使用.htaccess文件保护xss

时间:2016-11-02 09:03:22

标签: php apache .htaccess

我的htaccess将所有内容重定向到我的index.php,但我不知道它是否容易受到xss攻击。我安全吗? - htaccess文件     RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .*$ index.php/$1 [L]
php_value auto_append_file none

- index.php文件------

<?php
require_once 'dbliteconnect.php';
$req['status'] = (php_sapi_name() == 'cli') ? "true" : 'false';
if (php_sapi_name() == 'cli' || (isset($_SERVER['argc'])) && $_SERVER['argc'] > 0)     {
$var = isset($argv[1]) ? $argv[1] : '';
$var = strreplace("/", "", $var);
$req['var'] = $var;
}
if (isset($_SERVER['REQUEST_URI']) && php_sapi_name() != 'cli-server') {
$var = strreplace('/'.basename(DIR_), "", $_SERVER['REQUEST_URI']);
$var = str_replace("/", "", $var);
$var = str_replace(".html", "", $var);
$req['var'] = $var;
}
if (php_sapi_name() == 'cli-server') {
$var = $_SERVER['REQUEST_URI'];
$var = substr($var, 1);
$var = strreplace("/", "", $var);
$var = str_replace(".html", "", $var);
$req['var'] = $var;
}
request($req);
?>

0 个答案:

没有答案