Publicado em 29 de nov.

Compartilhando Classe de Segurança

fiz dois um se nao for ter nenhum get, e outro caso haja get de busca, uso em conjunto com o PHP IDS, no caso eu uso minha classe para tratar todos os post, e somente Get de Busca caso a busca do site for vai get), depois de tratada ele passa pelo phpIDS que se encontrar algo executa um Die e ja era bloqueado, mas caso nao ele prossiga, fiz isso pq as vezes coisas com aspas pode se identificado como XSS aí desse jeito ele converte para códigos html.. e fica sussa. evitando erros desnecessários, coloquei também um array exceção para post de editor de texto.

acabei de fazer o script e não comentei nada ainda, mas depois quando eu comentar eu atualizo ele aki.

<?php
class SecurityCenter
{

public function __construct($SecurityCenter){
foreach ($SecurityCenter as $key=>$value){
$this->SecurityIterate($key,$value);
}
}

private function SecurityIterate($key,$value)
 {

 $ecept=array();
 if (!is_array($value)) {
 if (is_string($value)) {
 $key=explode(';',$key);
 if (!is_array($key)) {
 if(!in_array($key,$ecept)){
 if(isset($_POST[$key])){
 $_POST[$key]= $this->Replace($value);
 }
 $_REQUEST[$key]= $this->Replace($value);
 }
 }else{
 $Ckey=count($key);
 if($Ckey==1){
 if(!in_array($key,$ecept)){

 if(isset($_POST[$key[0]])){
 $_POST[$key[0]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]]= $this->Replace($value);
 }
 }elseif($Ckey==2){
 if(!in_array($key[1],$ecept)){

 if(isset($_POST[$key[0]][$key[1]])){
 $_POST[$key[0]][$key[1]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]]= $this->Replace($value);
 }
 }elseif($Ckey==3){
 if(!in_array($key[2],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]])){
 $_POST[$key[0]][$key[1]][$key[2]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]]= $this->Replace($value);
 }
 }elseif($Ckey==4){
 if(!in_array($key[3],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]]= $this->Replace($value);
 }
 }elseif($Ckey==5){
 if(!in_array($key[4],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]]= $this->Replace($value);
 }
 }elseif($Ckey==6){
 if(!in_array($key[5],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]]= $this->Replace($value);
 }
 }elseif($Ckey==7){
 if(!in_array($key[6],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]]= $this->Replace($value);
 }
 }elseif($Ckey==8){
 if(!in_array($key[7],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]]= $this->Replace($value);
 }
 }elseif($Ckey==9){
 if(!in_array($key[8],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]]= $this->Replace($value);
 }
 }elseif($Ckey==10){
 if(!in_array($key[9],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]]= $this->Replace($value);
 }
 }
 }
 }
 } else {
 foreach ($value as $subKey => $subValue) {
 $this->SecurityIterate($key . ';' . $subKey, $subValue);
 }
 }

 }

private function Replace($Replace)
 {

 //ENT_QUOTES
 $Replace	=	htmlentities($Replace, ENT_COMPAT | ENT_IGNORE, "UTF-8");
 $Replace	=	str_replace("'",'’',$Replace);
 $aprovado = strip_tags(trim($Replace));
 return $aprovado;
 }

}
if(isset($_REQUEST)){
$SecurityCenter = new SecurityCenter($_REQUEST);
}
?>

 

<?php

class SecurityCenter
{

public function __construct($SecurityCenter){
foreach ($SecurityCenter as $key=>$value){
$this->SecurityIterate($key,$value);
}
}

private function SecurityIterate($key,$value)
 {

 $ecept=array();
 $Busca=array('Search','search','usuario/search');
 if (!is_array($value)) {
 if (is_string($value)) {
 $key=explode(';',$key);
 if (!is_array($key)) {
 if(!in_array($key,$ecept)){
 if(isset($_POST[$key])){
 $_POST[$key]= $this->Replace($value);
 }elseif(isset($_GET[$key])&& in_array($key,$Busca)){
 $_GET[$key]= $this->Replace($value);
 }
 $_REQUEST[$key]= $this->Replace($value);
 }
 }else{
 $Ckey=count($key);
 if($Ckey==1){
 if(!in_array($key,$ecept)){

 if(isset($_POST[$key[0]])){
 $_POST[$key[0]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]])&& in_array($key[0],$Busca)){
 $_GET[$key[0]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]]= $this->Replace($value);
 }
 }elseif($Ckey==2){
 if(!in_array($key[1],$ecept)){

 if(isset($_POST[$key[0]][$key[1]])){
 $_POST[$key[0]][$key[1]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]])&& in_array($key[1],$Busca)){
 $_GET[$key[0]][$key[1]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]]= $this->Replace($value);
 }
 }elseif($Ckey==3){
 if(!in_array($key[2],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]])){
 $_POST[$key[0]][$key[1]][$key[2]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]])&& in_array($key[2],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]]= $this->Replace($value);
 }
 }elseif($Ckey==4){
 if(!in_array($key[3],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]][$key[3]])&& in_array($key[3],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]][$key[3]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]]= $this->Replace($value);
 }
 }elseif($Ckey==5){
 if(!in_array($key[4],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]])&& in_array($key[4],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]]= $this->Replace($value);
 }
 }elseif($Ckey==6){
 if(!in_array($key[5],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]])&& in_array($key[5],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]]= $this->Replace($value);
 }
 }elseif($Ckey==7){
 if(!in_array($key[6],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]])&& in_array($key[6],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]]= $this->Replace($value);
 }
 }elseif($Ckey==8){
 if(!in_array($key[7],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]])&& in_array($key[7],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]]= $this->Replace($value);
 }
 }elseif($Ckey==9){
 if(!in_array($key[8],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]])&& in_array($key[8],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]]= $this->Replace($value);
 }
 }elseif($Ckey==10){
 if(!in_array($key[9],$ecept)){

 if(isset($_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]])){
 $_POST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]]= $this->Replace($value);
 }elseif(isset($_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]])&& in_array($key[9],$Busca)){
 $_GET[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]]= $this->Replace($value);
 }
 $_REQUEST[$key[0]][$key[1]][$key[2]][$key[3]][$key[4]][$key[5]][$key[6]][$key[7]][$key[8]][$key[9]]= $this->Replace($value);
 }
 }
 }
 }
 } else {
 foreach ($value as $subKey => $subValue) {
 $this->SecurityIterate($key . ';' . $subKey, $subValue);
 }
 }

 }

private function Replace($Replace)
 {
 //ENT_QUOTES
 $Replace	=	htmlentities($Replace, ENT_COMPAT | ENT_IGNORE, "UTF-8");
 $Replace	=	str_replace("'",'’',$Replace);
 $aprovado = strip_tags(trim($Replace));
 return $aprovado;
 }

}
if(isset($_REQUEST)){
$SecurityCenter = new SecurityCenter($_REQUEST);
}
?>

Discussão (8)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...