From e96ac8493fce9d88e07442f0d16324e18758df95 Mon Sep 17 00:00:00 2001 From: thinkphp Date: Mon, 23 Feb 2015 20:54:16 +0800 Subject: [PATCH] =?UTF-8?q?session=E7=B1=BB=E5=92=8Cinput=E7=B1=BB?= =?UTF-8?q?=E8=B0=83=E6=95=B4=20=E6=B3=A8=E9=87=8A=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- base.php | 4 +- library/org/auto.php | 4 +- library/org/crypt.php | 4 +- library/org/filter.php | 222 ------------------ library/org/image.php | 4 +- library/org/oauth.php | 4 +- library/org/parser.php | 4 +- library/org/transform.php | 6 +- library/org/upload.php | 4 +- library/org/validate.php | 4 +- library/think/app.php | 4 +- library/think/cache.php | 4 +- library/think/cache/driver/apc.php | 4 +- library/think/cache/driver/db.php | 4 +- library/think/cache/driver/eaccelerator.php | 4 +- library/think/cache/driver/file.php | 4 +- library/think/cache/driver/memcache.php | 4 +- library/think/cache/driver/redis.php | 4 +- library/think/cache/driver/secache.php | 4 +- library/think/cache/driver/simple.php | 4 +- library/think/cache/driver/sqlite.php | 4 +- library/think/cache/driver/wincache.php | 4 +- library/think/cache/driver/xcache.php | 4 +- library/think/config.php | 6 +- library/think/config/driver/ini.php | 4 +- library/think/config/driver/xml.php | 4 +- library/think/controller.php | 4 +- library/think/controller/Amf.php | 4 +- library/think/controller/Phprpc.php | 4 +- library/think/controller/Rest.php | 4 +- library/think/cookie.php | 4 +- library/think/create.php | 4 +- library/think/db.php | 6 +- library/think/db/driver.php | 4 +- library/think/db/driver/mongo.php | 6 +- library/think/db/driver/mysql.php | 6 +- library/think/db/driver/oracle.php | 6 +- library/think/db/driver/pgsql.php | 6 +- library/think/db/driver/sqlite.php | 6 +- library/think/db/driver/sqlsrv.php | 2 +- library/think/db/lite.php | 4 +- library/think/debug.php | 4 +- library/think/error.php | 4 +- library/think/exception.php | 4 +- library/think/hook.php | 4 +- library/think/input.php | 193 +++++++++------ library/think/lang.php | 4 +- library/think/loader.php | 4 +- library/think/log.php | 6 +- library/think/log/driver/file.php | 4 +- library/think/model.php | 4 +- .../{ExtendModel.php => extend_model.php} | 6 +- .../model/{MongoModel.php => mongo_model.php} | 2 +- .../{RelationModel.php => relation_model.php} | 6 +- .../model/{ViewModel.php => view_model.php} | 6 +- library/think/route.php | 4 +- library/think/seesion/driver.php | 4 +- library/think/session.php | 72 +++--- library/think/template.php | 4 +- library/think/template/driver/file.php | 4 +- library/think/template/taglib.php | 4 +- library/think/url.php | 4 +- library/think/view.php | 4 +- library/think/view/driver/think.php | 4 +- mode/common.php | 2 +- start.php | 6 +- traits/think/model/auto.php | 4 +- traits/think/model/extend.php | 4 +- traits/think/model/query.php | 4 +- traits/think/model/relation.php | 4 +- traits/think/model/view.php | 4 +- 71 files changed, 315 insertions(+), 464 deletions(-) delete mode 100644 library/org/filter.php rename library/think/model/{ExtendModel.php => extend_model.php} (83%) rename library/think/model/{MongoModel.php => mongo_model.php} (99%) rename library/think/model/{RelationModel.php => relation_model.php} (79%) rename library/think/model/{ViewModel.php => view_model.php} (79%) diff --git a/base.php b/base.php index fd417be1..f657cfd8 100644 --- a/base.php +++ b/base.php @@ -1,8 +1,8 @@ -// +---------------------------------------------------------------------- - -namespace think; - -class Filter { - //html标签设置 - static public $htmlTags = [ - 'allow' => 'table|td|th|tr|i|b|u|strong|img|p|br|div|strong|em|ul|ol|li|dl|dd|dt|a', - 'ban' => 'html|head|meta|link|base|basefont|body|bgsound|title|style|script|form|iframe|frame|frameset|applet|id|ilayer|layer|name|script|style|xml', - ]; - - static public function filter($data,$filter,$option=''){ - return filter_var($data,is_int($filter)?$filter:filter_id($filter),$option); - } - - static private function filter_input($type,$name,$filter,$options=''){ - return filter_input($type,$name,is_int($filter)?$filter:filter_id($filter),$option); - } - - static public function get($name,$filter,$option=''){ - return self::filter_input(INPUT_GET,$name,$filter,$option); - } - - static public function post($name,$filter,$option=''){ - return self::filter_input(INPUT_POST,$name,$filter,$option); - } - - static public function cookie($name,$filter,$option=''){ - return self::filter_input(INPUT_COOKIE,$name,$filter,$option); - } - - static public function server($name,$filter,$option=''){ - return self::filter_input(INPUT_SERVER,$name,$filter,$option); - } - - /** - * 处理字符串,以便可以正常进行搜索 - * @access public - * @param string $string 要处理的字符串 - * @return string - */ - static public function forSearch($string) { - return str_replace( ['%','_'], ['\%','\_'], $string ); - } - - /** - * @access public - * @param string $string 要处理的字符串 - * @return string - */ - static public function forShow($string) { - return self::nl2Br( self::hsc($string) ); - } - - /** - * 处理纯文本数据,以便在textarea标签中显示 - * @access public - * @param string $string 要处理的字符串 - * @return string - */ - static public function forTarea($string) { - return str_ireplace([''], ['<textarea>','</textarea>'], $string); - } - - /** - * 将数据中的单引号和双引号进行转义 - * @access public - * @param string $text 要处理的字符串 - * @return string - */ - static public function forTag($string) { - return str_replace(['"',"'"], ['"','''], $string); - } - - /** - * 把换行转换为
标签 - * @access public - * @param string $string 要处理的字符串 - * @return string - */ - static public function nl2Br($string) { - return nl2Br($string); - } - - /** - * 如果 magic_quotes_gpc 为关闭状态,这个函数可以转义字符串 - * @access public - * @param string $string 要处理的字符串 - * @return string - */ - static public function addSlashes($string) { - return addslashes($string); - } - - /** - * 用于在textbox表单中显示html代码 - * @access public - * @param string $string 要处理的字符串 - * @return string - */ - static function hsc($string) { - return preg_replace(["/&/i", "/ /i"], ['&', '&nbsp;'], htmlspecialchars($string, ENT_QUOTES)); - } - - /** - * 是hsc()方法的逆操作 - * @access public - * @param string $text 要处理的字符串 - * @return string - */ - static function undoHsc($text) { - return preg_replace(["/>/i", "/</i", "/"/i", "/'/i", '/&nbsp;/i'], [">", "<", "\"", "'", " "], $text); - } - - /** - * 输出安全的html,用于过滤危险代码 - * @access public - * @param string $text 要处理的字符串 - * @param mixed $allowTags 允许的标签列表,如 table|td|th|td - * @return string - */ - static public function safeHtml($text, $allowTags = null) { - $text = trim($text); - //完全过滤注释 - $text = preg_replace('//','',$text); - //完全过滤动态代码 - $text = preg_replace('/<\?|\?'.'>/','',$text); - //完全过滤js - $text = preg_replace('//','',$text); - - $text = str_replace('[','[',$text); - $text = str_replace(']',']',$text); - $text = str_replace('|','|',$text); - //过滤换行符 - $text = preg_replace('/\r?\n/','',$text); - //br - $text = preg_replace('//i','[br]',$text); - $text = preg_replace('/(\[br\]\s*){10,}/i','[br]',$text); - //过滤危险的属性,如:过滤on事件lang js - while(preg_match('/(<[^><]+)(lang|on|action|background|codebase|dynsrc|lowsrc)[^><]+/i',$text,$mat)){ - $text=str_replace($mat[0],$mat[1],$text); - } - while(preg_match('/(<[^><]+)(window\.|javascript:|js:|about:|file:|document\.|vbs:|cookie)([^><]*)/i',$text,$mat)){ - $text=str_replace($mat[0],$mat[1].$mat[3],$text); - } - if( empty($allowTags) ) { $allowTags = self::$htmlTags['allow']; } - //允许的HTML标签 - $text = preg_replace('/<('.$allowTags.')( [^><\[\]]*)>/i','[\1\2]',$text); - //过滤多余html - if ( empty($banTag) ) { $banTag = self::$htmlTags['ban']; } - $text = preg_replace('/<\/?('.$banTag.')[^><]*>/i','',$text); - //过滤合法的html标签 - while(preg_match('/<([a-z]+)[^><\[\]]*>[^><]*<\/\1>/i',$text,$mat)){ - $text=str_replace($mat[0],str_replace('>',']',str_replace('<','[',$mat[0])),$text); - } - //转换引号 - while(preg_match('/(\[[^\[\]]*=\s*)(\"|\')([^\2=\[\]]+)\2([^\[\]]*\])/i',$text,$mat)){ - $text=str_replace($mat[0],$mat[1].'|'.$mat[3].'|'.$mat[4],$text); - } - //空属性转换 - $text = str_replace('\'\'','||',$text); - $text = str_replace('""','||',$text); - //过滤错误的单个引号 - while(preg_match('/\[[^\[\]]*(\"|\')[^\[\]]*\]/i',$text,$mat)){ - $text=str_replace($mat[0],str_replace($mat[1],'',$mat[0]),$text); - } - //转换其它所有不合法的 < > - $text = str_replace('<','<',$text); - $text = str_replace('>','>',$text); - $text = str_replace('"','"',$text); - //反转换 - $text = str_replace('[','<',$text); - $text = str_replace(']','>',$text); - $text = str_replace('|','"',$text); - //过滤多余空格 - $text = str_replace(' ',' ',$text); - return $text; - } - - /** - * 删除html标签,得到纯文本。可以处理嵌套的标签 - * @access public - * @param string $string 要处理的html - * @return string - */ - static public function deleteHtmlTags($string) { - while(strstr($string, '>')) { - $currentBeg = strpos($string, '<'); - $currentEnd = strpos($string, '>'); - $tmpStringBeg = @substr($string, 0, $currentBeg); - $tmpStringEnd = @substr($string, $currentEnd + 1, strlen($string)); - $string = $tmpStringBeg.$tmpStringEnd; - } - return $string; - } - - /** - * 处理文本中的换行 - * @access public - * @param string $string 要处理的字符串 - * @param mixed $br 对换行的处理, - * false:去除换行;true:保留原样;string:替换成string - * @return string - */ - static public function nl2($string, $br = '
') { - if ($br == false) { - $string = preg_replace("/(\015\012)|(\015)|(\012)/", '', $string); - } elseif ($br != true){ - $string = preg_replace("/(\015\012)|(\015)|(\012)/", $br, $string); - } - return $string; - } -} diff --git a/library/org/image.php b/library/org/image.php index f0c3d353..92c8f591 100644 --- a/library/org/image.php +++ b/library/org/image.php @@ -1,8 +1,8 @@ +// | Author: liu21st // +---------------------------------------------------------------------- namespace think; diff --git a/library/org/upload.php b/library/org/upload.php index 338898f8..11cd13a1 100644 --- a/library/org/upload.php +++ b/library/org/upload.php @@ -1,8 +1,8 @@ parse($config),'',$range); } diff --git a/library/think/config/driver/ini.php b/library/think/config/driver/ini.php index bfa33da0..8e29bece 100644 --- a/library/think/config/driver/ini.php +++ b/library/think/config/driver/ini.php @@ -1,8 +1,8 @@ $val) { $result[$key] = is_array($val) ? self::filter($filter, $val) diff --git a/library/think/lang.php b/library/think/lang.php index 72d5dfe8..6a0e21a2 100644 --- a/library/think/lang.php +++ b/library/think/lang.php @@ -1,8 +1,8 @@ // +---------------------------------------------------------------------- -namespace Think; + /** * ThinkPHP 普通模式定义 */ diff --git a/start.php b/start.php index f75590ac..993085c3 100644 --- a/start.php +++ b/start.php @@ -1,15 +1,15 @@ // +---------------------------------------------------------------------- -namespace Think; +namespace think; //-------------------------- // ThinkPHP 引导文件 diff --git a/traits/think/model/auto.php b/traits/think/model/auto.php index 54f1d444..5f2f871d 100644 --- a/traits/think/model/auto.php +++ b/traits/think/model/auto.php @@ -1,8 +1,8 @@