[英]Trying to strip characters: / and \
I am having issues trying to strip / and \\ characters. 我在尝试剥离/和\\字符时遇到问题。 When i try to strip using \\\\ it strips \\ but when I try /// it doesn't strip / at all.
当我尝试使用\\\\剥离时,它剥离\\,但是当我尝试///时,它根本不剥离/。
function stripinname( $text )
{
$text = preg_replace(
array(
'/\|/','/\"/','/\</','/\>/','/\s[\s]+/','/^[\-]+/','/[\-]+$/','/\%/','/\\\\/','/\////','/\@/','/\&/','/\:/','/\;/','/\-/',
'@<head[^>]*?>.*?</head>@siu',
'@<style[^>]*?>.*?</style>@siu',
'@<script[^>]*?.*?</script>@siu',
'@<object[^>]*?.*?</object>@siu',
'@<embed[^>]*?.*?</embed>@siu',
'@<applet[^>]*?.*?</applet>@siu',
'@<noframes[^>]*?.*?</noframes>@siu',
'@<noscript[^>]*?.*?</noscript>@siu',
'@<noembed[^>]*?.*?</noembed>@siu',
// Add line breaks before and after blocks
'@</?((address)|(blockquote)|(center)|(del))@iu',
'@</?((div)|(h[1-9])|(ins)|(isindex)|(p)|(pre))@iu',
'@</?((dir)|(dl)|(dt)|(dd)|(li)|(menu)|(ol)|(ul))@iu',
'@</?((table)|(th)|(td)|(caption))@iu',
'@</?((form)|(button)|(fieldset)|(legend)|(input))@iu',
'@</?((label)|(select)|(optgroup)|(option)|(textarea))@iu',
'@</?((frameset)|(frame)|(iframe))@iu',
),
array(
' ',' ', ' ', ' ', ' ', ' ', ' ', ' ', ' ',"$0", "$0", "$0", "$0", "$0", "$0","$0", "$0",), $text );
// you can exclude some html tags here, in this case B and A tags
return strip_tags($text);
}
Did you know MSIE supports javascript loading from CSS using behavior:url()
? 您是否知道MSIE支持使用
behavior:url()
从CSS加载javascript? Did you know we can execute javascript:
urls in <img>
tags? 您知道我们可以执行
<img>
标签中的javascript:
url吗?
Use someone else's HTML sanitizer; 使用其他人的HTML清理器; HTML Purifier is all right- it has lots of users, and whenever someone finds a bug in it, it gets fixed, and everyone using it benefits.
HTML Purifier没问题-它有很多用户,每当有人发现其中的bug时,它就会得到修复,使用它的每个人都会受益。
Whereas any bugs in your code (like the one I'm looking at right now) will only be fixed if you find it. 而您代码中的任何错误(例如我现在正在查看的错误)只有在您找到后才能得到修复。
I will find a way in. 我会找到办法的。
I always do. 我经常做。
The reason your code doesn't work is that you don't understand it. 您的代码不起作用的原因是您不理解它。 Not understanding your program in areas like this is where security-related problems come from.
不理解你的程序在这样的领域就是安全相关的问题从何而来。 Since you have decided I'm just "posting like a big shot", you're ignoring my advice.
由于您已决定我只是“大手笔张贴”,因此您无视我的建议。 By doing so, you do a disservice to the entire software developer/engineer industry:
这样做会对整个软件开发人员/工程师行业造成损害:
,/,
matches slashes. ,/,
匹配斜杠。 preg_replace()
actually matches regular expressions: To match all slashes, you need to match them globally, as in ,/,g
preg_replace()
实际上如何匹配正则表达式:要匹配所有斜杠,您需要全局匹配它们,如,/,g
/
will appear legitimately inside an HTML tag. /
会合法地出现在HTML标记内。 By replacing it as you have, I can actually create HTML tags that you're attempting to strip. strip_tags()
does what it says on the tin. strip_tags()
锡strip_tags()
上的要求。 It doesn't. preg_replace()
can return NULL
. preg_replace()
可以返回NULL
。 You've got so much hubris; 你有那么大的自负; you think you've mastered the secrets of this great gig which just involve asking questions on stackoverflow and copying/pasting examples from the PHP wiki.
您认为您已经掌握了这个很棒的演出的秘密,只涉及对stackoverflow提出问题并从PHP Wiki复制/粘贴示例。 You need to stop this .
您需要停止此操作 。 Writing bug-free programs involves understanding every word, and while I'm happy to help you learn how to do this, I'm going to have to insist that you behave responsibly.
编写无错误的程序涉及到每个单词的理解,尽管我很乐意帮助您学习如何做到这一点,但我将不得不坚持您要负责任。
Go get these kinds of routines from a reputable source, and learn from other people's mistakes; 从信誉良好的渠道获取此类例程,并从他人的错误中学习; Your clients/employers/etc do not deserve your bugs;
您的客户/雇主/其他人不应该得到您的错误; our industry does not deserve this kind of bullshit.
我们的行业不应该受到这种胡扯。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.