Strona główna Odkrywaj Pomoc
Zaloguj się
hlm
/
hlm_pl_mall
11
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Drzewo: 614ffedc07
Gałęzie Tagi
hlm_pl_mall
/
app
/
home
/
common_search.php

common_search.php 3.7 KB
Historia Czysty

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * 删除地址参数
    5. 

  5.  *
    6. 

  6.  * @param array $param
    7. 

  7.  */
    8. 

  8. function dropParam($param) {
    9. 

  9.     $purl = getParam();
    10. 

  10.     if (!empty($param)) {
    11. 

  11.         foreach ($param as $val) {
    12. 

  12.             $purl['param'][$val] = 0;
    13. 

  13.         }
    14. 

  14.     }
    15. 

  15.     return urldecode(url('home/'.request()->controller().'/'.request()->action(),$purl['param']));
    16. 

  16. }
    17. 

  17. 

  18. /**
    19. 

  19.  * 替换地址参数
    20. 

  20.  *
    21. 

  21.  * @param array $param
    22. 

  22.  */
    23. 

  23. function replaceParam($param) {
    24. 

  24.     $purl = getParam();
    25. 

  25.     if (!empty($param)) {
    26. 

  26.         foreach ($param as $key => $val) {
    27. 

  27.             $purl['param'][$key] = $val;
    28. 

  28.         }
    29. 

  29.     }
    30. 

  30. 

  31.     return urldecode(url('home/'.request()->controller().'/'.request()->action(),$purl['param']));
    32. 

  32. }
    33. 

  33. 

  34. /**
    35. 

  35.  * 替换并删除地址参数
    36. 

  36.  *
    37. 

  37.  * @param array $param
    38. 

  38.  */
    39. 

  39. function replaceAndDropParam($paramToReplace, $paramToDrop) {
    40. 

  40.     $purl = getParam();
    41. 

  41.     if (!empty($paramToReplace)) {
    42. 

  42.         foreach ($paramToReplace as $key => $val) {
    43. 

  43.             $purl['param'][$key] = $val;
    44. 

  44.         }
    45. 

  45.     }
    46. 

  46.     if (!empty($paramToDrop)) {
    47. 

  47.         foreach ($paramToDrop as $val) {
    48. 

  48.             $purl['param'][$val] = 0;
    49. 

  49.         }
    50. 

  50.     }
    51. 

  51. 

  52.     return urldecode(url('home/'.request()->controller().'/'.request()->action(),$purl['param']));
    53. 

  53. }
    54. 

  54. 

  55. /**
    56. 

  56.  * 删除部分地址参数
    57. 

  57.  *
    58. 

  58.  * @param array $param
    59. 

  59.  */
    60. 

  60. function removeParam($param) {
    61. 

  61.     $purl = getParam();
    62. 

  62.     if (!empty($param)) {
    63. 

  63.         foreach ($param as $key => $val) {
    64. 

  64.             if (!isset($purl['param'][$key])) {
    65. 

  65.                 continue;
    66. 

  66.             }
    67. 

  67.             $tpl_params = explode('_', $purl['param'][$key]);
    68. 

  68.             foreach ($tpl_params as $k => $v) {
    69. 

  69.                 if ($val == $v) {
    70. 

  70.                     unset($tpl_params[$k]);
    71. 

  71.                 }
    72. 

  72.             }
    73. 

  73.             if (empty($tpl_params)) {
    74. 

  74.                 $purl['param'][$key] = 0;
    75. 

  75.             } else {
    76. 

  76.                 $purl['param'][$key] = implode('_', $tpl_params);
    77. 

  77.             }
    78. 

  78.         }
    79. 

  79.     }
    80. 

  80.     return urldecode(url('home/'.request()->controller().'/'.request()->action(),$purl['param']));
    81. 

  81. }
    82. 

  82. 

  83. function getParam() {
    84. 

  84.     $param = input('param.');
    85. 

  85.     $purl = array();
    86. 

  86.     unset($param['page']);
    87. 

  87.     $param=str_replace('/','+',$param);
    88. 

  88.     SafeFilter($param);
    89. 

  89.     $purl['param'] = $param;
    90. 

  90.     return $purl;
    91. 

  91. }
    92. 

  92. function SafeFilter (&$arr) 
    93. 

  93. {
    94. 

  94.      
    95. 

  95.    $ra=Array('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/','/script/','/javascript/','/vbscript/','/expression/','/applet/','/meta/','/xml/','/blink/','/link/','/style/','/embed/','/object/','/frame/','/layer/','/title/','/bgsound/','/base/','/onload/','/onunload/','/onchange/','/onsubmit/','/onreset/','/onselect/','/onblur/','/onfocus/','/onabort/','/onkeydown/','/onkeypress/','/onkeyup/','/onclick/','/ondblclick/','/onmousedown/','/onmousemove/','/onmouseout/','/onmouseover/','/onmouseup/','/onunload/');
    96. 

  96.      
    97. 

  97.    if (is_array($arr))
    98. 

  98.    {
    99. 

  99.      foreach ($arr as $key => $value) 
    100. 

  100.      {
    101. 

  101.        $new_key=$key;
    102. 

  102.         if (!is_array($value))
    103. 

  103.         {
    104. 

  104.           if (!get_magic_quotes_gpc())//不对magic_quotes_gpc转义过的字符使用addslashes(),避免双重转义。
    105. 

  105.           {
    106. 

  106.             $new_key=addslashes($new_key);
    107. 

  107.              $value  = addslashes($value); //给单引号(')、双引号(")、反斜线(\)与NUL(NULL字符)加上反斜线转义
    108. 

  108.           }
    109. 

  109.           $new_key=preg_replace($ra,'',$new_key);
    110. 

  110.           $value       = preg_replace($ra,'',$value);     //删除非打印字符,粗暴式过滤xss可疑字符串
    111. 

  111.           $new_key=htmlentities(strip_tags($new_key));
    112. 

  112.           unset($arr[$key]);
    113. 

  113.           $arr[$new_key]     = htmlentities(strip_tags($value)); //去除 HTML 和 PHP 标记并转换为HTML实体
    114. 

  114.         }
    115. 

  115.         else
    116. 

  116.         {
    117. 

  117.           SafeFilter($arr[$key]);
    118. 

  118.         }
    119. 

  119.      }
    120. 

  120.    }
    121. 

  121. }
    122. 

  122. ?>
    123.