protected function tsFilterSensitive()
{
$_POST = GFW($_POST);
$_GET = GFW($_GET);
$_REQUEST = GFW($_REQUEST);
}
function GFW($string)
{
if (!is_array($string)) {
$site_opts = ts_cache("site_options");
$badkey = $site_opts["gfw_keywords"];
$gfw_rep = $site_opts["gfw_rep"];
$string = preg_replace("/{$badkey}/i", $gfw_rep, $string);
if (!MAGIC_QUOTES_GPC) {
//统一将$_POST $_GET $_REQUEST的值进行转义
$string = addslashes($string);
}
return $string;
} else {
foreach ($string as $key => $val) {
$string[$key] = GFW($val);
}
return $string;
}
}
function cleanJs($text)
{
$text = trim($text);
$text = stripslashes($text);
//完全过滤动态代码
$text = preg_replace('/<\\?|\\?>/is', '', $text);
//完全过滤js
$text = preg_replace('/<script?.*\\/script>/is', '', $text);
//过滤多余html
$text = preg_replace('/<\\/?(html|head|meta|link|base|body|title|style|script|form|iframe|frame|frameset)[^><]*>/is', '', $text);
//过滤on事件lang js
while (preg_match('/(<[^><]+)(lang|onfinish|onmouse|onexit|onerror|onclick|onkey|onload|onchange|onfocus|onblur)[^><]+/is', $text, $mat)) {
$text = str_replace($mat[0], $mat[1], $text);
}
while (preg_match('/(<[^><]+)(window\\.|javascript:|js:|about:|file:|document\\.|vbs:|cookie)([^><]*)/is', $text, $mat)) {
$text = str_replace($mat[0], $mat[1] . $mat[3], $text);
}
$text = str_ireplace('script', 's cript', $text);
return GFW($text);
}
