我正在做一个小项目而且我脑子已经死了,所以我希望有人可以帮助我击败我的编码员。
我正在尝试使用php创建一个页面,该页面根据传递给页面的位置(如果有)更改其内容显示(位置)。我创建了一个安全列表数组,我存储了不同的位置。首先,我检查对安全列表传递的任何值,如果匹配,我会显示一组内容。
如果它不匹配我正在进行相似性测试以检查是否可能是一个简单的拼写错误,并且仍然可以将人们导航到我认为他们想要的页面,但这就是我遇到的问题。
我希望有人能打字
www.example.co.uk/location.php< ----加载通用位置页
www.example.co.uk/location.php?loc=Bishops-Stortford< ----加载目标位置页
www.example.co.uk/location.php?loc=Bishop-Stortford< ----加载目标位置页面尽管有错误提供了90%或更多的匹配
www.example.co.uk/location.php?loc=?php echo“我攻击了你的网站”; ?> ----希望我的系统能解除令人讨厌的代码注入
我会在下面发布我的代码,这样你就可以看到我的代码了。
<?php
$loc = "";
$safelist = array("Bishops Stortford", "Braintree", "Chelmsford", "Dunmow", "Harlow", "Hertford", "Saffron Walden", "Sawbridgeworth", "Stansted", "Ware",
"Essex", "Hertfordshire");
if(isset($_GET["loc"])) {
/* Gets the value of loc if set, replaces hyphens with spaces and capitalises first letters of words converting the rest to lowercase. */
$loc = ucwords(strtolower(str_replace("-", " ", $_GET["loc"])));
}
/* Is word in safelist */
if (in_array($loc, $safelist)) {
/* Yes */
if (($loc == "Essex") or ($loc == "Hertfordshire")) {
$county = True;
} else {
$county = False;
}
if ($county == False) {
echo "\"" . $loc . "\" is not a county";
}else{
echo "\"" . $loc . "\" is a county";
}
} else {
/* No, Is string 90% similar to any entry within the safelist? */
foreach ($safelist as $safeword) {
similar_text($safeword, $loc, $percent);
echo $safeword . " " . $loc . " " . $percent . "<br />";
if ($percent >= 90) {
}
}
?>
我想不出该怎么办if($ percent&gt; = 90)。我知道我想退出循环并从我找到的前90%或更多匹配中得到结果,但我不是100%确定如何做到这一点。
还有处理代码注入的最佳方式,例如 www.example.co.uk/location.php?loc=?php echo“我攻击了你的网站”; ?&GT;
答案 0 :(得分:1)
我认为这就是你想要的:
foreach ($safelist as $safeword) {
similar_text($safeword, $loc, $percent);
echo $safeword . " " . $loc . " " . $percent . "<br />";
if ($percent >= 90) {
$loc = $safeword;
$county = true;
break;
}
}
只要您不在用户输入上调用eval()
,就不必担心它们会注入PHP语句。当你回应某些东西时,它被发送到浏览器,它不会被PHP再次执行。但是,您仍然应该清理输出,因为它可能包含HTML标记,甚至可能包含Javascript,它可能会劫持用户的浏览器。在页面上显示输出时,使用htmlentities()
对其进行编码:
echo "Greetings, " . htmlentities($first_name);
答案 1 :(得分:0)
我想我会重组它,就像这样:
$loc = "";
$safelist = array("Bishops Stortford", "Braintree", "Chelmsford", "Dunmow", "Harlow", "Hertford", "Saffron Walden", "Sawbridgeworth", "Stansted", "Ware",
"Essex", "Hertfordshire");
if(isset($_GET["loc"])) {
/* Gets the value of loc if set, replaces hyphens with spaces and capitalises first letters of words converting the rest to lowercase. */
$loc = ucwords(strtolower(str_replace("-", " ", $_GET["loc"])));
}
$good = '';
if (in_array($loc, $safelist)) {
$good = $loc;
} else {
foreach ($safelist as $safeword) {
similar_text($safeword, $loc, $percent);
echo $safeword . " " . $loc . " " . $percent . "<br />";
if ($percent >= 90) {
$good = $safeword;
}
}
}
if ( ! empty($good)){
/* Yes */
if (($good == "Essex") or ($good == "Hertfordshire")) {
$county = True;
} else {
$county = False;
}
if ($county == False) {
echo "\"" . $good . "\" is not a county";
}else{
echo "\"" . $good . "\" is a county";
}
//And whatever else you want to do with the good location...
}
就像Barmar所说的那样,由于除了将数据与数组进行比较之外,你没有对输入值做任何事情,因此不存在以这种方式发生攻击的风险。
答案 2 :(得分:0)
为了回答你问题的第二部分,我使用htmlentities将数据从输入直接输出到屏幕上,然后在保存到数据库之前将数据输出到数据上:
function escape_value($value)
{
if($this->real_escape_string_exists)
{
if($this->magic_quotes_active){$value = stripslashes($value);}
$value = mysql_real_escape_string($value);
}
else
{
if(!$this->magic_quotes_active){$value = addslashes($value);}
}
return $value;
}