0

我正在做一个小项目,但我已经脑死了,所以我希望这里有人可以帮助我克服我的编码障碍。

我正在尝试使用 php 创建一个页面,该页面根据传递给页面(位置)的值(如果有)来更改其内容显示。我创建了一个存储不同位置的安全列表数组。首先,我检查针对安全列表传递的任何值,如果匹配,我将显示一组内容。

如果不匹配,我正在运行相似性测试以检查是否存在简单的错字,并且仍然可以将人们导航到我认为他们想要的页面,但这就是我卡住的地方。

我希望有人可以打字

www.example.co.uk/location.php <---- 加载通用位置页面

www.example.co.uk/location.php?loc=Bishops-Stortford <---- 加载目标位置页面

www.example.co.uk/location.php?loc=Bishop-Stortford <---- 加载目标位置页面,尽管拼写错误提供了 90% 或更多的匹配

www.example.co.uk/location.php?loc=?php echo "I hacked your site"; ?> ---- 希望我的系统能够解除讨厌的代码注入

我将在下面发布我的代码,以便您可以看到我所拥有的。

<?php 
        $loc = "";
        $safelist = array("Bishops Stortford", "Braintree", "Chelmsford", "Dunmow", "Harlow", "Hertford", "Saffron Walden", "Sawbridgeworth", "Stansted", "Ware", 
                    "Essex", "Hertfordshire");

        if(isset($_GET["loc"])) {
            /* Gets the value of loc if set, replaces hyphens with spaces and capitalises first letters of words converting the rest to lowercase. */
            $loc = ucwords(strtolower(str_replace("-", " ", $_GET["loc"])));
        }

        /* Is word in safelist */
        if (in_array($loc, $safelist)) {
            /* Yes */
            if (($loc == "Essex") or ($loc == "Hertfordshire")) {
                $county = True;
            } else {
                $county = False;
            }

            if ($county == False) {
                echo "\"" . $loc . "\" is not a county";
            }else{
                echo "\"" . $loc . "\" is a county";
            }
        } else {
            /* No, Is string 90% similar to any entry within the safelist? */
            foreach ($safelist as $safeword) {      
                similar_text($safeword, $loc, $percent); 
                echo $safeword . " " . $loc . " " . $percent . "<br />";

                if ($percent >= 90) {

            }
        }


    ?>

我想不出 if ($percent >=90) 该怎么办。我知道我想退出循环并从我找到的第一个 90% 或更多匹配中获取结果,但我不是 100% 确定如何执行此操作。

还有什么是处理代码注入的最佳方法,例如www.example.co.uk/location.php?loc=?php echo "I hacked your site"; ?>

4

3 回答 3

1

我认为这就是你想要的:

       foreach ($safelist as $safeword) {      
           similar_text($safeword, $loc, $percent); 
           echo $safeword . " " . $loc . " " . $percent . "<br />";
           if ($percent >= 90) {
               $loc = $safeword;
               $county = true;
               break;
           }
       }

只要您不调用eval()用户输入,您就不必担心他们会注入 PHP 语句。当您回显某些内容时,它会被发送到浏览器,PHP 不会再次执行它。但是,您仍然应该清理输出,因为它可能包含 HTML 标记,甚至可能是 Javascript,这可能会劫持用户的浏览器。在页面上显示输出时,使用htmlentities()对其进行编码:

echo "Greetings, " . htmlentities($first_name);
于 2013-07-05T17:39:55.977 回答
0

我想我会重组它,像这样:

$loc = "";
$safelist = array("Bishops Stortford", "Braintree", "Chelmsford", "Dunmow", "Harlow", "Hertford", "Saffron Walden", "Sawbridgeworth", "Stansted", "Ware", 
                "Essex", "Hertfordshire");
if(isset($_GET["loc"])) {
    /* Gets the value of loc if set, replaces hyphens with spaces and capitalises first letters of words converting the rest to lowercase. */
    $loc = ucwords(strtolower(str_replace("-", " ", $_GET["loc"])));
}
$good = '';
if (in_array($loc, $safelist)) {
    $good = $loc;
} else {
    foreach ($safelist as $safeword) {      
        similar_text($safeword, $loc, $percent); 
        echo $safeword . " " . $loc . " " . $percent . "<br />";
        if ($percent >= 90) {
            $good = $safeword;
        }
    }
}
if ( ! empty($good)){
    /* Yes */
    if (($good == "Essex") or ($good == "Hertfordshire")) {
        $county = True;
    } else {
        $county = False;
    }

    if ($county == False) {
        echo "\"" . $good . "\" is not a county";
    }else{
        echo "\"" . $good . "\" is a county";
    }
    //And whatever else you want to do with the good location...
}

就像 Barmar 所说,由于除了将输入值与数组进行比较之外,您没有对输入值做任何事情,因此不存在以这种方式受到攻击的风险。

于 2013-07-05T17:44:00.740 回答
0

为了回答您问题的第二部分,我使用htmlentities将数据从输入直接输出到屏幕,并在保存到数据库之前对数据执行类似此函数的操作:

function escape_value($value)
{
    if($this->real_escape_string_exists)
    {
        if($this->magic_quotes_active){$value = stripslashes($value);}
        $value = mysql_real_escape_string($value);
    }
    else
    {
        if(!$this->magic_quotes_active){$value = addslashes($value);}
    }
    return $value;
}
于 2013-07-05T17:48:14.473 回答