source: branches/rel/data/smarty_extends/modifier.script_escape.php @ 14928

Revision 14928, 559 bytes checked in by adati, 15 years ago (diff)

XSS:置換候補に「javascript:」を追加

Line 
1<?php
2/**
3 * Script¥¿¥°¤ò¥¨¥¹¥±¡¼¥×¤¹¤ë
4 *
5 * @param  string $value ÆþÎÏ
6 * @return string $value ¥Þ¥Ã¥Á¤·¤¿¾ì¹ç¤ÏÊÑ´¹¸å¤Îʸ»úÎ󡢤·¤Ê¤¤¾ì¹ç¤ÏÆþÎϤµ¤ì¤¿Ê¸»úÎó¤ò¤½¤Î¤Þ¤ÞÊÖ¤¹¡£
7 */
8function smarty_modifier_script_escape($value) {
9   
10    if (is_array($value)) return $value;
11   
12    $pattern = "/<script.*?>|<\/script>|javascript:/";
13    $convert = "#script tag escaped#";
14   
15    if ( preg_match_all($pattern, $value, $matches) ) {
16        return preg_replace($pattern, $convert, $value);
17    } else {
18        return $value;
19    }
20}
21?>
Note: See TracBrowser for help on using the repository browser.