loumengning
/
xs
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
17 MiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
xs/kuxin/filter.php

filter.php 7.3 KiB
Raw Permalink Normal View History

ss
3 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231 
  1. <?php

  2. 

  3. namespace Kuxin;

  4. 

  5. /**

  6.  * Class Filter

  7.  *

  8.  * @package Kuxin

  9.  * @author  Pakey <pakey@qq.com>

  10.  */

  11. class Filter

  12. {

  13. 

  14.     /**

  15.      * 默认验证规则

  16.      *

  17.      * @var array

  18.      */

  19.     protected static $validate = [

  20.         //必填

  21.         'require'    => '/.+/',

  22.         'required'   => '/.+/',

  23.         'string'     => '/.+/',

  24.         'str'        => '/.+/',

  25.         'mix'        => '/.+/',

  26.         'mixed'      => '/.+/',

  27.         //邮箱

  28.         'email'      => '/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/',

  29.         //链接

  30.         'url'        => '/^https?:\/\/[a-zA-Z0-9]+\.[a-zA-Z0-9]+[\/=\?%\-&_~`@\[\]\':+!]*([^<>\"\"])*$/',

  31.         'path'       => '/^\/[\w\.\/]+?$/',

  32.         //货币

  33.         'currency'   => '/^\d+(\.\d+)?$/',

  34.         //数字

  35.         'number'     => '/^\d+$/',

  36.         //邮编

  37.         'zip'        => '/^[0-9]\d{5}$/',

  38.         //电话

  39.         'mobile'     => '/^1[\d]{10}$/',

  40.         //整型

  41.         'integer'    => '/^[-\+]?\d+$/',

  42.         'int'        => '/^[-\+]?\d+$/',

  43.         //带小数点

  44.         'double'     => '/^[-\+]?\d+(\.\d+)?$/',

  45.         'float'      => '/^[-\+]?\d+(\.\d+)?$/',

  46.         //英文字母

  47.         'english'    => '/^[a-zA-Z]+$/',

  48.         //

  49.         'key'        => '/^[\w\-\#]+$/',

  50.         //中文汉字

  51.         'chinese'    => '/^[\x{4e00}-\x{9fa5}]+$/u',

  52.         //拼音

  53.         'pinyin'     => '/^[a-zA-Z0-9\-\_]+$/',

  54.         //用户名

  55.         'username'   => '/^(?!_)(?!.*?_$)[a-zA-Z0-9_\x{4e00}-\x{9fa5}]{3,15}$/u',

  56.         //英文字符

  57.         'en'         => '/^[a-zA-Z0-9_\s\-\.]+$/',

  58.         //中文字符

  59.         'cn'         => '/^[\w\s\-\x{4e00}-\x{9fa5}]+$/u',

  60.         //安全字符串

  61.         'safestring' => '/^[^\$\?]+$/',

  62.     ];

  63. 

  64.     /**

  65.      * 校验变量

  66.      *

  67.      * @param $value

  68.      * @param $rule

  69.      * @return mixed

  70.      */

  71.     public static function check($value, $rule)

  72.     {

  73.         switch ($rule) {

  74.             case 'mixed':

  75.             case 'mix':

  76.                 break;

  77.             case 'int':

  78.                 $value = (int)$value;

  79.                 break;

  80.             case 'float':

  81.                 $value = (float)$value;

  82.                 break;

  83.             case 'str':

  84.             case 'string':

  85.                 $value = (string)$value;

  86.                 break;

  87.             case 'arr':

  88.             case 'array':

  89.                 $value = (array)$value;

  90.                 break;

  91.             case 'time':

  92.                 $value = strtotime($value) ? $value : '0';

  93.                 break;

  94.             default:

  95.                 if (is_array($rule)) {

  96.                     if (!in_array($value, $rule)) {

  97.                         $value = null;

  98.                     }

  99.                 } elseif (false === Filter::regex($value, $rule)) {

  100.                     $value = null;

  101.                 };

  102.         }

  103.         return $value;

  104.     }

  105. 

  106. 

  107.     /**

  108.      * 判断是否符合正则

  109.      *

  110.      * @param $value

  111.      * @param $rule

  112.      * @return bool

  113.      */

  114.     public static function regex($value, string $rule): bool

  115.     {

  116. 

  117.         if (strpos($rule, '|')) {

  118.             $rules = explode('|', $rule);

  119.         } else {

  120.             $rules = [$rule];

  121.         }

  122.         foreach ($rules as $rule) {

  123.             if (in_array($rule, ['unique', 'ignore'])) {

  124.                 continue;

  125.             }

  126.             if (isset(self::$validate[$rule])) {

  127.                 $rule = self::$validate[$rule];

  128.             }

  129.             if (preg_match($rule, strval($value)) !== 1) {

  130.                 return false;

  131.             }

  132.         }

  133.         return true;

  134.     }

  135. 

  136.     /**

  137.      * 安全的剔除字符 单行等 用于搜索 链接等地方

  138.      *

  139.      * @param $str

  140.      * @return mixed|string

  141.      */

  142.     public static function safeWord(string $str): string

  143.     {

  144.         if (strlen($str) == 0) {

  145.             return '';

  146.         }

  147.         $str       = strip_tags($str);

  148.         $badString = '~!@#$%^&*()+|=\\{}[];\'"/<>?';

  149.         $length    = strlen($badString);

  150.         $pos       = 0;

  151.         while ($pos < $length) {

  152.             $str = str_replace($badString{$pos}, '', $str);

  153.             $pos++;

  154.         }

  155.         return preg_replace('/([\:\r\n\t]+)/', '', $str);

  156.     }

  157. 

  158.     /**

  159.      * 过滤掉html字符

  160.      *

  161.      * @param string $text

  162.      * @param string $tags 允许的html标签

  163.      * @return mixed|string

  164.      */

  165.     public static function safetext(string $text, string $tags = 'br'): string

  166.     {

  167.         $text = trim($text);

  168.         //完全过滤注释

  169.         $text = preg_replace('/<!--?.*-->/', '', $text);

  170.         //完全过滤动态代码

  171.         $text = preg_replace('/<\?|\?' . '>/', '', $text);

  172.         //完全过滤js

  173.         $text = preg_replace('/<script?.*\/script>/', '', $text);

  174.         $text = preg_replace('/\&#\d+;/', '', $text);

  175.         $text = preg_replace('/\&#\w{4}/', '', $text);

  176. 

  177.         $text = str_replace('[', '&#091;', $text);

  178.         $text = str_replace(']', '&#093;', $text);

  179.         $text = str_replace('|', '&#124;', $text);

  180.         //br

  181.         $text = preg_replace('/<br(\s\/)?' . '>/i', '[br]', $text);

  182.         $text = preg_replace('/<p(\s\/)?' . '>/i', '[br]', $text);

  183.         $text = preg_replace('/(\[br\]\s*){10,}/i', '[br]', $text);

  184.         //过滤危险的属性,如:过滤on事件lang js

  185.         while (preg_match('/(<[^><]+)( lang|on|action|background|codebase|dynsrc|lowsrc)[^><]+/i', $text, $mat)) {

  186.             $text = str_replace($mat[0], $mat[1], $text);

  187.         }

  188.         while (preg_match('/(<[^><]+)(window\.|javascript:|js:|about:|file:|document\.|vbs:|cookie)([^><]*)/i', $text, $mat)) {

  189.             $text = str_replace($mat[0], $mat[1] . $mat[3], $text);

  190.         }

  191.         //允许的HTML标签

  192.         $text = preg_replace('/<(' . $tags . ')( [^><\[\]]*)>/i', '[\1\2]', $text);

  193.         $text = preg_replace('/<\/(' . $tags . ')>/Ui', '[/\1]', $text);

  194.         //过滤多余html

  195.         $text = preg_replace('/<\/?(html|head|meta|link|base|basefont|body|bgsound|title|style|script|form|iframe|frame|frameset|applet|id|ilayer|layer|name|script|style|xml|table|td|th|tr|i|u|strong|img|p|br|div|strong|em|ul|ol|li|dl|dd|dt|a|b|strong)[^><]*>/i', '', $text);

  196.         //过滤合法的html标签

  197.         while (preg_match('/<([a-z]+)[^><\[\]]*>[^><]*<\/\1>/i', $text, $mat)) {

  198.             $text = str_replace($mat[0], str_replace('>', ']', str_replace('<', '[', $mat[0])), $text);

  199.         }

  200.         //转换引号

  201.         while (preg_match('/(\[[^\[\]]*=\s*)(\"|\')([^\2=\[\]]+)\2([^\[\]]*\])/i', $text, $mat)) {

  202.             $text = str_replace($mat[0], $mat[1] . '|' . $mat[3] . '|' . $mat[4], $text);

  203.         }

  204.         //过滤错误的单个引号

  205.         while (preg_match('/\[[^\[\]]*(\"|\')[^\[\]]*\]/i', $text, $mat)) {

  206.             $text = str_replace($mat[0], str_replace($mat[1], '', $mat[0]), $text);

  207.         }

  208.         //转换其它所有不合法的 < >

  209.         $text = str_replace('<', '&lt;', $text);

  210.         $text = str_replace('>', '&gt;', $text);

  211.         $text = str_replace('"', '&quot;', $text);

  212.         //反转换

  213.         $text = str_replace('[', '<', $text);

  214.         $text = str_replace(']', '>', $text);

  215.         $text = str_replace('|', '"', $text);

  216.         //过滤多余空格

  217.         $text = str_replace('  ', ' ', $text);

  218.         return $text;

  219.     }

  220. 

  221.     /**

  222.      * 深度过滤 去掉url

  223.      * @param $text

  224.      * @return string|string[]|null

  225.      */

  226.     public static function clearUrl($text)

  227.     {

  228.         $text = self::safetext($text);

  229.         return $text = preg_replace(self::$validate['ur;'], '', $text);

  230.     }

  231. }