安全过滤

可以对用户输入数据进行过滤。

引入相关类

  • use Leevel\Encryption\Safe;

    添加模式转义和移除魔术方法转义

  1. public function testBaseUse()
  2. {
  3.     $strings = "O'Reilly?";
  4.     $out = "O\\'Reilly?";
  6.     $this->assertSame($out, Safe::customAddslashes($strings));
  8.     $this->assertSame($strings, Safe::customStripslashes($out));
  10.     $arrays = ["O'Reilly?" => "O'Reilly?"];
  11.     $outs = ["O\\'Reilly?" => "O\\'Reilly?"];
  13.     $this->assertSame($outs, Safe::customAddslashes($arrays));
  15.     $this->assertSame($arrays, Safe::customStripslashes($outs));
  16. }

深度过滤

  1. public function testDeepReplace()
  2. {
  3.     $strings = 'You should eat fruits, vegetables, and fiber every day.';
  4.     $out = 'You should eat fruits, vegetables, and fiber every .';
  6.     $this->assertSame($out, Safe::deepReplace(['shoule', 'day'], $strings));
  7. }

url 安全过滤

  1. public function testEscUrl()
  2. {
  3.     $strings = 'You should eat fruits, vegetables, and fiber every day.';
  4.     $out = 'You should eat fruits, vegetables, and fiber every .';
  6.     $this->assertSame('', Safe::escUrl(''));
  8.     $this->assertSame(
  9.         'http://example.org/private.php?user=abc&email=abc@11.org',
  10.         Safe::escUrl('example.org/private.php?user=abc&email=abc@11.org')
  11.     );
  13.     $this->assertSame(
  14.         'http://example.org/private.php?user=abc&email=abc@11.org',
  15.         Safe::escUrl('http;//example.org/private.php?user=abc&email=abc@11.org')
  16.     );
  18.     $this->assertSame(
  19.         'http://example.org/private.php?user=abc&email=abc@11.org',
  20.         Safe::escUrl('http://example.org/private.php?user=abc%0D%0A&email=abc@11.org')
  21.     );
  22. }

过滤 script

  1. public function testFilterScript()
  2. {
  3.     $strings = '<script>hello world.';
  4.     $out = '&lt;script>hello world.';
  6.     $this->assertSame($out, Safe::filterScript($strings));
  7. }

过滤十六进制字符串

  1. public function testCleanHex()
  2. {
  3.     $strings = '0x63hello 0x6f world.';
  4.     $out = '0hello 0 world.';
  6.     $this->assertSame($out, Safe::cleanHex($strings));
  7. }

签名算法支持

  1. public function testSignature()
  2. {
  3.     $query = [
  4.         'foo'   => 'bar',
  5.         'hello' => 'world',
  6.     ];
  8.     $signature = Safe::signature($query, '123456');
  10.     $this->assertSame('dc6cfa1e1f6eaf29c73622f4d4c54be57d545c1d7c377dade88faccb5a79d2d8', $signature);
  11. }

签名算法支持忽略字段

  1. public function testSignatureWithIgnore()
  2. {
  3.     $query = [
  4.         'foo'       => 'bar',
  5.         'hello'     => 'world',
  6.         'signature' => 'dc6cfa1e1f6eaf29c73622f4d4c54be57d545c1d7c377dade88faccb5a79d2d8',
  7.         'timestamp' => 1541312367,
  8.     ];
  10.     $signature = Safe::signature($query, '123456', ['signature', 'timestamp']);
  12.     $this->assertSame('dc6cfa1e1f6eaf29c73622f4d4c54be57d545c1d7c377dade88faccb5a79d2d8', $signature);
  13. }

签名算法支持子数组

  1. public function testSignatureWithSubArray()
  2. {
  3.     $query = [
  4.         'foo'   => 'bar',
  5.         'hello' => 'world',
  6.         'sub'   => [
  7.             'hello' => 'world',
  8.         ],
  9.     ];
  11.     $signature = Safe::signature($query, '123456');
  13.     $this->assertSame('2bd98c89629fae202c680b33430eb9c909b25f4e8a8dca91752fabd1e14735d1', $signature);
  14. }