0

我想将此功能应用于 zend 框架中的所有发布数据,以防止 XSS 攻击。

static function safe_against_xss($argument) {

    $HtmlEntities_Filter = new Zend_Filter_HtmlEntities ( array ('quotestyle' => NULL, 'charset' => 'UTF-8' ) );
    $argument = $HtmlEntities_Filter->filter ( $argument );
    return $argument;
}

我在控制器中使用此代码

            $requests = $request->getPost() ;

            foreach ($requests as $key => $value)
            {
                $requests[$key]=Functions::safe_against_xss($value);
            }

它有效,但我想将此功能应用于所有控制器中的所有发布数据。自动地。

真挚地

4

1 回答 1

0

我写了这段代码:

$this->setRequest(Functions::safe_request($this->getRequest()));

在控制器的初始化中

然后在函数中:

     static function safe_against_xss($argument) {
    // $HtmlEntities_Filter = new Zend_Filter_HtmlEntities ( NULL, 'UTF-8'
    // );
    $HtmlEntities_Filter = new Zend_Filter_HtmlEntities ( array ('quotestyle' => NULL, 'charset' => 'UTF-8' ) );
    if (is_array($argument))
    {
        foreach($argument as $key => $value) {
            $argument[$key] = $HtmlEntities_Filter->filter ( $value );
        }
    }
    else 
    {
        $argument = $HtmlEntities_Filter->filter ( $argument );
    }
    return $argument;
}

static  function safe_post_params($params)
{
    $safePostParams = array();
    foreach($params as $key => $value) {
        $safePostParams[$key] = self::safe_against_xss($value);
    }
    return $safePostParams;
}

static  function safe_request($params)
{
    $params->setParams(Functions::safe_post_params($params->getParams()));
    $params->setPost(Functions::safe_post_params($params->getPost()));
    return $params;
}
于 2013-07-11T08:13:59.660 回答