| public static filterScript ( string $value ) : string | ||
| $value | string | 需要过滤的值 |
| Результат | string | |
public static function filterScript($value)
{
$value = preg_replace("/javascript:/i", "&111", $value);
$value = preg_replace("/(javascript:)?on(click|load|key|mouse|error|abort|move|unload|change|dblclick|move|reset|resize|submit)/i", "&111n\\2", $value);
$value = preg_replace("/<script(.*?)>(.*?)<\\/script>/si", "<script\\1>\\2</script>", $value);
$value = preg_replace("/<iframe(.*?)>(.*?)<\\/iframe>/si", "<iframe\\1>\\2</iframe>", $value);
$value = preg_replace("/<object.+<\\/object>/isU", '', $value);
return $value;
} /**
* URL组装 支持不同URL模式
* eg: \Cml\Http\Response::url('Home/Blog/cate/id/1')
*
* @param string $url URL表达式 路径/控制器/操作/参数1/参数1值/.....
* @param int $echo 是否输出 1输出 0 return
*
* @return string
*/
public static function url($url = '', $echo = 1)
{
$return = '';
// 解析URL
if (empty($url)) {
throw new \InvalidArgumentException(Lang::get('_NOT_ALLOW_EMPTY_', 'url'));
//'U方法参数出错'
}
// URL组装
$delimiter = Config::get('url_pathinfo_depr');
$url = ltrim($url, '/');
$url = implode($delimiter, explode('/', $url));
if (Config::get('url_model') == 1) {
$return = $_SERVER['SCRIPT_NAME'] . '/' . $url;
} elseif (Config::get('url_model') == 2) {
$return = Cml::getContainer()->make('cml_route')->getSubDirName() . $url;
} elseif (Config::get('url_model') == 3) {
$return = $_SERVER['SCRIPT_NAME'] . '?' . Config::get('var_pathinfo') . '=/' . $url;
}
$return .= Config::get('url_model') == 2 ? Config::get('url_html_suffix') : '';
$return = Secure::filterScript($return);
if ($echo === 1) {
echo $return;
} else {
return $return;
}
return '';
}