コード例 #1
0
ファイル: function.php プロジェクト: pysec/SRCMS
function waf($data)
{
    $xss = new XssHtml($data);
    $html = $xss->getHtml();
    echo $html;
}
コード例 #2
0
 public function jf_singleinsert()
 {
     $member = $this->userinfo;
     $uid = _getcookie('uid');
     $ushell = _getcookie('ushell');
     $title = "添加晒单";
     $recordid = intval($this->segment(4));
     $shopid = $recordid;
     $shaidan = $this->db->GetOne("select * from `@#_member_go_jf_record` where `id`='{$recordid}' and `uid` = '{$member['uid']}'");
     if (!$shaidan) {
         _message("该商品您不可晒单!");
     }
     $shaidanyn = $this->db->GetOne("select sd_id from `@#_shaidan` where `sd_jfshopid`='{$recordid}' and `sd_userid` = '{$member['uid']}'");
     if ($shaidanyn) {
         _message("不可重复晒单!");
     }
     $ginfo = $this->db->GetOne("select id,sid,qishu,is_share from `@#_jf_shoplist` where `id`='{$shaidan['shopid']}' LIMIT 1");
     if (!$ginfo) {
         _message("该商品已不存在!");
     }
     if ($ginfo['is_share'] != '1') {
         _message("对不起,该商品不能晒单!");
     }
     if (isset($_POST['submit'])) {
         if ($_POST['title'] == null) {
             _message("标题不能为空");
         }
         if ($_POST['content'] == null) {
             _message("内容不能为空");
         }
         if (!isset($_POST['fileurl_tmp'])) {
             _message("图片不能为空");
         }
         System::load_sys_class('upload', 'sys', 'no');
         $img = $_POST['fileurl_tmp'];
         $num = count($img);
         $pic = "";
         for ($i = 0; $i < $num; $i++) {
             $pic .= trim($img[$i]) . ";";
         }
         $src = trim($img[0]);
         if (!file_exists(G_UPLOAD . $src)) {
             _message("晒单图片不正确");
         }
         $size = getimagesize(G_UPLOAD . $src);
         $width = 220;
         $height = $size[1] * ($width / $size[0]);
         $src_houzhui = upload::thumbs($width, $height, false, G_UPLOAD . '/' . $src);
         $thumbs = $src . "_" . intval($width) . intval($height) . "." . $src_houzhui;
         $sd_userid = $this->userinfo['uid'];
         $sd_shopid = $ginfo['id'];
         $sd_shopsid = $ginfo['sid'];
         $sd_qishu = $ginfo['qishu'];
         $sd_title = _htmtocode($_POST['title']);
         $sd_thumbs = $thumbs;
         $xss = new XssHtml($_POST['content']);
         $sd_content = $xss->getHtml();
         $sd_photolist = $pic;
         $sd_time = time();
         $sd_ip = _get_ip_dizhi();
         $this->db->Query("INSERT INTO `@#_shaidan`(`sd_userid`,`sd_jfshopid`,`sd_shopsid`,`sd_qishu`,`sd_ip`,`sd_title`,`sd_thumbs`,`sd_content`,`sd_photolist`,`sd_time`)VALUES\r\n\t\t\t('{$sd_userid}','{$sd_shopid}','{$sd_shopsid}','{$sd_qishu}','{$sd_ip}','{$sd_title}','{$sd_thumbs}','{$sd_content}','{$sd_photolist}','{$sd_time}')");
         $this->db->Query("update `@#_member_go_jf_record` set share=1 where id={$recordid}");
         _message("晒单分享成功", WEB_PATH . "/member/home/singlelist");
     }
     include templates("member", "jf_singleinsert");
 }
コード例 #3
0
/**
 * 输入安全过滤
 * @param unknown $text
 * @return mixed
 */
function tsClean($text)
{
    $text = stripslashes(trim($text));
    //去除前后空格,并去除反斜杠
    //$text = br2nl($text); //将br转换成/n
    ///////XSS start
    require_once 'thinksaas/xsshtml.class.php';
    $xss = new XssHtml($text);
    $text = $xss->getHtml();
    //$text = substr ($text, 4);//去除左边<p>标签
    //$text = substr ($text, 0,-5);//去除右边</p>标签
    ///////XSS end
    //$text = html_entity_decode($text,ENT_NOQUOTES,"utf-8");//把 HTML 实体转换为字符
    //$text = strip_tags($text); //去掉HTML及PHP标记
    //$text = cleanJs ( $text );
    $text = htmlentities($text, ENT_NOQUOTES, "utf-8");
    //把字符转换为 HTML 实体
    return $text;
}