PHP:非法字符串偏移 [英] PHP: Illegal string-offset
问题描述
我的开源项目运行得很好,直到我开始进行此工作为止休息6个月.更新到最新的XAMPP,并开始收到大量奇怪的错误,其中之一是:
My open-source project was working just fine, until I started to work on it after 6 month of break. Updated to latest XAMPP, and start getting tons of weird errors, one of which is as:
我有Input类,调用者方法如下:
I have Input class, with a caller method as:
<?php
class Input
{
public function __call ( $name , $arguments )
{
if ( !in_array( $name, array( "post", "get", "cookie", "request", "server", "env" ) ) )
{
throw new Exception( "Input::" . $name . "() not declared!" );
}
$_name_of_superglobal = "_" . strtoupper( $name );
$_max_iteration_level_for_cleanup = in_array( $name, array( "server", "env" ) ) ? 1 : 10;
# $arguments[0] is the index of the value, to be fetched from within the array.
if ( !empty( $arguments[0] ) and array_key_exists( $arguments[0], $this->$name ) )
{
return $this->$name[ $arguments[0] ];
}
elseif ( !empty( $arguments[0] ) and array_key_exists( $arguments[0], $GLOBALS[ $_name_of_superglobal ] ) )
{
return $this->$name[ $this->clean__makesafe_key( $arguments[0] ) ] = $this->clean__makesafe_value( $GLOBALS[ $_name_of_superglobal ][ $arguments[0] ], array(), true );
}
elseif ( !empty( $arguments[0] ) and !array_key_exists( $arguments[0], $GLOBALS[ $_name_of_superglobal ] ) )
{
return null;
}
else
{
if ( $this->_is_cleanup_done_for[ $name ] === true )
{
return $this->$name;
}
$this->_is_cleanup_done_for[ $name ] = true;
return $this->$name = $this->clean__makesafe_recursively( $GLOBALS[ $_name_of_superglobal ], $_max_iteration_level_for_cleanup );
}
}
?>
这段代码是这样工作的:您从中询问某些超全局值,然后按需返回它的干净版本:
This piece of code, works like this: you ask certain superglobal value from it, and it returns clean version of it, on-demand:
<?php
$input = new Input();
$server_name = $input->server("SERVER_NAME");
?>
容易吗?好吧,在我用XAMPP更新PHP之后,它根本不起作用-错误是:
Easy right? Well, after I updated PHP with XAMPP, it just doesn't work [edit: it works, with the Warning message] - error is:
PHP Warning: Illegal string offset 'SERVER_NAME' in S:\...\kernel\input.php on line 159
行,它对应于代码行:
return $this->$name[ $this->clean__makesafe_key( $arguments[0] ) ] = $this->clean__makesafe_value( $GLOBALS[ $_name_of_superglobal ][ $arguments[0] ], array(), true );
这是愚蠢的:$_name_of_superglobal ="_SERVER",$arguments[0] ="SERVER_NAME",整体分配是要清除的字符串.
which is stupid: $_name_of_superglobal = "_SERVER" there, and $arguments[0] = "SERVER_NAME" and overall assignment is string which gets cleaned.
可能存在什么问题?我在这里完全迷路了!
WHAT MIGHT BE THE PROBLEM THERE? I am totally lost here!
推荐答案
简介
我知道已经回答了这个问题,但是Illegal string offset ERROR并不是我在这里看到的唯一问题.我相信,它们是更好的方式来介绍您想要的灵活性,并且仍然可以在不使用complexity和使用$GLOBALS的情况下保存元素.
I know this has been answered but Illegal string offset ERROR is not the only issue i see here. I belive they are better ways to introduce the flexibility you want and also still make elements save without all that complexity and using of $GLOBALS.
您可以先查看:
- Are global variables in PHP considered bad practice? If so, why?
- PHP global in functions
- Why global state is the devil, and how to avoid using it
快速查看
$input = new Input(); <-- You add to initiate a class
$server_name = $input->server("SERVER_NAME");
^ ^ ^
| | |
variable | |
Variable |
Variable
我不确定是什么原因阻止了您使用
Am not sure what stops you from just using
$_SERVER['SERVER_NAME'] = makeSave($_SERVER['SERVER_NAME']);
^
|- I guess this is what you want to introduce
假设-您想要获得灵活性
假设您既要灵活性又要递归,那么您的类调用就可以像:
Lest assume you want flexibility and also recursion then your class call can be as flexible as :
print_r($input->SERVER_NAME); |
print_r($input['SERVER_NAME']); |----- Would Produce same result
print_r($input->SERVER_NAME()); |
如果这是您想要的灵活性,那么我会考虑将__get,__call和ArrayAccess完全结合在一起...
If this is the kind of flexibility you want the i would consider you combine __get , __call and ArrayAccess altogether ...
让我们想象
$var = array();
$var["name"] = "<b>" . $_SERVER['SERVER_NAME'] . "</b>";
$var["example"]['xss'] = '<IMG SRC=javascript:alert("XSS")>';
$var["example"]['sql'] = "x' AND email IS NULL; --";
$var["example"]['filter'] = "Let's meet 4:30am Ât the \tcafé\n";
$_SERVER['SERVER_NAME'] = $var ; // Just for example
立即返回您的格式
$makeSave = new MakeSafe(MakeSafe::SAVE_XSS | MakeSafe::SAVE_FILTER);
$input = new Input($_SERVER, $makeSafe);
//You can
print_r($input->SERVER_NAME);
//Or
print_r($input['SERVER_NAME']);
//Or
print_r($input->SERVER_NAME());
Array
(
[0] => <b>localhost</b>
[1] => Array
(
[0] => <IMG SRC=javascript:alert("XSS")>
[1] => x' AND email IS NULL; --
[2] => Let's meet 4:30am Ât the 	café
)
)
您的INPUT类已修改
class INPUT implements \ArrayAccess {
private $request = array();
private $makeSafe;
public function __construct(array $array, MakeSafe $makeSafe) {
$this->request = $array;
$this->makeSave = $makeSafe;
}
function __get($offset) {
return $this->offsetGet($offset);
}
function __call($offset, $value) {
return $this->offsetGet($offset);
}
public function setRequest(array $array) {
$this->request = $array;
}
public function offsetSet($offset, $value) {
trigger_error("Error: SUPER GLOBAL data cannot be modified");
}
public function offsetExists($offset) {
return isset($this->request[$offset]);
}
public function offsetUnset($offset) {
unset($this->request[$offset]);
}
public function offsetGet($offset) {
return isset($this->request[$offset]) ? $this->makeSave->parse($this->request[$offset]) : null;
}
}
使您的Save方法成为类
class MakeSafe {
const SAVE_XSS = 1;
const SAVE_SQL = 2;
const SAVE_FILTER_HIGH = 4;
const SAVE_FILTER_LOW = 8;
const SAVE_FILTER = 16;
private $options;
function __construct($options) {
$this->options = $options;
}
function escape($value) {
if ($value = @mysql_real_escape_string($value))
return $value;
$return = '';
for($i = 0; $i < strlen($value); ++ $i) {
$char = $value[$i];
$ord = ord($char);
if ($char !== "'" && $char !== "\"" && $char !== '\\' && $ord >= 32 && $ord <= 126)
$return .= $char;
else
$return .= '\\x' . dechex($ord);
}
return $return;
}
function parse($mixed) {
if (is_string($mixed)) {
$this->options & self::SAVE_XSS and $mixed = htmlspecialchars($mixed, ENT_QUOTES, 'UTF-8');
$this->options & self::SAVE_SQL and $mixed = $this->escape($mixed);
$this->options & self::SAVE_FILTER_HIGH and $mixed = filter_var($mixed, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH);
$this->options & self::SAVE_FILTER_LOW and $mixed = filter_var($mixed, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_LOW);
$this->options & self::SAVE_FILTER and $mixed = filter_var($mixed, FILTER_SANITIZE_STRING, FILTER_FLAG_ENCODE_HIGH | FILTER_FLAG_ENCODE_LOW);
return $mixed;
}
if (is_array($mixed)) {
$all = array();
foreach ( $mixed as $data ) {
$all[] = $this->parse($data);
}
return $all;
}
return $mixed;
return $this->final;
}
}
结论
如果我说我知道已经回答了这个问题,但我希望这可以帮助其他人不要编写像您一样的代码...
Has i said i know this has been answered but i hope this helps someone else not to write code like yours ...
PS:这也已修复您的PHP警告:字符串偏移量非法
这篇关于PHP:非法字符串偏移的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
