这是我想要添加到我的网站的内容。
我建议让网站用户提交他们的个人资料页面,其中包含以下格式的链接:
(* http://example.com X click_here *)
(* https://www.facebook.com/xyz X facebook *)
(* http://twitter.com X twitter *)
(* http://www.linkedin.com X linkedin *)
(* HTTP://www.other.com*)
计划是制作链接,例如:
<a href="https://facebook.com/xyz" target="_blank"><img src="facebook.gif" alt="facebook"></a>
<a href="http://twitter.com?foo=bar&foo2=bar2" target="_blank"><img src="twitter.gif" alt="twitter"></a>
<a href="http://linkedin.com/xyz" target="_blank"><img src="facebook.gif" alt="facebook"></a>
<a href="http://example.com?foo=bar&foo2=bar2" target="_blank">click_here</a>
<a href="http://www.other.com" target="_blank">http://www.other.com</a>
参数:
1.允许不知道html的会员提交个人资料页面,其中包含指向其个人网站,facebook,twitter,linkedin等的链接
2.防止XSS
就我的有限知识所允许,我已经采取了这一点。下面的代码是我的微弱尝试。我将继续尝试解决如何做到这一点。我相信你将能够遵循我想要做的事情的逻辑。
非常感谢任何帮助。
<?php
// member profile retrieved from MySQL
$unsafe = "
blah blah blah (*http://example.com X click_here*) blah blah blah
blah blah blah (*https://www.facebook.com/xyz X facebook*) blah blah blah blah
blah blah blah (*http://twitter.com X twitter*) blah blah blah blah blah
blah blah blah (*http://www.linkedin.com X linkedin*) blah blah blah
blah blah blah (*http://www.other.com*) blah blah blah";
$safe_text = htmlspecialchars($unsafe, ENT_QUOTES, 'UTF-8');
// I assume this can not be done without creating a function
function hyperlinks ($safe_text)
{
$pattern = "%\(\*(.*)\*\)%";
preg_match($pattern, $safe_text, $matches);
// $matches[1] "http://example.com X click_here"
$pairs = explode(" X ", $matches[1]);
$var1 = $pairs[0]; // result: http://example.com
$var2 = $pairs[1]; // result: click_here
if (isset($var2))
{
if ($var2 === "facebook") $var2 = '<img src="/images/facebook.gif" alt="facebook">';
if ($var2 === "twitter") $var2 = '<img src="/images/twitter.gif" alt="twitter">';
if ($var2 === "linkedin") $var2 = '<img src="/images/linkedin.gif" alt="linkedin">';
if (($var2 != "facebook") && ($var2 != "twitter") && ($var2 != "linkedin"))
{
// this line is not needed, just shows logic
$var2 = $var2; // the text provided is var2
}
} else { $var2 = $var1; } // var2 doesn't exist
$replacement = "<a href='$var1' target='_blank'>$var2</a>"; //edit switched "''"
$new_string = preg_replace($pattern, $replacement, $safe_text);
echo $new_string ."<br/>";
return $new_string; // edit added
}
hyperlinks($safe_text); //edit added
/************
$new_string should look like:
$new_string = "
blah blah blah <a href="https://facebook.com/xyz" target="_blank"><img src="facebook.gif" alt="facebook"></a> blah blah blah
blah blah blah <a href="http://twitter.com?foo=bar&foo2=bar2" target="_blank"><img src="twitter.gif" alt="twitter"></a> blah blah blah
blah blah blah <a href="http://linkedin.com/xyz" target="_blank"><img src="facebook.gif" alt="facebook"></a> blah blah blah
blah blah blah <a href="http://example.com?foo=bar&foo2=bar2" target="_blank">click_here</a> blah blah blah
blah blah blah <a href="http://www.other.com" target="_blank">http://www.other.com</a> blah blah blah";
*************/
?>
确定。所以第一次尝试并没有走得太远。
这是我的第二次尝试。
<?php
error_reporting( E_ALL );
// member profile retrieved from mysql
$unsafe = "blah blah blah (*http://example.com?foo=bar&foo2=bar2 X click_here*) blah blah blah
blah blah blah (*https://www.facebook.com/xyz X facebook*) blah blah blah blah
blah blah blah (*http://twitter.com X twitter*) blah blah blah blah blah
blah blah blah (*http://www.linkedin.com X linkedin*) blah blah blah
blah blah blah (*http://www.other.com*) blah blah blah";
$safe_text = htmlspecialchars($unsafe, ENT_QUOTES, 'UTF-8');
// I assume this can not be done without creating a function
function hyperlinks ($safe_text)
{
$pattern = "%\(\*(.*)\*\)%";
preg_match_all($pattern, $safe_text, $matches); // matches[1] "http://example.com X click_here"
foreach($matches[1] as $result)
{
$pairs = explode(" X ", $result);
$var1 = $pairs[0]; // result: http://example.com
$var2 = $pairs[1]; // result: click_here
if (isset($var2))
{
if ($var2 === "facebook") $var2 = '<img src="/images/facebook.gif" alt="facebook">';
if ($var2 === "twitter") $var2 = '<img src="/images/twitter.gif" alt="twitter">';
if ($var2 === "linkedin") $var2 = '<img src="/images/linkedin.gif" alt="linkedin">';
if (($var2 != "facebook") && ($var2 != "twitter") && ($var2 != "linkedin"))
{
// this line is not needed, just shows logic
$var2 = $var2; // the text provided is var2
}
} else { $var2 = $var1; } // var2 doesn't exist
// var_dump($result);
$replacement = "<a href='$var1' target='_blank'>$var2</a>";
// echo $replacement ."<br/>";
$new_string = preg_replace($pattern, $replacement, $safe_text);
echo $new_string ."<br/>";
}// close foreach
return $new_string;
}// close function
hyperlinks($safe_text);
?>
这个输出结果......结果太多了。
第一个preg_match_all()找到5个链接,最终得到倍数为preg_replace(),因此它产生25个链接。每种品种中有5种。
基本上发现我应该只有1个preg_something ??谷歌搜索:在preg_replace中调用一个函数,发现我应该使用preg_replace_callback并且它允许在其中使用一个函数。
第三次尝试:
<?php
error_reporting( E_ALL );
// member profile retrieved from mysql
$unsafe = "blah blah blah (*http://example.com?foo=bar&foo2=bar2 X click_here*) blah blah blah
blah blah blah (*https://www.facebook.com/xyz X facebook*) blah blah blah blah
blah blah blah (*http://twitter.com X twitter*) blah blah blah blah blah
blah blah blah (*http://www.linkedin.com X linkedin*) blah blah blah
blah blah blah (*http://www.other.com*) blah blah blah";
$safe_text = htmlspecialchars($unsafe, ENT_QUOTES, 'UTF-8');
// I assume this can not be done without creating a function
$pattern = "%\(\*(.*)\*\)%";
$new_string = preg_replace_callback($pattern, 'safe_text', $safe_text);
// Error: preg_replace_callback(): Requires argument 2, 'safe_text', to be a valid callback
function safe_text($text) { // edit
foreach($safe_text as $result)
{
$pairs = explode(" X ", $result);
$var1 = $pairs[0]; // result: http://example.com
$var2 = $pairs[1]; // result: click_here
if (isset($var2))
{
if ($var2 === "facebook") $var2 = '<img src="/images/facebook.gif" alt="facebook">';
if ($var2 === "twitter") $var2 = '<img src="/images/twitter.gif" alt="twitter">';
if ($var2 === "linkedin") $var2 = '<img src="/images/linkedin.gif" alt="linkedin">';
if (($var2 != "facebook") && ($var2 != "twitter") && ($var2 != "linkedin"))
{
// this line is not needed, just shows logic
$var2 = $var2; // the text provided is var2
}
} else { $var2 = $var1; } // var2 doesn't exist
} // close foreach
$replacement = "<a href='$var1' target='_blank'>$var2</a>";
echo $replacement ."<br/>";
return $new_string;
} // close function
// $new_text = hyperlinks($safe_text);
echo $new_string; //error: unexpected 'echo' (T_ECHO)
?>
答案 0 :(得分:0)
花了很多功夫但我终于明白了。我将在我的网站上使用它。
所有其他“将纯文本转换为超链接”示例创建了此样式的链接:
<a href="http://www.example.com">http://www.example.com</a>
我认为可以选择说:B1 请访问my_website或在Facebook找到我
<?php
$unsafe = "blah blah blah (*http://example.com?foo=bar&foo2=bar2 X click_here*) blah blah blah
blah blah blah (*https://www.facebook.com/xyz X facebook*) blah blah blah blah
blah blah blah (*http://twitter.com X twitter*) blah blah blah blah blah
blah blah blah (*http://www.linkedin.com X linkedin*) blah blah blah
blah blah blah (*http://www.other.com*) blah blah blah";
$safe_text = htmlspecialchars($unsafe, ENT_QUOTES, 'UTF-8');
function make_hyperlinks($matches)
{
$matches = $matches[1];
if (strpos($matches, " X ") !== FALSE)
{
$pairs = explode(" X ", $matches);
} else {
$pairs[0] .= $matches;
}
$var0 = $pairs[0];
$var1 = $pairs[1];
if (isset($var1))
{
if ($var1 === "facebook") $var1 = '<img src="/images/facebook.gif" alt="facebook">';
if ($var1 === "twitter") $var1 = '<img src="/images/twitter.gif" alt="twitter">';
if ($var1 === "linkedin") $var1 = '<img src="/images/linkedin.gif" alt="linkedin">';
} else {$var1 = $var0; } // var1 doesn't exist
return "<a href='$var0' rel='nofollow' target='_blank'>$var1</a>";
}
$new_string = preg_replace_callback("%\(\*(.*)\*\)%", "make_hyperlinks", $safe_text);
// echo $new_string;
?>