江苏龙网

  1. 主页 > 生活百科 > >

thinkphp如何防止sql注入xss攻击( 三 )

sql注入


}
/**
* 覆盖getHeader方法,将参数名和参数值都做xss过滤 。
* 如果需要获得原始的值,则通过super.getHeaders(name)来获取
* getHeaderNames 也可能需要覆盖
*/
@Override
public String getHeader(String name) {
String value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/super.getHeader(name);
if (value =https://www.isolves.com/it/cxkf/yy/php/2019-10-14/= null) {
return null;
}
return cleanXSS(value);
}
private String cleanXSS(String valueP) {
// You'll need to remove the spaces from the html entities below
String value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/valueP.replaceAll("<", "<").replaceAll(">", ">");
value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/value.replaceAll("<", "& lt;").replaceAll(">", "& gt;");
value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/value.replaceAll("/(", "& #40;").replaceAll("/)", "& #41;");
value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/value.replaceAll("'", "& #39;");
value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/value.replaceAll("eval/((.*)/)", "");
value = value.replaceAll("[\"\'][\s]*JavaScript:(.*)[\"\']", """");
value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/value.replaceAll("script", "");
value = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/cleanSqlKeyWords(value);
return value;
}
private String cleanSqlKeyWords(String value) {
String paramValue = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/value;
for (String keyword : notAllowedKeyWords) {
if (paramValue.length() > keyword.length() + 4
&& (paramValue.contains(" "+keyword)||paramValue.contains(keyword+" ")||paramValue.
contains(" "+keyword+" "))) {
paramValue = https://www.isolves.com/it/cxkf/yy/php/2019-10-14/StringUtils.replace(paramValue, keyword, replacedString);
log.error(this.currentUrl + "已被过滤,因为参数中包含不允许sql的关键词(" + keyword
+ ")"+";参数:"+value+";过滤后的参数:"+paramValue);
}
}
return paramValue;
}
}
以上就是thinkphp如何防止sql注入xss攻击的详细内容,更多请关注其它相关文章!




推荐阅读


上一篇:华为p30有nfc功能嘛 华为p50有NFC功能吗

下一篇:净水器多久换滤芯合适 净水器用多久换滤芯