source: branches/rel/data/smarty_extends/modifier.script_escape.php @ 14928

Revision 14928, 559 bytes checked in by adati, 17 years ago (diff)

XSS:置換候補に「javascript:」を追加

RevLine 
[14393]1<?php
2/**
[14525]3 * Script¥¿¥°¤ò¥¨¥¹¥±¡¼¥×¤¹¤ë
[14393]4 *
[14525]5 * @param  string $value ÆþÎÏ
6 * @return string $value ¥Þ¥Ã¥Á¤·¤¿¾ì¹ç¤ÏÊÑ´¹¸å¤Îʸ»úÎ󡢤·¤Ê¤¤¾ì¹ç¤ÏÆþÎϤµ¤ì¤¿Ê¸»úÎó¤ò¤½¤Î¤Þ¤ÞÊÖ¤¹¡£
[14393]7 */
8function smarty_modifier_script_escape($value) {
9   
[14928]10    if (is_array($value)) return $value;
[14464]11   
[14928]12    $pattern = "/<script.*?>|<\/script>|javascript:/";
13    $convert = "#script tag escaped#";
[14525]14   
[14529]15    if ( preg_match_all($pattern, $value, $matches) ) {
[14525]16        return preg_replace($pattern, $convert, $value);
17    } else {
18        return $value;
19    }
[14393]20}
21?>
Note: See TracBrowser for help on using the repository browser.