uchome得到:
- if($_SERVER['REQUEST_URI']) {
- $temp = urldecode($_SERVER['REQUEST_URI']);
- if(strexists($temp, '<') || strexists($temp, '"')) {
- $_GET = shtmlspecialchars($_GET);//XSS
- }
- }
- //取消HTML代码
- function shtmlspecialchars($string) {
- if(is_array($string)) {
- foreach($string as $key => $val) {
- $string[$key] = shtmlspecialchars($val);
- }
- } else {
- $string = preg_replace('/&((#(\d{3,5}|x[a-fA-F0-9]{4})|[a-zA-Z][a-z0-9]{2,5});)/', '&\\1',
- str_replace(array('&', '"', '<', '>'), array('&', '"', '<', '>'), $string));
- }
- return $string;
- }
