堆栈内存溢出
  简体   繁体   English

CodeIgniter:对整个$ _POST数组使用带有XSS过滤功能的get_post

[英]CodeIgniter: Use get_post with XSS filtering on entire $_POST array

 原文  2010-01-28 14:34:44       php/ codeigniter/ xss

问题描述

Is there an easier way than 有没有比这更简单的方法 

foreach($_POST as $x=>$y){
  $arr[$x] = $this->input->get_post($y, TRUE);
}

to just have the entire $_POST array cleaned with CI's XSS filter. 用CI的XSS过滤器清理整个$ _POST数组。 Looking at the input library it seems though get_post() only accepts an individual variable rather than being able to clean the entire array and then return the array back. 查看输入库,尽管get_post()似乎只接受一个单独的变量,但无法清理整个数组,然后将数组返回。

3 个解决方案

解决方案1
 7 已采纳  2010-01-28 14:44:46

Not sure if you want it globally, but if you do... from ze manual: 不知道是否要在全球范围内使用,但是如果需要...从ze手册:

If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your application/config/config.php file and setting this: 如果希望过滤器每次遇到POST或COOKIE数据时都自动运行,则可以通过打开application / config / config.php文件并设置以下内容来启用它: 

$config['global_xss_filtering'] = TRUE;

解决方案2
 2  2013-03-19 22:20:49

$this->input->post(NULL, TRUE);

returns all POST items with XSS filter 使用XSS过滤器返回所有POST项目 

$this->input->post();

returns all POST items without XSS filter 返回所有没有XSS过滤器的POST项目

解决方案3
 2  2010-09-01 22:30:37

The chosen answer for this is correct in a sense but the information is provided is not a suitable answer to the real problem which is XSS filtering in CI. 从某种意义上讲,为此选择的答案是正确的,但是提供的信息并不是针对实际问题(CI中的XSS过滤)的合适答案。

To further the comment by bobince some good reading at: 为了使bobince进一步评论,请阅读以下文章:

http://ponderwell.net/2010/08/codeigniter-xss-protection-is-good-but-not-enough-by-itself/ http://ponderwell.net/2010/08/codeigniter-xss-protection-is-good-but-not-enough-by-itself/

Either htmlspecialchars / htmlentities / urlencode on all output or go home. 在所有输出中使用htmlspecialchars / htmlentities / urlencode或返回首页。 CI's XSS filter uses a dated and broken blacklist technique that fails a lot of XSS attacks. CI的XSS过滤器使用过时且破损的黑名单技术,使许多XSS攻击失败。

Encode and validate. 编码和验证。 Always. 总是。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 XSS过滤不会在post codeigniter上禁用 - XSS Filtering won't disable on post codeigniter CodeIgniter $ this-> input-> get_post()空对控制器的视图 - CodeIgniter $this->input->get_post() empty Views to Controller Get_post不显示数据 - Get_post not displaying data WordPress:获取 ACF 帖子 Object 选择(帖子 ID)并将其与 $post = get_post() 一起使用; - WordPress: Get ACF Post Object selection (Post ID) and use it with $post = get_post(); 仅具有特定类的get_post()-Wordpress - get_post() with a specific class only - Wordpress 如何在WordPress中覆盖get_post函数? - How to override get_post function in WordPress? 如何在wordpress中使用get_post()将get_template_part()用于特定帖子? - How can I use get_template_part() for specific post using get_post() in wordpress? GET_POST不起作用 - GET_POST doesn't work PHP:get_post有问题 - PHP: Having a problem with get_post 致命错误:调用未定义的 function get_post() - Fatal error: Call to undefined function get_post()
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM