通过 
搜索
搜索mecanik / sanitiser-x
此包已被放弃,不再维护。未建议替代包。
关于此包最新版本(dev-master)没有可用的许可证信息。
Zend 2/3 模块,可对请求和输入进行XSS(跨站脚本)、CSRF(跨站请求伪造)、RFI(远程文件包含)、LFI(本地文件包含)、SQLi(SQL注入)等安全验证...
dev-master
2018-05-18 13:15 UTC
Requires
- php: >=7.0
- geoip/geoip: ^1.17
- guzzlehttp/guzzle: ~6.0
- zendframework/zend-eventmanager: ~3.0
- zendframework/zend-filter: ^2.7
- zendframework/zend-hydrator: ^2.2
- zendframework/zend-modulemanager: ~2.7
- zendframework/zend-mvc: ^3.0
- zendframework/zend-mvc-console: ^1.1
- zendframework/zend-servicemanager: ~3.0
- zendframework/zend-view: ^2.8
Requires (Dev)
- phpunit/phpunit: ~5.7
- zendframework/zend-config: ^3.1
- zendframework/zend-i18n: ^2.7
- zendframework/zend-log: ^2.9
- zendframework/zend-serializer: ^2.8
This package is not auto-updated.
Last update: 2020-08-22 07:16:42 UTC
README
Zend 2/3 模块,可对请求和输入进行XSS(跨站脚本)、CSRF(跨站请求伪造)、RFI(远程文件包含)、LFI(本地文件包含)、SQLi(SQL注入)等安全验证...
由于此模块处于活跃开发中,以下说明可能会更改。请定期检查最新更新、设置、功能和实现。
Zend Framework 3 指令
使用 composer 安装模块
composer require mecanik/sanitiser-x
在 PROJECT\config\autoload 中创建 sanitiserx.local.php
<?php
/**
* SanitiserX
*
* Zend 2/3 Module that sanitises requests and inputs against XSS, SQL Injection and more
*
* @link https://github.com/Mecanik/SanitiserX
* @copyright Copyright (c) 2018 Norbert Boros ( a.k.a Mecanik )
* @license https://github.com/Mecanik/SanitiserX/blob/master/LICENSE
*/
return [
// More settings are being added, this is just basic
'sanitiserx_config' => [
'REQUESTS_FILTER_GET' => 1,
'REQUESTS_GET' => [
'AUTO_FILTER_XSS' => 1,
'AUTO_FILTER_SQL' => 1,
],
'REQUESTS_FILTER_POST'=> 1,
'REQUESTS_POST' => [
'AUTO_FILTER_XSS' => 1,
'AUTO_FILTER_SQL' => 1,
],
'REQUESTS_FILTER_COOKIES'=> 0,
'REQUESTS_COOKIES' => [
'AUTO_FILTER_XSS' => 0,
'AUTO_FILTER_SQL' => 0,
],
'REQUESTS_FILTER_HTTP_USER_AGENT'=> 0,
'REQUESTS_FILTER_HTTP_REFERER'=> 0,
'REQUESTS_FILTER_HTTP_PATH_INFO'=> 0,
'REQUESTS_FILTER_HTTP_PATH_TRANSLATED'=> 0,
'REQUESTS_FILTER_HTTP_PHP_SELF'=> 0,
'OPTIONS' => [
'LOG' => [
'LOG_UID' => 1,
'LOG_IP' => 1,
'LOG_DNS' => 1,
'LOG_REFERER' => 1,
'LOG_REQUEST_URL' => 1,
'LOG_REQUEST_METHOD' => 1,
],
]
],
];
在 module.config.php 中添加以下内容
use Mecanik\SanitiserX\SanitiserXManager;
use Mecanik\SanitiserX\Service\SanitiserXManagerFactory;
'service_manager' => [
'factories' => [
SanitiserXManager::class => SanitiserXManagerFactory::class,
],
],
在 PROJECT\config\modules.config.php 中加载模块
'Mecanik\SanitiserX',
将服务注入到您的控制器中
use Mecanik\SanitiserX\SanitiserXManager;
// This is just for example, MyController is your controller
class MyControllerFactory implements FactoryInterface
{
public function __invoke(ContainerInterface $container, $requestedName, array $options = null)
{
$security = $container->get(SanitiserXManager::class);
// Instantiate the controller and inject dependencies
return new MyController($security);
}
}
并在控制器中使用这些函数
use Mecanik\SanitiserX\SanitiserXManager;
// This is just for example, MyController is your controller
class MyController extends AbstractActionController
{
/**
* Mecanik's Sanitiser Modules
* @var SanitiserXManager
*/
private $security;
/**
* Constructor. Its purpose is to inject dependencies into the controller.
*/
public function __construct($security)
{
$this->security = $security;
}
public function someAction()
{
$this->security->SanitiseInput($_GET['username'], 1);
}
}
当前过滤选项
// Cross-Site Scripting
// FILTER_TYPE_XSS = 1
$this->security->SanitiseInput($_GET['username'], 1);
//Cross-Site Request Forgery
//FILTER_TYPE_CSRF = 2
$this->security->SanitiseInput($_GET['username'], 2);
//SQL Injection
//FILTER_TYPE_SQLi = 3
$this->security->SanitiseInput($_GET['username'], 3);
//Remote File Inclusion
//FILTER_TYPE_RFI = 4
$this->security->SanitiseInput($_GET['username'], 4);
//Local File Inclusion
//FILTER_TYPE_LFI = 5
$this->security->SanitiseInput($_GET['username'], 5);
//All filters possible
//FILTER_TYPE_ALL = 6
$this->security->SanitiseInput($_GET['username'], 6);