更改zend中的所有发布数据

时间:2013-07-09 10:40:28

标签: zend-framework xss html-entities

我想将此函数应用于zend框架工作中的所有发布数据,以防止XSS攻击。

static function safe_against_xss($argument) {

    $HtmlEntities_Filter = new Zend_Filter_HtmlEntities ( array ('quotestyle' => NULL, 'charset' => 'UTF-8' ) );
    $argument = $HtmlEntities_Filter->filter ( $argument );
    return $argument;
}

我在控制器中使用此代码

            $requests = $request->getPost() ;

            foreach ($requests as $key => $value)
            {
                $requests[$key]=Functions::safe_against_xss($value);
            }

它有效,但我想将此功能应用于所有控制器中的所有发布数据。自动。

此致

1 个答案:

答案 0 :(得分:0)

我写下这些代码:

$this->setRequest(Functions::safe_request($this->getRequest()));

在控制器的初始化

然后在函数中:

     static function safe_against_xss($argument) {
    // $HtmlEntities_Filter = new Zend_Filter_HtmlEntities ( NULL, 'UTF-8'
    // );
    $HtmlEntities_Filter = new Zend_Filter_HtmlEntities ( array ('quotestyle' => NULL, 'charset' => 'UTF-8' ) );
    if (is_array($argument))
    {
        foreach($argument as $key => $value) {
            $argument[$key] = $HtmlEntities_Filter->filter ( $value );
        }
    }
    else 
    {
        $argument = $HtmlEntities_Filter->filter ( $argument );
    }
    return $argument;
}

static  function safe_post_params($params)
{
    $safePostParams = array();
    foreach($params as $key => $value) {
        $safePostParams[$key] = self::safe_against_xss($value);
    }
    return $safePostParams;
}

static  function safe_request($params)
{
    $params->setParams(Functions::safe_post_params($params->getParams()));
    $params->setPost(Functions::safe_post_params($params->getPost()));
    return $params;
}
相关问题
最新问题