/** * 查看净化栈中是否有可以抵消的元素 * [+]'html_entity_decode', * [+]'stripslashes', * @param string $funcName * @param Node $node * @param DataFlow $dataFlow */ public static function clearSantiInfo($funcName, $node, $dataFlow) { global $F_INSECURING_STRING; //判断$funcName相反的函数是否在净化Map中 //比如调用stripslashes($funcName=stripslashes) if (in_array($funcName, $F_INSECURING_STRING)) { switch ($funcName) { case 'stripslashes': //去除净化Map中最近的addslashes净化 $map = $dataFlow->getLocation()->getSanitization(); foreach ($map as $position => $oneFunction) { if ($oneFunction['funcName'] == 'addslashes') { array_splice($map, $position, 1); } } break; case 'html_entity_decode': //去除htmlentities净化 $map = $dataFlow->getLocation()->getSanitization(); foreach ($map as $position => $oneFunction) { if ($oneFunction['funcName'] == 'htmlentities') { array_splice($map, $position, 1); } } break; case 'htmlspecialchars_decode': //去除htmlspecialchars净化 $map = $dataFlow->getLocation()->getSanitization(); foreach ($map as $position => $oneFunction) { if ($oneFunction['funcName'] == 'htmlspecialchars') { array_splice($map, $position, 1); } } break; } } }
/** * 清除相应的编码效果 * [+]'rawurldecode', - rawurlencode * [+]'urldecode', - urlencode * [+]'base64_decode', - base64_encode * @param string $funcName * @param Node $node * @param DataFlow $dataFlow */ public static function clearEncodeInfo($funcName, $node, $dataFlow) { global $F_DECODING_STRING; if (in_array($funcName, $F_DECODING_STRING)) { switch ($funcName) { case 'rawurldecode' or 'urldecode': //去除净化Map中最近的addslashes净化 $map = $dataFlow->getLocation()->getEncoding(); $position = array_search('urlencode', $map); array_splice($map, $position, 1); break; case 'base64_decode': //去除Map中最近的base64编码操作 $map = $dataFlow->getLocation()->getEncoding(); $position = array_search('base64_encode', $map); array_splice($map, $position, 1); break; case 'html_entity_decode': //去除Map中最近的base64编码操作 $map = $dataFlow->getLocation()->getEncoding(); $position = array_search('html_entity_decode', $map); array_splice($map, $position, 1); break; } } }