360扫描网站揭示有漏洞
360扫描网站提示有漏洞
我已经对输入字符串过滤了,但是还会提示。请问如何解决
get_magic_quotes_gpc() ? $_REQUEST['key'] : addslashes($_REQUEST['key']);过滤方法。
search.php?key=Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E
用户输入这个就会在我网站最上面显示网站名称。不解
------解决方案--------------------
Your%20Story%3C/title%3E%3C/head%3E%3Cbody%3E%3Cscript%3Ealert(42873);%3C/sCript%3E
不知道你的这个串是哪里来的
Your Story
------解决方案--------------------
简单的说,addslashes这个只能过滤单引号,其他字符并不能转义,htmlspecialchars这函数不要忘记使用
------解决方案--------------------
get_magic_quotes_gpc() ? $_REQUEST['key'] : addslashes($_REQUEST['key']);过滤方法。
你这段代码没啊。。。。。
- PHP code
function escape($value)
{
$value = is_array($value) ? array_map('escape',$value):htmlspecialchars(trim($value));
return get_magic_quotes_gpc()?$value:addslashes($value);
}
$_GET = array_map('escape', $_GET);
$_POST = array_map('escape', $_POST);
$_COOKIE = array_map('escape', $_COOKIE);
$_REQUEST = array_map('escape', $_REQUEST);
<br><font color="#e78608">------解决方案--------------------</font><br>addslashes是过滤单引号和NULL字符的, 对标签根本无效, 要展示给用户的非文档内容一律htmlspecialchars.
<br><font color="#e78608">------解决方案--------------------</font><br>很明显是你根据用户提交的k拼接JS代码的时候出问题了, 估计你是希望将用户提交的key拼给JS动态展示给用户, 仔细检查JS拼接那里是否使用了htmlspecialchars吧. <div class="clear">
</div>
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
What does php request mean?
Jul 07, 2021 pm 01:49 PM
The Chinese meaning of request is "request". It is a global variable in PHP and is an array containing "$_POST", "$_GET" and "$_COOKIE". The "$_REQUEST" variable can obtain data and COOKIE information submitted by POST or GET.
What is the Request object in PHP?
Feb 27, 2024 pm 09:06 PM
The Request object in PHP is an object used to handle HTTP requests sent by the client to the server. Through the Request object, we can obtain the client's request information, such as request method, request header information, request parameters, etc., so as to process and respond to the request. In PHP, you can use global variables such as $_REQUEST, $_GET, $_POST, etc. to obtain requested information, but these variables are not objects, but arrays. In order to process request information more flexibly and conveniently, you can
How to use the urllib.request.urlopen() function to send a GET request in Python 3.x
Jul 30, 2023 am 11:28 AM
How to use the urllib.request.urlopen() function in Python3.x to send a GET request. In network programming, we often need to obtain data from a remote server by sending an HTTP request. In Python, we can use the urllib.request.urlopen() function in the urllib module to send an HTTP request and get the response returned by the server. This article will introduce how to use
The role and significance of Request in PHP
Feb 27, 2024 pm 12:54 PM
The role and significance of Request in PHP In PHP programming, Request is a mechanism for sending requests to the Web server. It plays a vital role in Web development. Request is mainly used to obtain data sent by the client, such as form submission, GET or POST request, etc. Through Request, the data input by the user can be obtained, and the data can be processed and responded to. This article will introduce the role and significance of Request in PHP and give specific code examples.
How to encapsulate Vue3 Axios interceptor into request file
May 19, 2023 am 11:49 AM
1. Create a new file called request.js and import Axios: importaxiosfrom'axios'; 2. Create a function called request and export it: This will create a function called request and export it Set up a new Axios instance with a base URL. To add timeout settings in a wrapped Axios instance, you can pass the timeout option when creating the Axios instance. exportconstrequest=axios.create({baseURL:'https://example.
What is request in PHP
Jun 01, 2023 am 10:12 AM
Request in PHP refers to request. It is a super global variable in PHP. It is used to collect data submitted by HTML forms and parameters in URLs. It can obtain data from GET and POST requests at the same time. Note that $_request is an associative array. , where the keys are the names of the form fields and the values are the values of the form fields. When using the $_request variable, user-entered data should always be validated and filtered to avoid security issues.
Detailed explanation of the usage of htmlspecialchars function in PHP
Jun 27, 2023 am 10:54 AM
Detailed explanation of the usage of htmlspecialchars function in PHP In web development, it is often necessary to display some user input content on the web page, such as article content, comment content, etc. However, if you display this content directly on a web page, you may encounter some security issues. For example, some users may embed some malicious scripts in comments, which, after being parsed by the browser, will pose a security threat to the website. To prevent this from happening, we need to filter and
How to use context to implement request parameter verification in Go
Jul 22, 2023 am 08:23 AM
How to use context to implement request parameter verification in Go Introduction: During the back-end development process, we often need to verify the request parameters to ensure the legality of the parameters. The Go language provides the context package to handle request context information. Its elegant design and simple use make it a commonly used tool. This article will introduce how to use Go's context package to implement request parameter verification and give corresponding code examples. Introduction to the context package In Go, the context package is used to deliver
