dedecms功能性函数封装(XSS过滤、编码、浏览器XSS hack、字符操作函数)
dedecms虽然有诸多漏洞,但不可否认确实是一个很不错的内容管理系统(cms),其他也不乏很多功能实用性的函数,以下就部分列举,持续更新,不作过多说明。使用时需部分修改,你懂的
1.XSS过滤。
- function XSSClean($val) {
- global $cfg_soft_lang;
- if($cfg_soft_lang=='gb2312') gb2utf8($val);
- if (is_array($val))
- {
- while (list($key) = each($val))
- {
- if(in_array($key,array('tags','body','dede_fields','dede_addonfields','dopost','introduce'))) continue;
- $val[$key] = XSSClean($val[$key]);
- }
- return $val;
- }
- $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
- $search = 'abcdefghijklmnopqrstuvwxyz';
- $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
- $search .= '1234567890!@#$%^&*()';
- $search .= '~`";:?+/={}[]-_|\'\\';
- for ($i = 0; $i < strlen($search); $i++) {
- $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
- $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
- }
- $val = str_replace("`","‘",$val);
- $val = str_replace("'","‘",$val);
- $val = str_replace("\"","“",$val);
- $val = str_replace(",",",",$val);
- $val = str_replace("(","(",$val);
- $val = str_replace(")",")",$val);
- $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
- $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
- $ra = array_merge($ra1, $ra2);
- $found = true;
- while ($found == true) {
- $val_before = $val;
- for ($i = 0; $i < sizeof($ra); $i++) {
- $pattern = '/';
- for ($j = 0; $j < strlen($ra[$i]); $j++) {
- if ($j > 0) {
- $pattern .= '(';
- $pattern .= '(&#[xX]0{0,8}([9ab]);)';
- $pattern .= '|';
- $pattern .= '|(�{0,8}([9|10|13]);)';
- $pattern .= ')*';
- }
- $pattern .= $ra[$i][$j];
- }
- $pattern .= '/i';
- $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);
- $val = preg_replace($pattern, $replacement, $val);
- if ($val_before == $val) {
- $found = false;
- }
- }
- }
- if($cfg_soft_lang=='gb2312') utf82gb($val);
- return $val;
- }
- $_GET = XSSClean($_GET);
- $_POST = XSSClean($_POST);
- $_REQUEST = XSSClean($_REQUEST);
- $_COOKIE = XSSClean($_COOKIE);
2.编码函数
- $UC2GBTABLE = $CODETABLE = $BIG5_DATA = $GB_DATA = '';
- $GbkUniDic = null;
- /**
- * UTF-8 转GB编码
- *
- * @access public
- * @param string $utfstr 需要转换的字符串
- * @return string
- */
- if ( ! function_exists('utf82gb'))
- {
- function utf82gb($utfstr)
- {
- if(function_exists('iconv'))
- {
- return iconv('utf-8','gbk//ignore',$utfstr);
- }
- global $UC2GBTABLE;
- $okstr = "";
- if(trim($utfstr)=="")
- {
- return $utfstr;
- }
- if(empty($UC2GBTABLE))
- {
- $filename = DEDEINC."/data/gb2312-utf8.dat";
- $fp = fopen($filename,"r");
- while($l = fgets($fp,15))
- {
- $UC2GBTABLE[hexdec(substr($l, 7, 6))] = hexdec(substr($l, 0, 6));
- }
- fclose($fp);
- }
- $okstr = "";
- $ulen = strlen($utfstr);
- for($i=0;$i<$ulen;$i++)
- {
- $c = $utfstr[$i];
- $cb = decbin(ord($utfstr[$i]));
- if(strlen($cb)==8)
- {
- $csize = strpos(decbin(ord($cb)),"0");
- for($j=0;$j < $csize;$j++)
- {
- $i++; $c .= $utfstr[$i];
- }
- $c = utf82u($c);
- if(isset($UC2GBTABLE[$c]))
- {
- $c = dechex($UC2GBTABLE[$c]+0x8080);
- $okstr .= chr(hexdec($c[0].$c[1])).chr(hexdec($c[2].$c[3]));
- }
- else
- {
- $okstr .= "&#".$c.";";
- }
- }
- else
- {
- $okstr .= $c;
- }
- }
- $okstr = trim($okstr);
- return $okstr;
- }
- }
- /**
- * GB转UTF-8编码
- *
- * @access public
- * @param string $gbstr gbk的字符串
- * @return string
- */
- if ( ! function_exists('gb2utf8'))
- {
- function gb2utf8($gbstr)
- {
- if(function_exists('iconv'))
- {
- return iconv('gbk','utf-8//ignore',$gbstr);
- }
- global $CODETABLE;
- if(trim($gbstr)=="")
- {
- return $gbstr;
- }
- if(empty($CODETABLE))
- {
- $filename = DEDEINC."/data/gb2312-utf8.dat";
- $fp = fopen($filename,"r");
- while ($l = fgets($fp,15))
- {
- $CODETABLE[hexdec(substr($l, 0, 6))] = substr($l, 7, 6);
- }
- fclose($fp);
- }
- $ret = "";
- $utf8 = "";
- while ($gbstr != '')
- {
- if (ord(substr($gbstr, 0, 1)) > 0x80)
- {
- $thisW = substr($gbstr, 0, 2);
- $gbstr = substr($gbstr, 2, strlen($gbstr));
- $utf8 = "";
- @$utf8 = u2utf8(hexdec($CODETABLE[hexdec(bin2hex($thisW)) - 0x8080]));
- if($utf8!="")
- {
- for ($i = 0;$i < strlen($utf8);$i += 3)
- $ret .= chr(substr($utf8, $i, 3));
- }
- }
- else
- {
- $ret .= substr($gbstr, 0, 1);
- $gbstr = substr($gbstr, 1, strlen($gbstr));
- }
- }
- return $ret;
- }
- }
- /**
- * Unicode转utf8
- *
- * @access public
- * @param string $c Unicode的字符串内容
- * @return string
- */
- if ( ! function_exists('u2utf8'))
- {
- function u2utf8($c)
- {
- for ($i = 0;$i < count($c);$i++)
- {
- $str = "";
- }
- if ($c < 0x80)
- {
- $str .= $c;
- }
- else if ($c < 0x800)
- {
- $str .= (0xC0 | $c >> 6);
- $str .= (0x80 | $c & 0x3F);
- }
- else if ($c < 0x10000)
- {
- $str .= (0xE0 | $c >> 12);
- $str .= (0x80 | $c >> 6 & 0x3F);
- $str .= (0x80 | $c & 0x3F);
- }
- else if ($c < 0x200000)
- {
- $str .= (0xF0 | $c >> 18);
- $str .= (0x80 | $c >> 12 & 0x3F);
- $str .= (0x80 | $c >> 6 & 0x3F);
- $str .= (0x80 | $c & 0x3F);
- }
- return $str;
- }
- }
- /**
- * utf8转Unicode
- *
- * @access public
- * @param string $c UTF-8的字符串信息
- * @return string
- */
- if ( ! function_exists('utf82u'))
- {
- function utf82u($c)
- {
- switch(strlen($c))
- {
- case 1:
- return ord($c);
- case 2:
- $n = (ord($c[0]) & 0x3f) << 6;
- $n += ord($c[1]) & 0x3f;
- return $n;
- case 3:
- $n = (ord($c[0]) & 0x1f) << 12;
- $n += (ord($c[1]) & 0x3f) << 6;
- $n += ord($c[2]) & 0x3f;
- return $n;
- case 4:
- $n = (ord($c[0]) & 0x0f) << 18;
- $n += (ord($c[1]) & 0x3f) << 12;
- $n += (ord($c[2]) & 0x3f) << 6;
- $n += ord($c[3]) & 0x3f;
- return $n;
- }
- }
- }
- /**
- * Big5码转换成GB码
- *
- * @access public
- * @param string $Text 字符串内容
- * @return string
- */
- if ( ! function_exists('big52gb'))
- {
- function big52gb($Text)
- {
- if(function_exists('iconv'))
- {
- return iconv('big5','gbk//ignore',$Text);
- }
- global $BIG5_DATA;
- if(empty($BIG5_DATA))
- {
- $filename = DEDEINC."/data/big5-gb.dat";
- $fp = fopen($filename, "rb");
- $BIG5_DATA = fread($fp,filesize($filename));
- fclose($fp);
- }
- $max = strlen($Text)-1;
- for($i=0;$i<$max;$i++)
- {
- $h = ord($Text[$i]);
- if($h>=0x80)
- {
- $l = ord($Text[$i+1]);
- if($h==161 && $l==64)
- {
- $gbstr = " ";
- }
- else
- {
- $p = ($h-160)*510+($l-1)*2;
- $gbstr = $BIG5_DATA[$p].$BIG5_DATA[$p+1];
- }
- $Text[$i] = $gbstr[0];
- $Text[$i+1] = $gbstr[1];
- $i++;
- }
- }
- return $Text;
- }
- }
- /**
- * GB码转换成Big5码
- *
- * @access public
- * @param string $Text 字符串内容
- * @return string
- */
- if ( ! function_exists('gb2big5'))
- {
- function gb2big5($Text)
- {
- if(function_exists('iconv'))
- {
- return iconv('gbk','big5//ignore',$Text);
- }
- global $GB_DATA;
- if(empty($GB_DATA))
- {
- $filename = DEDEINC."/data/gb-big5.dat";
- $fp = fopen($filename, "rb");
- $gb = fread($fp,filesize($filename));
- fclose($fp);
- }
- $max = strlen($Text)-1;
- for($i=0;$i<$max;$i++)
- {
- $h = ord($Text[$i]);
- if($h>=0x80)
- {
- $l = ord($Text[$i+1]);
- if($h==161 && $l==64)
- {
- $big = " ";
- }
- else
- {
- $p = ($h-160)*510+($l-1)*2;
- $big = $GB_DATA[$p].$GB_DATA[$p+1];
- }
- $Text[$i] = $big[0];
- $Text[$i+1] = $big[1];
- $i++;
- }
- }
- return $Text;
- }
- }
- /**
- * unicode url编码转gbk编码函数
- *
- * @access public
- * @param string $str 转换的内容
- * @return string
- */
- if ( ! function_exists('UnicodeUrl2Gbk'))
- {
- function UnicodeUrl2Gbk($str)
- {
- //载入对照词典
- if(!isset($GLOBALS['GbkUniDic']))
- {
- $fp = fopen(DEDEINC.'/data/gbk-unicode.dat','rb');
- while(!feof($fp))
- {
- $GLOBALS['GbkUniDic'][bin2hex(fread($fp,2))] = fread($fp,2);
- }
- fclose($fp);
- }
- //处理字符串
- $str = str_replace('$#$','+',$str);
- $glen = strlen($str);
- $okstr = "";
- for($i=0; $i < $glen; $i++)
- {
- if($glen-$i > 4)
- {
- if($str[$i]=='%' && $str[$i+1]=='u')
- {
- $uni = strtolower(substr($str,$i+2,4));
- $i = $i+5;
- if(isset($GLOBALS['GbkUniDic'][$uni]))
- {
- $okstr .= $GLOBALS['GbkUniDic'][$uni];
- }
- else
- {
- $okstr .= "&#".hexdec('0x'.$uni).";";
- }
- }
- else
- {
- $okstr .= $str[$i];
- }
- }
- else
- {
- $okstr .= $str[$i];
- }
- }
- return $okstr;
- }
- }
- /**
- * 自动转换字符集 支持数组转换
- *
- * @access public
- * @param string $str 转换的内容
- * @return string
- */
- if ( ! function_exists('AutoCharset'))
- {
- function AutoCharset($fContents, $from='gbk', $to='utf-8')
- {
- $from = strtoupper($from)=='UTF8'? 'utf-8' : $from;
- $to = strtoupper($to)=='UTF8'? 'utf-8' : $to;
- if( strtoupper($from) === strtoupper($to) || empty($fContents) || (is_scalar($fContents) && !is_string($fContents)) ){
- //如果编码相同或者非字符串标量则不转换
- return $fContents;
- }
- if(is_string($fContents) )
- {
- if(function_exists('mb_convert_encoding'))
- {
- return mb_convert_encoding ($fContents, $to, $from);
- } elseif (function_exists('iconv'))
- {
- return iconv($from, $to, $fContents);
- } else {
- return $fContents;
- }
- }
- elseif(is_array($fContents))
- {
- foreach ( $fContents as $key => $val )
- {
- $_key = AutoCharset($key,$from,$to);
- $fContents[$_key] = AutoCharset($val,$from,$to);
- if($key != $_key )
- unset($fContents[$key]);
- }
- return $fContents;
- }
- else{
- return $fContents;
- }
- }
- }
3.修复浏览器XSS hack的函数
- /**
- * XSS hack的函数
- *
- * @param string $val 需要处理的内容
- * @return string
- */
- if ( ! function_exists('RemoveXSS'))
- {
- function RemoveXSS($val) {
- $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
- $search = 'abcdefghijklmnopqrstuvwxyz';
- $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
- $search .= '1234567890!@#$%^&*()';
- $search .= '~`";:?+/={}[]-_|\'\\';
- for ($i = 0; $i < strlen($search); $i++) {
- $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
- $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
- }
- $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');
- $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');
- $ra = array_merge($ra1, $ra2);
- $found = true;
- while ($found == true) {
- $val_before = $val;
- for ($i = 0; $i < sizeof($ra); $i++) {
- $pattern = '/';
- for ($j = 0; $j < strlen($ra[$i]); $j++) {
- if ($j > 0) {
- $pattern .= '(';
- $pattern .= '(&#[xX]0{0,8}([9ab]);)';
- $pattern .= '|';
- $pattern .= '|(�{0,8}([9|10|13]);)';
- $pattern .= ')*';
- }
- $pattern .= $ra[$i][$j];
- }
- $pattern .= '/i';
- $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);
- $val = preg_replace($pattern, $replacement, $val);
- if ($val_before == $val) {
- $found = false;
- }
- }
- }
- return $val;
- }
- }
4.字符操作函数
- <?php if(!defined('DEDEINC')) exit('dedecms');
- //拼音的缓冲数组
- $pinyins = Array();
- /**
- * 中文截取2,单字节截取模式
- * 如果是request的内容,必须使用这个函数
- *
- * @access public
- * @param string $str 需要截取的字符串
- * @param int $slen 截取的长度
- * @param int $startdd 开始标记处
- * @return string
- */
- if ( ! function_exists('cn_substrR'))
- {
- function cn_substrR($str, $slen, $startdd=0)
- {
- $str = cn_substr(stripslashes($str), $slen, $startdd);
- return addslashes($str);
- }
- }
- /**
- * 中文截取2,单字节截取模式
- *
- * @access public
- * @param string $str 需要截取的字符串
- * @param int $slen 截取的长度
- * @param int $startdd 开始标记处
- * @return string
- */
- if ( ! function_exists('cn_substr'))
- {
- function cn_substr($str, $slen, $startdd=0)
- {
- global $cfg_soft_lang;
- if($cfg_soft_lang=='utf-8')
- {
- return cn_substr_utf8($str, $slen, $startdd);
- }
- $restr = '';
- $c = '';
- $str_len = strlen($str);
- if($str_len < $startdd+1)
- {
- return '';
- }
- if($str_len < $startdd + $slen || $slen==0)
- {
- $slen = $str_len - $startdd;
- }
- $enddd = $startdd + $slen - 1;
- for($i=0;$i<$str_len;$i++)
- {
- if($startdd==0)
- {
- $restr .= $c;
- }
- else if($i > $startdd)
- {
- $restr .= $c;
- }
- if(ord($str[$i])>0x80)
- {
- if($str_len>$i+1)
- {
- $c = $str[$i].$str[$i+1];
- }
- $i++;
- }
- else
- {
- $c = $str[$i];
- }
- if($i >= $enddd)
- {
- if(strlen($restr)+strlen($c)>$slen)
- {
- break;
- }
- else
- {
- $restr .= $c;
- break;
- }
- }
- }
- return $restr;
- }
- }
- /**
- * utf-8中文截取,单字节截取模式
- *
- * @access public
- * @param string $str 需要截取的字符串
- * @param int $slen 截取的长度
- * @param int $startdd 开始标记处
- * @return string
- */
- if ( ! function_exists('cn_substr_utf8'))
- {
- function cn_substr_utf8($str, $length, $start=0)
- {
- if(strlen($str) < $start+1)
- {
- return '';
- }
- preg_match_all("/./su", $str, $ar);
- $str = '';
- $tstr = '';
- //为了兼容mysql4.1以下版本,与数据库varchar一致,这里使用按字节截取
- for($i=0; isset($ar[0][$i]); $i++)
- {
- if(strlen($tstr) < $start)
- {
- $tstr .= $ar[0][$i];
- }
- else
- {
- if(strlen($str) < $length + strlen($ar[0][$i]) )
- {
- $str .= $ar[0][$i];
- }
- else
- {
- break;
- }
- }
- }
- return $str;
- }
- }
- /**
- * HTML转换为文本
- *
- * @param string $str 需要转换的字符串
- * @param string $r 如果$r=0直接返回内容,否则需要使用反斜线引用字符串
- * @return string
- */
- if ( ! function_exists('Html2Text'))
- {
- function Html2Text($str,$r=0)
- {
- if(!function_exists('SpHtml2Text'))
- {
- require_once(DEDEINC."/inc/inc_fun_funString.php");
- }
- if($r==0)
- {
- return SpHtml2Text($str);
- }
- else
- {
- $str = SpHtml2Text(stripslashes($str));
- return addslashes($str);
- }
- }
- }
- /**
- * 文本转HTML
- *
- * @param string $txt 需要转换的文本内容
- * @return string
- */
- if ( ! function_exists('Text2Html'))
- {
- function Text2Html($txt)
- {
- $txt = str_replace(" ", " ", $txt);
- $txt = str_replace("<", "<", $txt);
- $txt = str_replace(">", ">", $txt);
- $txt = preg_replace("/[\r\n]{1,}/isU", "<br/>\r\n", $txt);
- return $txt;
- }
- }
- /**
- * 获取半角字符
- *
- * @param string $fnum 数字字符串
- * @return string
- */
- if ( ! function_exists('GetAlabNum'))
- {
- function GetAlabNum($fnum)
- {
- $nums = array("0","1","2","3","4","5","6","7","8","9");
- //$fnums = "0123456789";
- $fnums = array("0","1","2","3","4","5","6","7","8","9");
- $fnum = str_replace($nums, $fnums, $fnum);
- $fnum = preg_replace("/[^0-9\.-]/", '', $fnum);
- if($fnum=='')
- {
- $fnum=0;
- }
- return $fnum;
- }
- }
- /**
- * 获取拼音以gbk编码为准
- *
- * @access public
- * @param string $str 字符串信息
- * @param int $ishead 是否取头字母
- * @param int $isclose 是否关闭字符串资源
- * @return string
- */
- if ( ! function_exists('GetPinyin'))
- {
- function GetPinyin($str, $ishead=0, $isclose=1)
- {
- global $cfg_soft_lang;
- if(!function_exists('SpGetPinyin'))
- {
- //全局函数仅是inc_fun_funAdmin.php文件中函数的一个映射
- require_once(DEDEINC."/inc/inc_fun_funAdmin.php");
- }
- if($cfg_soft_lang=='utf-8')
- {
- return SpGetPinyin(utf82gb($str), $ishead, $isclose);
- }
- else
- {
- return SpGetPinyin($str, $ishead, $isclose);
- }
- }
- }
- /**
- * 将实体html代码转换成标准html代码(兼容php4)
- *
- * @access public
- * @param string $str 字符串信息
- * @param long $options 替换的字符集
- * @return string
- */
- if ( ! function_exists('htmlspecialchars_decode'))
- {
- function htmlspecialchars_decode($str, $options=ENT_COMPAT) {
- $trans = get_html_translation_table(HTML_SPECIALCHARS, $options);
- $decode = ARRAY();
- foreach ($trans AS $char=>$entity) {
- $decode[$entity] = $char;
- }
- $str = strtr($str, $decode);
- return $str;
- }
- }
- if ( ! function_exists('ubb'))
- {
- function ubb($Text) {
- $Text=trim($Text);
- //$Text=htmlspecialchars($Text);
- //$Text=ereg_replace("\n","<br>",$Text);
- $Text=preg_replace("/\\t/is"," ",$Text);
- $Text=preg_replace("/\[hr\]/is","<hr>",$Text);
- $Text=preg_replace("/\[separator\]/is","<br/>",$Text);
- $Text=preg_replace("/\[h1\](.+?)\[\/h1\]/is","<h1>\\1</h1>",$Text);
- $Text=preg_replace("/\[h2\](.+?)\[\/h2\]/is","<h2>\\1</h2>",$Text);
- $Text=preg_replace("/\[h3\](.+?)\[\/h3\]/is","<h3>\\1</h3>",$Text);
- $Text=preg_replace("/\[h4\](.+?)\[\/h4\]/is","<h4>\\1</h4>",$Text);
- $Text=preg_replace("/\[h5\](.+?)\[\/h5\]/is","<h5>\\1</h5>",$Text);
- $Text=preg_replace("/\[h6\](.+?)\[\/h6\]/is","<h6>\\1</h6>",$Text);
- $Text=preg_replace("/\[center\](.+?)\[\/center\]/is","<center>\\1</center>",$Text);
- //$Text=preg_replace("/\[url=([^\[]*)\](.+?)\[\/url\]/is","<a href=\\1 target='_blank'>\\2</a>",$Text);
- $Text=preg_replace("/\[url\](.+?)\[\/url\]/is","<a href=\"\\1\" target='_blank'>\\1</a>",$Text);
- $Text=preg_replace("/\[url=(http:\/\/.+?)\](.+?)\[\/url\]/is","<a href='\\1' target='_blank'>\\2</a>",$Text);
- $Text=preg_replace("/\[url=(.+?)\](.+?)\[\/url\]/is","<a href=\\1>\\2</a>",$Text);
- $Text=preg_replace("/\[img\](.+?)\[\/img\]/is","<img src=\\1>",$Text);
- $Text=preg_replace("/\[img\s(.+?)\](.+?)\[\/img\]/is","<img \\1 src=\\2>",$Text);
- $Text=preg_replace("/\[color=(.+?)\](.+?)\[\/color\]/is","<font color=\\1>\\2</font>",$Text);
- $Text=preg_replace("/\[colorTxt\](.+?)\[\/colorTxt\]/eis","color_txt('\\1')",$Text);
- $Text=preg_replace("/\[style=(.+?)\](.+?)\[\/style\]/is","<div class='\\1'>\\2</div>",$Text);
- $Text=preg_replace("/\[size=(.+?)\](.+?)\[\/size\]/is","<font size=\\1>\\2</font>",$Text);
- $Text=preg_replace("/\[sup\](.+?)\[\/sup\]/is","<sup>\\1</sup>",$Text);
- $Text=preg_replace("/\[sub\](.+?)\[\/sub\]/is","<sub>\\1</sub>",$Text);
- $Text=preg_replace("/\[pre\](.+?)\[\/pre\]/is","<pre>\\1</pre>",$Text);
- $Text=preg_replace("/\[emot\](.+?)\[\/emot\]/eis","emot('\\1')",$Text);
- $Text=preg_replace("/\[email\](.+?)\[\/email\]/is","<a href='mailto:\\1'>\\1</a>",$Text);
- $Text=preg_replace("/\[i\](.+?)\[\/i\]/is","<i>\\1</i>",$Text);
- $Text=preg_replace("/\[u\](.+?)\[\/u\]/is","<u>\\1</u>",$Text);
- $Text=preg_replace("/\[b\](.+?)\[\/b\]/is","<b>\\1</b>",$Text);
- $Text=preg_replace("/\[quote\](.+?)\[\/quote\]/is","<blockquote>引用:<div style='border:1px solid silver;background:#EFFFDF;color:#393939;padding:5px' >\\1</div></blockquote>", $Text);
- $Text=preg_replace("/\[sig\](.+?)\[\/sig\]/is","<div style='text-align: left; color: darkgreen; margin-left: 5%'><br><br>--------------------------<br>\\1<br>--------------------------</div>", $Text);
- return $Text;
- }
- }
部分内容引自:
http://www.neatstudio.com/show-378-1.shtml
附件下载地址:
http://files.cnblogs.com/mengdejun/data.zip
dedecms功能性函数封装(XSS过滤、编码、浏览器XSS hack、字符操作函数)的更多相关文章
- SQL_字符操作函数
原创作品.出自 "深蓝的blog" 博客.欢迎转载,转载时请务必注明下面出处,否则追究版权法律责任. 深蓝的blog:http://blog.csdn.net/huangyanlo ...
- ctype.h库函数----字符操作函数
在c++中使用时: #include <cctype> 字符判断函数 1.isalnum函数--判断是否是英文字母或数字字符,如果是,则返回非0值,如果不是,则返回0. 函数参数 :可以 ...
- C语言-字符操作函数
1字符数组的初始化: 1.1 char string={'c','h','i','n','a'} 1.2char string={"china"}或者去掉{}即char strin ...
- ACM编程技巧--常用字符操作函数
字符串与基本数据类型的转换 int sscanf(buff,"%d%d",&a,&b); //返回值是参数个数 int sprintf(buff,"%d% ...
- js cookie创建读取删除函数封装
js cookie创建读取删除函数封装 一.总结 都是为了方便操作,这样弄了很方便 1.创建cookie的函数封装的作用:方便设置过期时间expire,方便设置键和值 2.查询cookie的数据封装的 ...
- MYSQL常用操作函数的封装
1.mysql常用函数封装文件:mysql.func.php <?php /** * 连接MYSQL函数 * @param string $host * @param string $usern ...
- linux makefile字符串操作函数 替换subst、模式替换patsubst、去首尾空格strip、查找字符串findstring、过滤filter、反过滤filter-out、排序函数sort、取单词word、取单词串wordlist、个数统计words
1.1 字符操作函数使用 在Makefile中可以使用函数来处理变量,从而让我们的命令或是规则更为的灵活和具有智能.make所支持的函数也不算很多,不过已经足够我们的操作了.函数调用后,函 ...
- 跟着ALEX 学python day3集合 文件操作 函数和函数式编程 内置函数
声明 : 文档内容学习于 http://www.cnblogs.com/xiaozhiqi/ 一. 集合 集合是一个无序的,不重复的数据组合,主要作用如下 1.去重 把一个列表变成集合 ,就自动去重 ...
- 文件操作(FILE)与常用文件操作函数
文件 1.文件基本概念 C程序把文件分为ASCII文件和二进制文件,ASCII文件又称文本文件,二进制文件和文本文件(也称ASCII码文件)二进制文件中,数值型数据是以二进制形式存储的, 而在文本文件 ...
随机推荐
- 设计模式--命令模式Command(对象行为型)
一.命令模式 将一个请求封装为一个对象,从而让你使用不同的请求把客户端参数化,对请求排队或者记录请求日志,可以提供命令的撤销和恢复功能. (1)Command类:是一个抽象类,类中对需要执行的命令进行 ...
- java反射
知识点1:获取类字节码的三种形式 1.Class date = Date.class;//根据类名获取字节码 2.Date date= new Date(); date.getClass();//对象 ...
- 在js中获取在css中设置的background-image值
1. html部分 <div class="bg-color-two" id="bg_color_two" onclick="setBg(thi ...
- 关于Response.Redirect 端口不一致的跳转
如果内网和外网的端口号设置的不相同,那在使用Response.Redirect跳转的时候会无法成功.需要做以下设置: <system.web> <httpRuntime useFul ...
- MySql卸载重新安装出现Start service没有响应的解决办法(64位)
昨天因为自己手欠,不小心把mysql卸载了,于是又得重新安装,但是每次到了最后一步就报没有响应,于是就去寻找解决办法,如下就是啦! 安装Mysql卸载后又重新安装,每次到最后Start service ...
- 读取Simulink中Dataset类型的数据
http://files.cnblogs.com/files/pursuiting/%E5%80%92%E7%AB%8B%E6%91%86%E6%8E%A7%E5%88%B6%E7%B3%BB%E7% ...
- Linux更改计算机名称
1.修改:vim /etc/hosts 2.修改:vim /etc/sysconfig/network 3.重启:reboot 如不重启可以输入:hostname 新改的计算机名称,然后su
- JS中,!=, !== 和 !的区别和使用场景
var num = 1; var str = '1'; var test = 1; test == num //true 相同类型 相同值 test === num //true 相同类型 ...
- tif文件导入postgresql
raster2pgsql -I -F -N -999 文件名 数据库名 | psql -U postgres -d postgres
- laravel5笔记
数据库表创建E:\PHP\learnlaravel5>php artisan migrate 创建modelE:\PHP\learnlaravel5>php artisan make:mo ...