安全过滤

Testing Is Documentation

tests/Encryption/HelperTest.php安全过滤 - 图1

可以对用户输入数据进行过滤。

Uses

  1. <?php
  2. use Leevel\Encryption\Helper;

custom_addslashes 添加模式转义和移除魔术方法转义

  1. public function testBaseUse(): void
  2. {
  3. $strings = "O'Reilly?";
  4. $out = "O\\'Reilly?";
  5. $this->assertSame($out, Helper::customAddslashes($strings));
  6. $this->assertSame($strings, Helper::customStripslashes($out));
  7. $arrays = ["O'Reilly?" => "O'Reilly?"];
  8. $outs = ["O\\'Reilly?" => "O\\'Reilly?"];
  9. $this->assertSame($outs, Helper::customAddslashes($arrays));
  10. $this->assertSame($arrays, Helper::customStripslashes($outs));
  11. }

deep_replace 深度过滤

  1. public function testDeepReplace(): void
  2. {
  3. $strings = 'You should eat fruits, vegetables, and fiber every day.';
  4. $out = 'You should eat fruits, vegetables, and fiber every .';
  5. $this->assertSame($out, Helper::deepReplace(['shoule', 'day'], $strings));
  6. }

filter_script 过滤 script

  1. public function testFilterScript(): void
  2. {
  3. $strings = '<script>hello world.';
  4. $out = '&lt;script>hello world.';
  5. $this->assertSame($out, Helper::filterScript($strings));
  6. }

clean_hex 过滤十六进制字符串

  1. public function testCleanHex(): void
  2. {
  3. $strings = '0x63hello 0x6f world.';
  4. $out = '0hello 0 world.';
  5. $this->assertSame($out, Helper::cleanHex($strings));
  6. }

str_filter 字符过滤

  1. public function testStrFilter(): void
  2. {
  3. $strings = 'This is some <b>bold</b> text.';
  4. $out = 'This is some &lt;b&gt;bold&lt;/b&gt; text.';
  5. $this->assertSame($out, Helper::strFilter($strings));
  6. $strings = ['This is some <b>bold</b> text.'];
  7. $out = ['This is some &lt;b&gt;bold&lt;/b&gt; text.'];
  8. $this->assertSame($out, Helper::strFilter($strings));
  9. }

html_filter HTML 过滤

  1. public function testHtmlFilter(): void
  2. {
  3. $strings = "foo bar<script>.<span onclick='alert(5);'>yes</span>.";
  4. $out = 'foo bar&lt;script&gt;.<span >yes</span>.';
  5. $this->assertSame($out, Helper::htmlFilter($strings));
  6. $strings = ["foo bar<script>.<span onclick='alert(5);'>yes</span>."];
  7. $out = ['foo bar&lt;script&gt;.<span >yes</span>.'];
  8. $this->assertSame($out, Helper::htmlFilter($strings));
  9. }

html_view 字符 HTML 安全显示

  1. public function testHtmlView(): void
  2. {
  3. $strings = "i a \n here";
  4. $out = 'i a <br />
  5. e';
  6. $this->assertSame($out, Helper::htmlView($strings));
  7. }

clean_js 过滤 JavaScript

  1. public function testCleanJs(): void
  2. {
  3. $strings = "i a <script></script> <body> <span onmouse='alert(5);'></span>".
  4. '<span window. xxx>'.
  5. '<script>window</script> here';
  6. $out = 'i a here';
  7. $this->assertSame($out, Helper::cleanJs($strings));
  8. $strings = 'i a <span javascript:></span> here';
  9. $out = 'i a <span ></span> here';
  10. $this->assertSame($out, Helper::cleanJs($strings));
  11. }

text 字符串文本化

  1. public function testText(): void
  2. {
  3. $strings = "i a <script></script> \n\r<body> <span onmouse='alert(5);'> here";
  4. $out = 'iahere';
  5. $this->assertSame($out, Helper::text($strings));
  6. }

strip 字符过滤 JS 和 HTML 标签

  1. public function testStrip(): void
  2. {
  3. $strings = "i a <script></script> <body> <span onmouse='alert(5);'> here";
  4. $out = 'i a here';
  5. $this->assertSame($out, Helper::strip($strings));
  6. }

custom_htmlspecialchars 字符 HTML 安全实体

  1. public function testCustomHtmlspecialchars(): void
  2. {
  3. $strings = 'i a < here';
  4. $out = 'i a &lt; here';
  5. $this->assertSame($out, Helper::customHtmlspecialchars($strings));
  6. $strings = ['i a < here', 'i a > here'];
  7. $out = ['i a &lt; here', 'i a &gt; here'];
  8. $this->assertSame($out, Helper::customHtmlspecialchars($strings));
  9. }

un_htmlspecialchars 字符 HTML 实体还原

  1. public function testUnHtmlSpecialchars(): void
  2. {
  3. $strings = 'i a &lt; here';
  4. $out = 'i a < here';
  5. $this->assertSame($out, Helper::unHtmlspecialchars($strings));
  6. $strings = ['i a &lt; here', 'i a &gt; here'];
  7. $out = ['i a < here', 'i a > here'];
  8. $this->assertSame($out, Helper::unHtmlspecialchars($strings));
  9. }