// +----------------------------------------------------------------------
// $Id$
namespace Think;
class Input {
static private $filter = null; // 输入过滤
static private $_input = array('get','post','request','env','server','cookie','session','globals','files','call');
//html标签设置
public static $htmlTags = array(
'allow' => 'table|td|th|tr|i|b|u|strong|img|p|br|div|strong|em|ul|ol|li|dl|dd|dt|a',
'ban' => 'html|head|meta|link|base|basefont|body|bgsound|title|style|script|form|iframe|frame|frameset|applet|id|ilayer|layer|name|script|style|xml',
);
/**
+----------------------------------------------------------
* 魔术方法 有不存在的操作的时候执行
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $type 输入数据类型
* @param array $args 参数 array(key,filter,default)
+----------------------------------------------------------
* @return mixed
+----------------------------------------------------------
*/
static public function __callStatic($type,$args=array()) {
$type = strtolower(trim($type));
if(in_array($type,self::$_input,true)) {
switch($type) {
case 'get': $input =& $_GET;break;
case 'post': $input =& $_POST;break;
case 'put' : parse_str(file_get_contents('php://input'), $input);break;
case 'param' :
switch($_SERVER['REQUEST_METHOD']) {
case 'POST':
$input = $_POST;
break;
case 'PUT':
parse_str(file_get_contents('php://input'), $input);
break;
default:
$input = $_GET;
}
break;
case 'request': $input =& $_REQUEST;break;
case 'env': $input =& $_ENV;break;
case 'server': $input =& $_SERVER;break;
case 'cookie': $input =& $_COOKIE;break;
case 'session': $input =& $_SESSION;break;
case 'globals': $input =& $GLOBALS;break;
case 'files': $input =& $_FILES;break;
default:return NULL;
}
if(0==count($args)) {
// 返回全部数据
return $input;
}elseif(array_key_exists($args[0],$input)) {
$filters = isset($args[1])?$args[1]:self::$filter;
$filters = explode(',',$filters);
$data = $input[$args[0]];
foreach($filters as $filter){
if(is_callable($filter)) {
$data = is_array($data)?array_map($filter,$data):$filter($data); // 参数过滤
}
}
}else{
// 不存在指定输入
$data = isset($args[2])?$args[2]:NULL;
}
return $data;
}
}
/**
+----------------------------------------------------------
* 设置数据过滤方法
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param mixed $filter 过滤方法
+----------------------------------------------------------
* @return void
+----------------------------------------------------------
*/
static public function filter($filter) {
self::$filter = $filter;
}
/**
+----------------------------------------------------------
* 字符MagicQuote转义过滤
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @return void
+----------------------------------------------------------
*/
static public function noGPC() {
if ( get_magic_quotes_gpc() ) {
$_POST = stripslashes_deep($_POST);
$_GET = stripslashes_deep($_GET);
$_COOKIE = stripslashes_deep($_COOKIE);
$_REQUEST= stripslashes_deep($_REQUEST);
}
}
/**
+----------------------------------------------------------
* 处理字符串,以便可以正常进行搜索
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function forSearch($string) {
return str_replace( array('%','_'), array('\%','\_'), $string );
}
/**
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function forShow($string) {
return self::nl2Br( self::hsc($string) );
}
/**
+----------------------------------------------------------
* 处理纯文本数据,以便在textarea标签中显示
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function forTarea($string) {
return str_ireplace(array(''), array('<textarea>','</textarea>'), $string);
}
/**
+----------------------------------------------------------
* 将数据中的单引号和双引号进行转义
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $text 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function forTag($string) {
return str_replace(array('"',"'"), array('"','''), $string);
}
/**
+----------------------------------------------------------
* 把换行转换为
标签
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function nl2Br($string) {
return nl2Br($string);
}
/**
+----------------------------------------------------------
* 如果 magic_quotes_gpc 为关闭状态,这个函数可以转义字符串
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function addSlashes($string) {
if (!get_magic_quotes_gpc()) {
$string = addslashes($string);
}
return $string;
}
/**
+----------------------------------------------------------
* 从$_POST,$_GET,$_COOKIE,$_REQUEST等数组中获得数据
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function getVar($string) {
return self::stripSlashes($string);
}
/**
+----------------------------------------------------------
* 如果 magic_quotes_gpc 为开启状态,这个函数可以反转义字符串
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function stripSlashes($string) {
if (get_magic_quotes_gpc()) {
$string = stripslashes($string);
}
return $string;
}
/**
+----------------------------------------------------------
* 用于在textbox表单中显示html代码
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $string 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static function hsc($string) {
return preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($string, ENT_QUOTES));
}
/**
+----------------------------------------------------------
* 是hsc()方法的逆操作
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $text 要处理的字符串
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static function undoHsc($text) {
return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i", '/ /i'), array(">", "<", "\"", "'", " "), $text);
}
/**
+----------------------------------------------------------
* 输出安全的html,用于过滤危险代码
+----------------------------------------------------------
* @access public
+----------------------------------------------------------
* @param string $text 要处理的字符串
* @param mixed $allowTags 允许的标签列表,如 table|td|th|td
+----------------------------------------------------------
* @return string
+----------------------------------------------------------
*/
static public function safeHtml($text, $allowTags = null) {
$text = trim($text);
//完全过滤注释
$text = preg_replace('//','',$text);
//完全过滤动态代码
$text = preg_replace('/<\?|\?'.'>/','',$text);
//完全过滤js
$text = preg_replace('/