public $datas = null;
protected function gv($name = '') {
if ($this->datas === null) {
$postStr = file_get_contents("php://input");
$data = json_decode($postStr, true);
$this->SafeFilter($data['content']);
if (isset($data['content'])) {
$this->datas = $data['content'];
} else {
$this->datas = array();
}
}
if (!empty($name)) {
if (!empty($this->datas[$name]) || $this->datas[$name] != null) {
return $this->datas[$name];
} else {
return '';
}
} else {
return $this->datas;
}
}
//php防注入和XSS攻擊過濾.
function SafeFilter(&$arr) {
$ra = Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '/script/', '/javascript/', '/vbscript/', '/expression/', '/applet/', '/meta/', '/xml/', '/blink/', '/link/', '/style/', '/embed/', '/object/',
'/frame/', '/layer/', '/title/', '/bgsound/', '/base/', '/onload/', '/onunload/', '/onchange/', '/onsubmit/', '/onreset/', '/onselect/', '/onblur/', '/onfocus/', '/onabort/',
'/onkeydown/', '/onkeypress/', '/onkeyup/', '/onclick/', '/ondblclick/', '/onmousedown/', '/onmousemove/', '/onmouseout/', '/onmouseover/', '/onmouseup/', '/onunload/');
if (is_array($arr)) {
foreach ($arr as $key => $value) {
if (!is_array($value)) {
if (!get_magic_quotes_gpc()) { //不對magic_quotes_gpc轉義過的字符使用addslashes(),避免雙重轉義。
$value = addslashes($value); //給單引號(')、雙引號(")、反斜線(\)與 NUL(NULL 字符)加上反斜線轉義
}
$value = preg_replace($ra, '', $value); //刪除非打印字符,粗暴式過濾xss可疑字符串
$arr[$key] = htmlentities(strip_tags($value)); //去除 HTML 和 PHP 標記並轉換為 HTML 實體
} else {
$this->SafeFilter($arr[$key]);
}
}
}
}