//判断是否是xss攻击7 M$ f9 Q) Y4 _% g0 g! j
) D1 r: D [) t
function _xss_check() {
: C) S) f4 d7 H) w& [) A" [6 p //urldecode解码已编码的URL 字符串
4 w- _8 u1 F @% U# d% f; s/ B //解码 过后的url串5 p. n% l1 e2 l$ o
$temp = strtoupper(urldecode(urldecode($_SERVER['REQUEST_URI'])));
$ H5 R4 S. [6 {) ]
9 L |) _$ y9 o if(strpos($temp, '<') !== false || strpos($temp, '"') !== false || strpos($temp, 'CONTENT-TRANSFER-ENCODING') !== false) {/ U# B! O) A" C. |6 u* o
die('报告:xss攻击'); z* p# I4 s9 {
}
" V9 S9 }+ D! [: h return true;
& ]6 B( N5 k* U9 [6 g& D } |
|