('%','_'), array('\%','\_'), $string );
+ }
+
+ /**
+ * @access public
+ * @param string $string 要处理的字符串
+ * @return string
+ */
+ static public function forShow($string) {
+ return self::nl2Br( self::hsc($string) );
+ }
+
+ /**
+ * 处理纯文本数据,以便在textarea标签中显示
+ * @access public
+ * @param string $string 要处理的字符串
+ * @return string
+ */
+ static public function forTarea($string) {
+ return str_ireplace(array(''), array('<textarea>','</textarea>'), $string);
+ }
+
+ /**
+ * 将数据中的单引号和双引号进行转义
+ * @access public
+ * @param string $text 要处理的字符串
+ * @return string
+ */
+ static public function forTag($string) {
+ return str_replace(array('"',"'"), array('"','''), $string);
+ }
+
+ /**
+ * 把换行转换为
标签
+ * @access public
+ * @param string $string 要处理的字符串
+ * @return string
+ */
+ static public function nl2Br($string) {
+ return nl2Br($string);
+ }
+
+ /**
+ * 如果 magic_quotes_gpc 为关闭状态,这个函数可以转义字符串
+ * @access public
+ * @param string $string 要处理的字符串
+ * @return string
+ */
+ static public function addSlashes($string) {
+ return addslashes($string);
+ }
+
+ /**
+ * 用于在textbox表单中显示html代码
+ * @access public
+ * @param string $string 要处理的字符串
+ * @return string
+ */
+ static function hsc($string) {
+ return preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($string, ENT_QUOTES));
+ }
+
+ /**
+ * 是hsc()方法的逆操作
+ * @access public
+ * @param string $text 要处理的字符串
+ * @return string
+ */
+ static function undoHsc($text) {
+ return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i", '/ /i'), array(">", "<", "\"", "'", " "), $text);
+ }
+
+ /**
+ * 输出安全的html,用于过滤危险代码
+ * @access public
+ * @param string $text 要处理的字符串
+ * @param mixed $allowTags 允许的标签列表,如 table|td|th|td
+ * @return string
+ */
+ static public function safeHtml($text, $allowTags = null) {
+ $text = trim($text);
+ //完全过滤注释
+ $text = preg_replace('//','',$text);
+ //完全过滤动态代码
+ $text = preg_replace('/<\?|\?'.'>/','',$text);
+ //完全过滤js
+ $text = preg_replace('/