安全过滤

可以对用户输入数据进行过滤。

引入相关类

  • use Leevel\Encryption\Safe;

    添加模式转义和移除魔术方法转义

  1. public function testBaseUse()
  2. {
  3. $strings = "O'Reilly?";
  4. $out = "O\\'Reilly?";
  5. $this->assertSame($out, Safe::customAddslashes($strings));
  6. $this->assertSame($strings, Safe::customStripslashes($out));
  7. $arrays = ["O'Reilly?" => "O'Reilly?"];
  8. $outs = ["O\\'Reilly?" => "O\\'Reilly?"];
  9. $this->assertSame($outs, Safe::customAddslashes($arrays));
  10. $this->assertSame($arrays, Safe::customStripslashes($outs));
  11. }

深度过滤

  1. public function testDeepReplace()
  2. {
  3. $strings = 'You should eat fruits, vegetables, and fiber every day.';
  4. $out = 'You should eat fruits, vegetables, and fiber every .';
  5. $this->assertSame($out, Safe::deepReplace(['shoule', 'day'], $strings));
  6. }

url 安全过滤

  1. public function testEscUrl()
  2. {
  3. $strings = 'You should eat fruits, vegetables, and fiber every day.';
  4. $out = 'You should eat fruits, vegetables, and fiber every .';
  5. $this->assertSame('', Safe::escUrl(''));
  6. $this->assertSame(
  7. 'http://example.org/private.php?user=abc&email=abc@11.org',
  8. Safe::escUrl('example.org/private.php?user=abc&email=abc@11.org')
  9. );
  10. $this->assertSame(
  11. 'http://example.org/private.php?user=abc&email=abc@11.org',
  12. Safe::escUrl('http;//example.org/private.php?user=abc&email=abc@11.org')
  13. );
  14. $this->assertSame(
  15. 'http://example.org/private.php?user=abc&email=abc@11.org',
  16. Safe::escUrl('http://example.org/private.php?user=abc%0D%0A&email=abc@11.org')
  17. );
  18. }

过滤 script

  1. public function testFilterScript()
  2. {
  3. $strings = '<script>hello world.';
  4. $out = '&lt;script>hello world.';
  5. $this->assertSame($out, Safe::filterScript($strings));
  6. }

过滤十六进制字符串

  1. public function testCleanHex()
  2. {
  3. $strings = '0x63hello 0x6f world.';
  4. $out = '0hello 0 world.';
  5. $this->assertSame($out, Safe::cleanHex($strings));
  6. }

签名算法支持

  1. public function testSignature()
  2. {
  3. $query = [
  4. 'foo' => 'bar',
  5. 'hello' => 'world',
  6. ];
  7. $signature = Safe::signature($query, '123456');
  8. $this->assertSame('dc6cfa1e1f6eaf29c73622f4d4c54be57d545c1d7c377dade88faccb5a79d2d8', $signature);
  9. }

签名算法支持忽略字段

  1. public function testSignatureWithIgnore()
  2. {
  3. $query = [
  4. 'foo' => 'bar',
  5. 'hello' => 'world',
  6. 'signature' => 'dc6cfa1e1f6eaf29c73622f4d4c54be57d545c1d7c377dade88faccb5a79d2d8',
  7. 'timestamp' => 1541312367,
  8. ];
  9. $signature = Safe::signature($query, '123456', ['signature', 'timestamp']);
  10. $this->assertSame('dc6cfa1e1f6eaf29c73622f4d4c54be57d545c1d7c377dade88faccb5a79d2d8', $signature);
  11. }

签名算法支持子数组

  1. public function testSignatureWithSubArray()
  2. {
  3. $query = [
  4. 'foo' => 'bar',
  5. 'hello' => 'world',
  6. 'sub' => [
  7. 'hello' => 'world',
  8. ],
  9. ];
  10. $signature = Safe::signature($query, '123456');
  11. $this->assertSame('2bd98c89629fae202c680b33430eb9c909b25f4e8a8dca91752fabd1e14735d1', $signature);
  12. }