Explore Enterprise Education Gitee Premium Gitee AI AI teammates
Fetch the repository succeeded.
Create your Gitee Account
Explore and code with more than 14 million developers,Free private repositories !:)
Sign up
Already have an account? Sign in
文件
master
Branches (44)
Tags (1)
master
v1.6.4-appjson
v1.6.x-pc
v1.6.4
v1.6.5
v1.6.3
v1.6.3-storage
v1.6.2
v1.6-web
v1.6.1
v1.6.0
v1.6.1-image
v1.5.9
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.x-new
brjun1.0
v1.5.2
This repository doesn't specify license. Please pay attention to the specific project description and its upstream code dependency when using it.
The license selected for the repository is subject to the license used by the main branch of the repository.
master
Branches (44)
Tags (1)
master
v1.6.4-appjson
v1.6.x-pc
v1.6.4
v1.6.5
v1.6.3
v1.6.3-storage
v1.6.2
v1.6-web
v1.6.1
v1.6.0
v1.6.1-image
v1.5.9
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.x-new
brjun1.0
v1.5.2
Clone or Download
Clone/Download
Prompt
To download the code, please copy the following command and execute it in the terminal
To ensure that your submitted code identity is correctly recognized by Gitee, please execute the following command.
When using the SSH protocol for the first time to clone or push code, follow the prompts below to complete the SSH configuration.
1 Generate RSA keys.
2 Obtain the content of the RSA public key and configure it in SSH Public Keys
To use SVN on Gitee, please visit the usage guide
When using the HTTPS protocol, the command line will prompt for account and password verification as follows. For security reasons, Gitee recommends configure and use personal access tokens instead of login passwords for cloning, pushing, and other operations.
Username for 'https://gitee.com': userName
Password for 'https://userName@gitee.com': # Private Token
master
Branches (44)
Tags (1)
master
v1.6.4-appjson
v1.6.x-pc
v1.6.4
v1.6.5
v1.6.3
v1.6.3-storage
v1.6.2
v1.6-web
v1.6.1
v1.6.0
v1.6.1-image
v1.5.9
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.x-new
brjun1.0
v1.5.2
pros
/
framework
/
function
/
safe.func.php
pros
/
framework
/
function
/
safe.func.php
safe.func.php 7.50 KB
Copy Edit Raw Blame History
brjun authored 2019年03月13日 16:24 +08:00 . 2.0上线
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269
<?php
/**
* 提供系统安全获取传入值
* [WeEngine System] Copyright (c) 2013 WE7.CC
*/
defined('IN_IA') or exit('Access Denied');
/**
* 从GPC中获取一个数字
* @param unknown $value
* @param string $default
*/
function safe_gpc_int($value, $default = 0) {
//如果包含小数点,优先按float对待
//否则一律按int对待
if (strpos($value, '.') !== false) {
$value = floatval($value);
$default = floatval($default);
} else {
$value = intval($value);
$default = intval($default);
}
if (empty($value) && $default != $value) {
$value = $default;
}
return $value;
}
function safe_gpc_belong($value, $allow = array(), $default = '') {
if (empty($allow)) {
return $default;
}
if (in_array($value, $allow, true)) {
return $value;
} else {
return $default;
}
}
/**
* 转换一个安全字符串
* @param mixed $value
* @param string $default
* @return string
*/
function safe_gpc_string($value, $default = '') {
$value = safe_bad_str_replace($value);
$value = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4}));)/', '&\1円', $value);
if (empty($value) && $default != $value) {
$value = $default;
}
return $value;
}
/**
* 转换一个安全路径
* @param string $value
* @param string $default
* @return string
*/
function safe_gpc_path($value, $default = '') {
$path = safe_gpc_string($value);
$path = str_replace(array('..', '..\\', '\\\\' ,'\\', '..\\\\'), '', $path);
if (empty($path) || $path != $value) {
$path = $default;
}
return $path;
}
/**
* 转换一个安全的字符串型数组
* @param unknown $value
* @param array $default
*/
function safe_gpc_array($value, $default = array()) {
if (empty($value) || !is_array($value)) {
return $default;
}
foreach ($value as &$row) {
if (is_numeric($row)) {
$row = safe_gpc_int($row);
} elseif (is_array($row)) {
$row = safe_gpc_array($row, $default);
} else {
$row = safe_gpc_string($row);
}
}
return $value;
}
/**
* 转换一个安全的布尔值
* @param mixed $value
* @param boolean $default
* @return boolean
*/
function safe_gpc_boolean($value, $default = false) {
$value = safe_gpc_int($value, $default);
return empty($value) ? false : true;
}
/**
* 转换一个安全HTML数据
*/
function safe_gpc_html($value, $default = '') {
if (empty($value) || !is_string($value)) {
return $default;
}
$value = safe_bad_str_replace($value);
$value = safe_remove_xss($value);
if (empty($value) && $value != $default) {
$value = $default;
}
return $value;
}
function safe_gpc_sql($value, $operator = 'ENCODE', $default = '') {
if (empty($value) || !is_string($value)) {
return $default;
}
$value = trim(strtolower($value));
$badstr = array(
'_', '%', "'", chr(39),
'select', 'join', 'union',
'where', 'insert', 'delete',
'update', 'like', 'drop',
'create', 'modify', 'rename',
'alter', 'cast',
);
$newstr = array(
'\_', '\%', "''", '&#39;',
'sel&#101;ct"', 'jo&#105;n', 'un&#105;on',
'wh&#101;re', 'ins&#101;rt', 'del&#101;te',
'up&#100;ate', 'lik&#101;', 'dro&#112',
'cr&#101;ate', 'mod&#105;fy', 'ren&#097;me"',
'alt&#101;r', 'ca&#115;',
);
if ($operator == 'ENCODE') {
$value = str_replace($badstr, $newstr, $value);
} else {
$value = str_replace($newstr, $badstr, $value);
}
return $value;
}
/**
* 转换一个安全URL
* @param $_GPC中的值
* @param boolean $strict_domain 是否严格限制只能为当前域下的URL
* @param string $default
*/
function safe_gpc_url($value, $strict_domain = true, $default = '') {
global $_W;
if (empty($value) || !is_string($value)) {
return $default;
}
$value = urldecode($value);
if (starts_with($value, './')) {
return $value;
}
if ($strict_domain) {
if (starts_with($value, $_W['siteroot'])) {
return $value;
}
return $default;
}
if (starts_with($value, 'http') || starts_with($value, '//')) {
return $value;
}
return $default;
}
/**
* 去掉可能造成xss攻击的字符
* @param $val $string 需处理的字符串
*/
function safe_remove_xss($val) {
$val = preg_replace('/([\x0e-\x19])/', '', $val);
$search = 'abcdefghijklmnopqrstuvwxyz';
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$search .= '1234567890!@#$%^&*()';
$search .= '~`";:?+/={}[]-_|\'\\';
for ($i = 0; $i < strlen($search); $i++) {
$val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val);
$val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val);
}
preg_match_all('/href=[\'|\"](.*?)[\'|\"]|src=[\'|\"](.*?)[\'|\"]/i', $val, $matches);
$url_list = array_merge($matches[1], $matches[2]);
$encode_url_list = array();
if (!empty($url_list)) {
foreach ($url_list as $key => $url) {
$val = str_replace($url, 'we7_' . $key . '_we7placeholder', $val);
$encode_url_list[] = $url;
}
}
$ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'script', 'embed', 'object', 'frameset', 'ilayer', 'bgsound', 'base');
$ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload', '@import');
$ra = array_merge($ra1, $ra2);
$found = true;
while ($found == true) {
$val_before = $val;
for ($i = 0; $i < sizeof($ra); $i++) {
$pattern = '/';
for ($j = 0; $j < strlen($ra[$i]); $j++) {
if ($j > 0) {
$pattern .= '(';
$pattern .= '(&#[xX]0{0,8}([9ab]);)';
$pattern .= '|';
$pattern .= '|(&#0{0,8}([9|10|13]);)';
$pattern .= ')*';
}
$pattern .= $ra[$i][$j];
}
$pattern .= '/i';
$replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);
$val = preg_replace($pattern, $replacement, $val);
if ($val_before == $val) {
$found = false;
}
}
}
if (!empty($encode_url_list) && is_array($encode_url_list)) {
foreach ($encode_url_list as $key => $url) {
$val = str_replace('we7_' . $key . '_we7placeholder', $url, $val);
}
}
return $val;
}
function safe_bad_str_replace($string) {
if (empty($string)) {
return '';
}
$badstr = array("0円", "%00", "%3C", "%3E", '<?', '<%', '<?php', '{php', '{if', '{loop', '../');
$newstr = array('_', '_', '&lt;', '&gt;', '_', '_', '_', '_', '_', '_', '.._');
$string = str_replace($badstr, $newstr, $string);
return $string;
}
/**
* 检测密码强度
* @param $password
* @return array|bool
*/
function safe_check_password($password) {
$setting = setting_load('register');
if (!$setting['register']['safe']) {
return true;
}
preg_match(PASSWORD_STRONG_REGULAR, $password, $out);
if (empty($out)) {
return error(-1, PASSWORD_STRONG_STATE);
} else {
return true;
}
}
Loading...
Report
Report success
We will send you the feedback within 2 working days through the letter!
Please fill in the reason for the report carefully. Provide as detailed a description as possible.
Please select a report type
Cancel
Send
误判申诉

此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。

如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。

取消
提交

About

微擎是一款免费开源的微信公众号管理系统,基于目前最流行的WEB2.0架构(php+mysql),支持在线升级和安装模块及模板,拥有良好的开发框架、成熟稳定的技术解决方案、活跃的第三方开发者及开发团队,依托微擎开放的生态系统,提供丰富的扩展功能。除了Master外其它分支皆为不稳定的开发版。欢迎大家Fork
Cancel

Releases

No release

Contributors

All

Activities

can not load any more
Edit
About
Homepage
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
PHP
1
https://gitee.com/netdebug/pros.git
git@gitee.com:netdebug/pros.git
netdebug
pros
pros
master
Going to Help Center

Search

Repository Report
Back to the top
Login prompt
This operation requires login to the code cloud account. Please log in before operating.
Go to login
No account. Register

AltStyle によって変換されたページ (->オリジナル) /