php get_magic_quotes_gpc()如何去除插入的转义字符?
[英]php get_magic_quotes_gpc() how can I strip the inserted escape characters?
问题描述
I am in the process of building my contact forms email address validation script. 
我正在建立联系表单电子邮件地址验证脚本。 Having debugged it and run basic test's using valid email addresses which all passed I went on to test for invalid addresses. 使用有效的电子邮件地址调试并运行基本测试之后,我继续测试无效的地址。 My first test was .ala.dom.com which is a clear invalid with both starting and ending dots. 我的第一个测试是.ala.dom.com ,它显然是无效的,同时包含开始点和结束点。 I expected to get my error message thrown up. 我希望得到我的错误消息。 However; 然而; my host has set the magic_quotes on and instead the email went through because the escaped the whole local part of the address with " like this ".ala."@dom.com 我的主机已将magic_quotes设置为开,而电子邮件却通过了,因为用“这样的".ala."@dom.com转义了地址的整个本地部分。
This is an excert of the actual header that arrived in the email inbox - 这是到达电子邮件收件箱的实际标头的专家-
Received: by srv28.000webhost.com (Postfix, from userid 7695918)
id 899601EE9C2; Sat, 5 Oct 2013 16:21:37 -0400 (EDT)
To: net@weedy101.netii.net
Subject: Should fold
X-PHP-Script: weedy101.netii.net/new-mail.php for 2.26.7.205
From: ".ala."@dom.com
Reply-To: ".ala."@dom.com
Content-type: text/html
Message-Id: <20131005202137.899601EE9C2@srv28.000webhost.com>
Date: Sat, 5 Oct 2013 16:21:37 -0400 (EDT)
My host's are 000webhosts.com with a free account so even though they are only using php 5.2.* I can't access the php.ini to change the setting so therefore I need to programtically strip the inserted characters, or find another work around. 我的主机是具有免费帐户的000webhosts.com ,因此即使它们仅使用php 5.2.*我也无法访问php.ini来更改设置,因此,我需要以编程方式剥离插入的字符,或找到其他解决方法。 I am totally stumped as to how best to handle this problem. 我对如何最好地解决这个问题感到非常困惑。 My validation script is - 我的验证脚本是-
<?php
if (isset($_POST['name']) && isset($_POST['message']) && isset($_POST['email']) && isset($_POST['subject'])) {
$name = $_POST['name'];
$text = $_POST['message'];
$contact = $_POST['email'];
$subject = $_POST['subject'];
$isValid = true;
$atIndex = strrpos($contact, "@");
$problem = 1;
if (is_bool($atIndex) && !$atIndex) {
$isValid = false;
$problem = 2;
}
else {
$domain = substr($contact, $atIndex+1);
$local = substr($contact, 0, $atIndex);
$localLen = strlen($local);
$domainLen = strlen($domain);
if ($localLen < 1 || $localLen > 64) {
$isValid = false;
$problem = 3;
}
else if ($domainLen < 1 || $domainLen > 255) {
$isValid = false;
$problem = 4;
}
else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
$isValid = false;
$problem = 5;
}
else if (preg_match('/\\.\\./', $domain)) {
$isValid = false;
$problem = 6;
}
else if (!(checkdnsrr($domain,"MX") || checkdnsrr($domain, "A"))) {
$isValid = false;
$problem = 7;
}
else if (!preg_match('/^(\\\\.|[A-Za-z0-9!#%£`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) {
if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) {
$isValid = false;
$problem = 8;
}
else if ($local[0] == '.' || $local[$localLen-1] == '.')
$isValid = false;
$problem = 9;
}
else if (preg_match('/\\.\\./', $local)) {
$isValid = false;
$problem = 10;
}
}
}
else {
$problem = 11;
}
if ($isValid == true) {
$message = "Message : <br/>" .$text . "<br/><br/>" . "From: " . $name . "<br/>" . $contact;
$headers = 'From: '. $contact . "\r\n" . 'Reply-To: ' . $contact . "\r\n" . "Content-type: text/html\r\n";
$mailto = 'net@weedy101.netii.net';
mail($mailto, $subject, $message, $headers );
}
header('location: index.php?pass='.$problem);
?>
Fell free to adapt this as I am adapting it from the article "Validate an E-Mail Address with PHP, the Right Way" on http://www.linuxjournal.com/article/9585?page=0,0 随意调整它,因为我正在http://www.linuxjournal.com/article/9585?page=0,0上的文章“使用PHP验证电子邮件地址,正确的方法”进行调整
<EDIT>
After running through all the help offered here and working through many experiments that is lead to I am still stuck. 经过这里提供的所有帮助并进行了许多实验之后,仍然无法解决我的问题。 Although I can get things to work by copying verbatim the original reference articles example at http://www.linuxjournal.com/article/9585?page=0,0 and this is all good, what I can't do is adapt it other than changing the preg match strings which would defeat the object anyway. 尽管我可以通过逐字复制原始参考文章示例(例如http://www.linuxjournal.com/article/9585?page=0,0)来使事情起作用,这一切都很好,但是我不能做的就是适应它除了更改预浸料的匹配字符串以外,无论如何都会打败对象。 So if anybody can see a way to make this more adaptable, ie portable as an external function or class so it can be reused at will. 因此,如果有人能看到使它更具适应性的方法,即作为外部函数或类可移植,那么可以随意重用它。 I would seriously appreciate the help. 我将非常感谢您的帮助。
So I'm going to mark this as answered but will keep reading the comments and any new answers in the hope of one day being able to understand what exactly is stopping this subroutine from being separated out and used more flexibly. 因此,我将其标记为已回答,但将继续阅读评论和任何新答案,以期有一天能够了解到底是什么阻止了此子例程的分离和更灵活地使用。
3 个解决方案
解决方案1
0 2013-10-05 20:59:54
There's a sample code directly in the documentation : 在文档中直接有一个示例代码:
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
解决方案2
0 2013-10-05 21:10:01
You do know the filter_var function? 您知道filter_var函数吗?
var_dump(filter_var('bob@example.com', FILTER_VALIDATE_EMAIL));
It's not perfect but does a way better job than you do... 它不是完美的,但是比您做得更好。
PS : To validate an email first filter_var it and then use this method here (not my site but first that came up in google for php validate mx) with checkdnsrr if you want to make sure the domain can actually handle email. PS :要验证电子邮件,请先filter_var它,然后在此使用此方法 (不是我的网站,而是首先在google for php中出现的PHP validate mx)与checkdnsrr如果您要确保域可以实际处理电子邮件。 If no MX records are found, it's safe to assume email won't reach it. 如果未找到MX记录,则可以安全地认为电子邮件不会到达该记录。 Or try a brute force port 25 socket connect too just to be really sure. 或也可以尝试使用蛮力端口25插座连接,以确保真正确定。
解决方案3
0 2013-10-08 15:25:11
As per the new edit of my question. 根据我的问题的新编辑。
Thanks all who have offered your help it is much appreciated, unfortunately I have failed to make this subroutine portable and flexible. 非常感谢所有提供您帮助的人,非常感谢,但是我未能使此子例程具有可移植性和灵活性。 The only way I have been able to implement it at all is verbatim as per the original article on linuxjounal.com http://www.linuxjournal.com/article/9585?page=0,0 我完全能够实现它的唯一方法是按照linuxjounal.com http://www.linuxjournal.com/article/9585?page=0,0上的原始文章逐字逐句地进行。
There is a working example of this validation subroutine on my temporary home page http://weedy101.netii.net/ by all means have a play with this, and leave me a line or two of guidance too if you can. 在我的临时主页http://weedy101.netii.net/上 ,有一个有效的验证子例程示例,请务必尝试一下,如果可以的话,请给我提供一两行指导。
For anybody interested I changed the placeholder text color by calling the ::-webkit-input-placeholder (plus the -moz- and -ms- equivalents) for the textarea from within a php tag inside the head element of the index page thus - 对于任何有兴趣的人,我都通过从索引页的head元素内的php标记中调用textarea的:::-webkit-input-placeholder(加上-moz-和-ms-等效项)来更改占位符文本的颜色,因此-
<head>
<?php
if ($problem <> 1)
{?><style type="text/css">
<!--
textarea::-webkit-input-placeholder { background: #ffffff; color: #ff0000!important; }
textarea:-moz-placeholder { background: #ffffff; color: #ff0000!important; }
textarea::-moz-placeholder { background: #ffffff; color: #ff0000!important; }
textarea:-ms-input-placeholder { background: #ffffff; color: #ff0000!important; }
-->
</style><?php } ?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.