Ejemplo n.º 1
0
/**
$a[0]		=	$_SERVER['REQUEST_URI'];
//$a[1]		=	'<script>alert(12313)</script>';
//$a[2]		=	'<script>alert(12313)</script>';
//$a[3]		=	'<script>alert(12313)</script>';

echo "<pre>";
echo $a[0];
print_r(DetectXSS($a));
echo "</pre>";
**/
function DetectXSS($val)
{
    if (!is_array($val)) {
        if (RemoveXSS($val) != $val) {
            log(htmlspecialchars($val));
            die('warning:found xss attack !');
        }
    } else {
        foreach ($val as $k => $v) {
            DetectXSS($v);
        }
    }
}
Ejemplo n.º 2
0
/*
 * 自动缩略图 参数 url|w|h|type="cut/full"|mark="text/image|r"
 * thumb.php?url=/thinksns/data/userface/000/00/00/41_middle_face.jpg?1247718988&w=20&h=20
*/
error_reporting(0);
//全局定义文件
require 'define.inc.php';
//临时目录
$tempDir = "./data/thumb_temp/";
checkDir($tempDir);
//分析URL
$url = urldecode($_GET['url']);
//XSS脚本攻击探测
include THINK_PATH . '/Vendor/xss.php';
DetectXSS($url);
//2009-10-7 修改 将本地图片修改成相对地址,避免file_get_contents不能读取远程文件时出错(可修改php.ini  设置 allow_fopen_url 为 true)
$url = str_ireplace(SITE_URL, '.', $url);
if (file_exists($url)) {
    $url = $url;
} elseif ($result = GrabImage($url, $tempDir)) {
    $url = $result;
    $grab_temp_file = $result;
} else {
    $url = "./public/images/noface/noface_yuan_face.jpg";
}
//解析参数
$w = $_GET['w'] ? $_GET['w'] : '100';
//宽度
$h = $_GET['h'] ? $_GET['h'] : '100';
//高度