mirror of
https://gitee.com/fastadminnet/framework.git
synced 2026-07-01 20:52:48 +08:00
增加Input和Filter类
This commit is contained in:
389
Think/Input.php
389
Think/Input.php
@@ -11,14 +11,6 @@
|
||||
// $Id$
|
||||
namespace Think;
|
||||
class Input {
|
||||
static private $filter = null; // 输入过滤
|
||||
static private $_input = array('get','post','request','env','server','cookie','session','globals','files','call');
|
||||
|
||||
//html标签设置
|
||||
public static $htmlTags = array(
|
||||
'allow' => 'table|td|th|tr|i|b|u|strong|img|p|br|div|strong|em|ul|ol|li|dl|dd|dt|a',
|
||||
'ban' => 'html|head|meta|link|base|basefont|body|bgsound|title|style|script|form|iframe|frame|frameset|applet|id|ilayer|layer|name|script|style|xml',
|
||||
);
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
@@ -33,352 +25,47 @@ class Input {
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function __callStatic($type,$args=array()) {
|
||||
$type = strtolower(trim($type));
|
||||
if(in_array($type,self::$_input,true)) {
|
||||
switch($type) {
|
||||
case 'get': $input =& $_GET;break;
|
||||
case 'post': $input =& $_POST;break;
|
||||
case 'put' : parse_str(file_get_contents('php://input'), $input);break;
|
||||
case 'param' :
|
||||
switch($_SERVER['REQUEST_METHOD']) {
|
||||
case 'POST':
|
||||
$input = $_POST;
|
||||
break;
|
||||
case 'PUT':
|
||||
parse_str(file_get_contents('php://input'), $input);
|
||||
break;
|
||||
default:
|
||||
$input = $_GET;
|
||||
}
|
||||
break;
|
||||
case 'request': $input =& $_REQUEST;break;
|
||||
case 'env': $input =& $_ENV;break;
|
||||
case 'server': $input =& $_SERVER;break;
|
||||
case 'cookie': $input =& $_COOKIE;break;
|
||||
case 'session': $input =& $_SESSION;break;
|
||||
case 'globals': $input =& $GLOBALS;break;
|
||||
case 'files': $input =& $_FILES;break;
|
||||
default:return NULL;
|
||||
}
|
||||
|
||||
if(0==count($args)) {
|
||||
// 返回全部数据
|
||||
return $input;
|
||||
}elseif(array_key_exists($args[0],$input)) {
|
||||
$filters = isset($args[1])?$args[1]:self::$filter;
|
||||
$filters = explode(',',$filters);
|
||||
$data = $input[$args[0]];
|
||||
foreach($filters as $filter){
|
||||
if(is_callable($filter)) {
|
||||
$data = is_array($data)?array_map($filter,$data):$filter($data); // 参数过滤
|
||||
}
|
||||
switch(strtolower($type)) {
|
||||
case 'get': $input =& $_GET;break;
|
||||
case 'post': $input =& $_POST;break;
|
||||
case 'put' : parse_str(file_get_contents('php://input'), $input);break;
|
||||
case 'param' :
|
||||
switch($_SERVER['REQUEST_METHOD']) {
|
||||
case 'POST':
|
||||
$input = $_POST;
|
||||
break;
|
||||
case 'PUT':
|
||||
parse_str(file_get_contents('php://input'), $input);
|
||||
break;
|
||||
default:
|
||||
$input = $_GET;
|
||||
}
|
||||
break;
|
||||
case 'request': $input =& $_REQUEST;break;
|
||||
case 'server': $input =& $_SERVER;break;
|
||||
case 'cookie': $input =& $_COOKIE;break;
|
||||
case 'session': $input =& $_SESSION;break;
|
||||
case 'globals': $input =& $GLOBALS;break;
|
||||
case 'files': $input =& $_FILES;break;
|
||||
default:return NULL;
|
||||
}
|
||||
if(''== $args[0]) {
|
||||
// 返回全部数据
|
||||
return $input;
|
||||
}elseif(array_key_exists($args[0],$input)) {
|
||||
$filters = isset($args[1])?$args[1]:'';
|
||||
$filters = explode(',',$filters);
|
||||
$data = $input[$args[0]];
|
||||
foreach($filters as $filter){
|
||||
if(is_callable($filter)) {
|
||||
$data = is_array($data)?array_map($filter,$data):$filter($data); // 参数过滤
|
||||
}
|
||||
}else{
|
||||
// 不存在指定输入
|
||||
$data = isset($args[2])?$args[2]:NULL;
|
||||
}
|
||||
return $data;
|
||||
}else{
|
||||
// 不存在指定输入
|
||||
$data = isset($args[2])?$args[2]:NULL;
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 设置数据过滤方法
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param mixed $filter 过滤方法
|
||||
+----------------------------------------------------------
|
||||
* @return void
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function filter($filter) {
|
||||
self::$filter = $filter;
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 字符MagicQuote转义过滤
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @return void
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function noGPC() {
|
||||
if ( get_magic_quotes_gpc() ) {
|
||||
$_POST = stripslashes_deep($_POST);
|
||||
$_GET = stripslashes_deep($_GET);
|
||||
$_COOKIE = stripslashes_deep($_COOKIE);
|
||||
$_REQUEST= stripslashes_deep($_REQUEST);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 处理字符串,以便可以正常进行搜索
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function forSearch($string) {
|
||||
return str_replace( array('%','_'), array('\%','\_'), $string );
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function forShow($string) {
|
||||
return self::nl2Br( self::hsc($string) );
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 处理纯文本数据,以便在textarea标签中显示
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function forTarea($string) {
|
||||
return str_ireplace(array('<textarea>','</textarea>'), array('<textarea>','</textarea>'), $string);
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 将数据中的单引号和双引号进行转义
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $text 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function forTag($string) {
|
||||
return str_replace(array('"',"'"), array('"','''), $string);
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 把换行转换为<br />标签
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function nl2Br($string) {
|
||||
return nl2Br($string);
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 如果 magic_quotes_gpc 为关闭状态,这个函数可以转义字符串
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function addSlashes($string) {
|
||||
if (!get_magic_quotes_gpc()) {
|
||||
$string = addslashes($string);
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 从$_POST,$_GET,$_COOKIE,$_REQUEST等数组中获得数据
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function getVar($string) {
|
||||
return self::stripSlashes($string);
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 如果 magic_quotes_gpc 为开启状态,这个函数可以反转义字符串
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function stripSlashes($string) {
|
||||
if (get_magic_quotes_gpc()) {
|
||||
$string = stripslashes($string);
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 用于在textbox表单中显示html代码
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static function hsc($string) {
|
||||
return preg_replace(array("/&/i", "/ /i"), array('&', '&nbsp;'), htmlspecialchars($string, ENT_QUOTES));
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 是hsc()方法的逆操作
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $text 要处理的字符串
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static function undoHsc($text) {
|
||||
return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i", '/&nbsp;/i'), array(">", "<", "\"", "'", " "), $text);
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 输出安全的html,用于过滤危险代码
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $text 要处理的字符串
|
||||
* @param mixed $allowTags 允许的标签列表,如 table|td|th|td
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function safeHtml($text, $allowTags = null) {
|
||||
$text = trim($text);
|
||||
//完全过滤注释
|
||||
$text = preg_replace('/<!--?.*-->/','',$text);
|
||||
//完全过滤动态代码
|
||||
$text = preg_replace('/<\?|\?'.'>/','',$text);
|
||||
//完全过滤js
|
||||
$text = preg_replace('/<script?.*\/script>/','',$text);
|
||||
|
||||
$text = str_replace('[','[',$text);
|
||||
$text = str_replace(']',']',$text);
|
||||
$text = str_replace('|','|',$text);
|
||||
//过滤换行符
|
||||
$text = preg_replace('/\r?\n/','',$text);
|
||||
//br
|
||||
$text = preg_replace('/<br(\s\/)?'.'>/i','[br]',$text);
|
||||
$text = preg_replace('/(\[br\]\s*){10,}/i','[br]',$text);
|
||||
//过滤危险的属性,如:过滤on事件lang js
|
||||
while(preg_match('/(<[^><]+)(lang|on|action|background|codebase|dynsrc|lowsrc)[^><]+/i',$text,$mat)){
|
||||
$text=str_replace($mat[0],$mat[1],$text);
|
||||
}
|
||||
while(preg_match('/(<[^><]+)(window\.|javascript:|js:|about:|file:|document\.|vbs:|cookie)([^><]*)/i',$text,$mat)){
|
||||
$text=str_replace($mat[0],$mat[1].$mat[3],$text);
|
||||
}
|
||||
if( empty($allowTags) ) { $allowTags = self::$htmlTags['allow']; }
|
||||
//允许的HTML标签
|
||||
$text = preg_replace('/<('.$allowTags.')( [^><\[\]]*)>/i','[\1\2]',$text);
|
||||
//过滤多余html
|
||||
if ( empty($banTag) ) { $banTag = self::$htmlTags['ban']; }
|
||||
$text = preg_replace('/<\/?('.$banTag.')[^><]*>/i','',$text);
|
||||
//过滤合法的html标签
|
||||
while(preg_match('/<([a-z]+)[^><\[\]]*>[^><]*<\/\1>/i',$text,$mat)){
|
||||
$text=str_replace($mat[0],str_replace('>',']',str_replace('<','[',$mat[0])),$text);
|
||||
}
|
||||
//转换引号
|
||||
while(preg_match('/(\[[^\[\]]*=\s*)(\"|\')([^\2=\[\]]+)\2([^\[\]]*\])/i',$text,$mat)){
|
||||
$text=str_replace($mat[0],$mat[1].'|'.$mat[3].'|'.$mat[4],$text);
|
||||
}
|
||||
//空属性转换
|
||||
$text = str_replace('\'\'','||',$text);
|
||||
$text = str_replace('""','||',$text);
|
||||
//过滤错误的单个引号
|
||||
while(preg_match('/\[[^\[\]]*(\"|\')[^\[\]]*\]/i',$text,$mat)){
|
||||
$text=str_replace($mat[0],str_replace($mat[1],'',$mat[0]),$text);
|
||||
}
|
||||
//转换其它所有不合法的 < >
|
||||
$text = str_replace('<','<',$text);
|
||||
$text = str_replace('>','>',$text);
|
||||
$text = str_replace('"','"',$text);
|
||||
//反转换
|
||||
$text = str_replace('[','<',$text);
|
||||
$text = str_replace(']','>',$text);
|
||||
$text = str_replace('|','"',$text);
|
||||
//过滤多余空格
|
||||
$text = str_replace(' ',' ',$text);
|
||||
return $text;
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 删除html标签,得到纯文本。可以处理嵌套的标签
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的html
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function deleteHtmlTags($string) {
|
||||
while(strstr($string, '>')) {
|
||||
$currentBeg = strpos($string, '<');
|
||||
$currentEnd = strpos($string, '>');
|
||||
$tmpStringBeg = @substr($string, 0, $currentBeg);
|
||||
$tmpStringEnd = @substr($string, $currentEnd + 1, strlen($string));
|
||||
$string = $tmpStringBeg.$tmpStringEnd;
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
+----------------------------------------------------------
|
||||
* 处理文本中的换行
|
||||
+----------------------------------------------------------
|
||||
* @access public
|
||||
+----------------------------------------------------------
|
||||
* @param string $string 要处理的字符串
|
||||
* @param mixed $br 对换行的处理,
|
||||
* false:去除换行;true:保留原样;string:替换成string
|
||||
+----------------------------------------------------------
|
||||
* @return string
|
||||
+----------------------------------------------------------
|
||||
*/
|
||||
static public function nl2($string, $br = '<br />') {
|
||||
if ($br == false) {
|
||||
$string = preg_replace("/(\015\012)|(\015)|(\012)/", '', $string);
|
||||
} elseif ($br != true){
|
||||
$string = preg_replace("/(\015\012)|(\015)|(\012)/", $br, $string);
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user