安全过滤

Testing Is Documentation

tests/Encryption/HelperTest.php

可以对用户输入数据进行过滤。

Uses

<?php

use Leevel\Encryption\Helper;
use Leevel\Kernel\Utils\Api;

custom_addslashes 添加模式转义和移除魔术方法转义

public function testBaseUse(): void
{
    $strings = "O'Reilly?";
    $out = "O\\'Reilly?";

    static::assertSame($out, Helper::customAddslashes($strings));

    static::assertSame($strings, Helper::customStripslashes($out));

    $arrays = ["O'Reilly?" => "O'Reilly?"];
    $outs = ["O\\'Reilly?" => "O\\'Reilly?"];

    static::assertSame($outs, Helper::customAddslashes($arrays));

    static::assertSame($arrays, Helper::customStripslashes($outs));
}

deep_replace 深度过滤

public function testDeepReplace(): void
{
    $strings = 'You should eat fruits, vegetables, and fiber every day.';
    $out = 'You should eat fruits, vegetables, and fiber every .';

    static::assertSame($out, Helper::deepReplace(['not found', 'day'], $strings));
}

filter_script 过滤 script

public function testFilterScript(): void
{
    $strings = '<script>hello world.';
    $out = '&lt;script>hello world.';

    static::assertSame($out, Helper::filterScript($strings));
}

clean_hex 过滤十六进制字符串

public function testCleanHex(): void
{
    $strings = '0x63hello 0x6f world.';
    $out = '0hello 0 world.';

    static::assertSame($out, Helper::cleanHex($strings));
}

str_filter 字符过滤

public function testStrFilter(): void
{
    $strings = 'This is some <b>bold</b> text.';
    $out = 'This is some &lt;b&gt;bold&lt;/b&gt; text.';
    static::assertSame($out, Helper::strFilter($strings));

    $strings = ['This is some <b>bold</b> text.'];
    $out = ['This is some &lt;b&gt;bold&lt;/b&gt; text.'];
    static::assertSame($out, Helper::strFilter($strings));
}

html_filter HTML 过滤

public function testHtmlFilter(): void
{
    $strings = "foo bar<script>.<span onclick='alert(5);'>yes</span>.";
    $out = 'foo bar&lt;script&gt;.<span >yes</span>.';
    static::assertSame($out, Helper::htmlFilter($strings));

    $strings = ["foo bar<script>.<span onclick='alert(5);'>yes</span>."];
    $out = ['foo bar&lt;script&gt;.<span >yes</span>.'];
    static::assertSame($out, Helper::htmlFilter($strings));
}

html_view 字符 HTML 安全显示

public function testHtmlView(): void
{
    $strings = "i a \n here";
    $out = 'i a <br />
e';

    static::assertSame($out, Helper::htmlView($strings));
}

clean_js 过滤 JavaScript

public function testCleanJs(): void
{
    $strings = "i a <script></script> <body> <span onmouse='alert(5);'></span>".
        '<span window. xxx>'.
        '<script>window</script> here';
    $out = 'i a  here';

    static::assertSame($out, Helper::cleanJs($strings));

    $strings = 'i a <span javascript:></span> here';
    $out = 'i a <span ></span> here';

    static::assertSame($out, Helper::cleanJs($strings));
}

text 字符串文本化

public function testText(): void
{
    $strings = "i a <script></script> \n\r<body> <span onmouse='alert(5);'> here";
    $out = 'iahere';

    static::assertSame($out, Helper::text($strings));
}

strip 字符过滤 JS 和 HTML 标签

public function testStrip(): void
{
    $strings = "i a <script></script> <body> <span onmouse='alert(5);'> here";
    $out = 'i a    here';

    static::assertSame($out, Helper::strip($strings));
}

custom_htmlspecialchars 字符 HTML 安全实体

public function testCustomHtmlspecialchars(): void
{
    $strings = 'i a < here';
    $out = 'i a &lt; here';

    static::assertSame($out, Helper::customHtmlspecialchars($strings));

    $strings = ['i a < here', 'i a > here'];
    $out = ['i a &lt; here', 'i a &gt; here'];

    static::assertSame($out, Helper::customHtmlspecialchars($strings));
}

un_htmlspecialchars 字符 HTML 实体还原

public function testUnHtmlSpecialchars(): void
{
    $strings = 'i a < here';
    $out = 'i a < here';

    static::assertSame($out, Helper::unHtmlspecialchars($strings));

    $strings = ['i a &lt; here', 'i a &gt; here'];
    $out = ['i a < here', 'i a > here'];

    static::assertSame($out, Helper::unHtmlspecialchars($strings));
}