PHP防止跨站攻击的脚本
直接把该文件放置到入口文件中即可防止对应的跨站攻击
1 <?php 2 //防止跨站攻击脚本 3 $referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']); 4 function customError($errno, $errstr, $errfile, $errline) 5 { 6 echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />"; 7 die(); 8 } 9 set_error_handler("customError",E_ERROR); 10 11 $getfilter="'|<[^>]*?>|^\\+\/v(8|9)|\\b(and|or)\\b.+?(>|<|=|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; 12 $postfilter="^\\+\/v(8|9)|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*img\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; 13 $cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)"; 14 function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){ 15 16 $StrFiltValue=arr_foreach($StrFiltValue); 17 if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){ 18 refreshto("http://www.qp1001.com","您的提交带有不合法参数,谢谢合作!"); 19 exit(); 20 } 21 if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){ 22 refreshto("http://www.qp1001.com","您的提交带有不合法参数,谢谢合作!"); 23 exit(); 24 } 25 } 26 27 foreach($_GET as $key=>$value){ 28 StopAttack($key,$value,$getfilter); 29 } 30 foreach($_POST as $key=>$value){ 31 StopAttack($key,$value,$postfilter); 32 } 33 foreach($_COOKIE as $key=>$value){ 34 StopAttack($key,$value,$cookiefilter); 35 } 36 foreach($referer as $key=>$value){ 37 StopAttack($key,$value,$getfilter); 38 } 39 40 function arr_foreach($arr) { 41 static $str; 42 if (!is_array($arr)) { 43 return $arr; 44 } 45 foreach ($arr as $key => $val ) { 46 47 if (is_array($val)) { 48 arr_foreach($val); 49 } else { 50 51 $str[] = $val; 52 } 53 } 54 return implode($str); 55 } 56 ?>
但行好事,莫问前程!
本文来自博客园,作者:yangphp,转载请注明原文链接:https://www.cnblogs.com/ypeih/p/3173172.html