0

我编写了一个正则表达式,用于提取用户输入的值并替换一些高度和宽度值并保留 URL。这样就可以安全地将其添加到数据库中。

这就是我到目前为止所拥有的(只是试图让 preg_match 返回一个 TRUE 值)

$test ='<object height="81" width="100%"> <param name="movie" value="http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false"></param> <param name="allowscriptaccess" value="always"></param> <embed allowscriptaccess="always" height="81" src="http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false" type="application/x-shockwave-flash" width="100%"></embed> </object>'; 
  if (preg_match('/<object height=\"[0-9]*\" width=\"[0-9]*\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowscriptaccess\" value=\"always\"><\/param><embed allowscriptaccess=\"always\" height=\"[0-9]*\" src=\".*\" type=\"application\/x-shockwave-flash\" width=\"100%\"><\/embed><\/object>/', $test)) {

$embed = $test;

} else {

$embed = 'FALSE';

}

我似乎在验证中做错了什么,因为它总是返回 false。

4

4 回答 4

1

我看到会失败的第一件事是:

width="100%"  will not match /width=\"[0-9]*\"/

我不知道正则表达式的确切 PHP 定义;但我不确定这会匹配(reg-expression 中的空格可能匹配目标文本中的零个或多个空格,但反之则行不通):

> <param      will not match (probably) /><param/

正如您所见,使用正则表达式解析 XML 很困难且容易出错。
您真正想要做的是使用 XML SAX 解析器。

试试这个: PS我的PHP不是很好,所以它可能包含错误。

PS。长 URL 未针对 XML 正确编码。我在这里使用 urlencode() 只是为了停止错误消息。我没有检查这是否有意义。

<?php

$test = '<object height="81" width="100%">'
            .'<param name="movie" value="'
                .urlencode('http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false')
            .'">'
            .'</param>'
            .'<param name="allowscriptaccess" value="always">'
            .'</param>'
            .'<embed allowscriptaccess="always" height="81" src="'
                .urlencode('http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false')
                .'" type="application/x-shockwave-flash" width="100%">'
            .'</embed>'
        .'</object>';

function JustPrint($parser,$data)
{
    print $data;
}

function OpenTag($parser,$name ,$attribs)
{
    // For special tags add a new attribute.
    if (strcasecmp($name, "object") == 0)
    {
        $attribs['Martin'] = 'York';
    }


    // Print the tag.
    print "<$name ";
    foreach ($attribs as $loop => $value)
    {
        print "$loop=\"$value\" ";
    }
    print ">\n";
}

function CloseTag($parser,$name)
{
    print "<$name/>\n";
}

$xmlParser  =  xml_parser_create();
xml_set_default_handler($xmlParser ,'JustPrint'  );
xml_set_element_handler($xmlParser, 'OpenTag'  , 'CloseTag'  );
xml_parse($xmlParser, $test);

?>
于 2010-08-17T05:58:14.557 回答
1

这就是我使用的,用$url你正在使用的任何 var 替换:

if ( strtolower(str_ireplace('www.', '', parse_url($url, PHP_URL_HOST))) == 'soundcloud.com' ) { ?>
    <embed id="swf_u621112_1" width="890" height="84" flashvars="width=398&height=84" wmode="opaque" salign="tl" allowscriptaccess="never    " allowfullscreen="true" scale="scale" quality="high" bgcolor="#FFFFFF" name="swf_u621112_1" style="" src="http://player.soundcloud.com/p    layer.swf?url=<?php echo htmlspecialchars(urlencode($url)) ?>" type="application/x-shockwave-flash">
<?php
}
于 2011-04-08T21:33:10.003 回答
0

I don't want to manipulate it if possible (just replace the height values. I want it to stay exactly like it is, I'm using regular expressions to mimimise sql injections and make sure it is an embed code.

Can it not just be treated like a string and kept exactly as it is, but checked against something?

For instance, this works with a youtube embed link:

/preg_match(<object width=\"([0-9]*)\" height=\"([0-9]*)\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowFullScreen\" value=\".*\"><\/param><param name=\"allowscriptaccess\" value=\".*\"><\/param><embed src=\".*\" type=\".*\" allowscriptaccess=\".*\" allowfullscreen=\".*\" width=\"[0-9]*\" height=\"[0-9]*\"><\/embed><\/object>/',$test,$preg_out)

preg_match[0] preg_match[1] preg_match[3]

return the width height and the url of the object.

于 2010-08-17T06:25:07.070 回答
0

如果您想要做的是允许用户在您保留播放器样式的权利的同时为您提供 SoundCloud 嵌入,您可能需要查看 SoundCloud(请参阅此处)和其他方很好地支持的 oEmbed。这样,用户只需输入他们正常的跟踪 URL,您就可以在后端根据需要解析这些 URL。

另外,请记住,具有不同顺序的<param>嵌入代码仍然是有效的嵌入代码,但很难与正则表达式匹配

于 2010-08-23T15:01:47.893 回答