<?php
/*
判斷傳遞的變量中是否含有非法字符
//要過濾的非法字符 如post get
*/
$ArrFiltrate=array("’",";","union","true","../");
//出錯後要跳轉的url,不填則默認前一頁
$StrGoUrl="http://XXX.tw";
//是否存在數組中的值
function FunStringExist($StrFiltrate,$ArrFiltrate){
foreach ($ArrFiltrate as $key=>$value){
if(eregi($value,$StrFiltrate)){
return true;
}
}
return false;
}
foreach($_POST as $key=>$value){
$ArrayPostAndGet[]=$value;
}
foreach($_GET as $key=>$value){
$ArrPostAndGet[]=$value;
}
//驗證開始
foreach($ArrPostAndGet as $key=>$value){
if(FunStringExist($value,$ArrFiltrate)){
if(empty($StrGoUrl)){
echo "<script>history.go(-1);</script>";
}else{
echo_script_alert_ref("非法字符",'');
}
}
}
?>
範例:以下連結會被過濾 將不能執行正確網址加 /index.php?module=Opportunities&action=/../../../../../../../../boot.ini%
00&advanced=true HTTP/1.0
沒有留言:
張貼留言