parse_str随机向键添加分号 [英] parse_str randomly adding semicolons to keys
问题描述
我将查询字符串作为查询字符串的一部分传递给PHP脚本。
Kinda像这样:
$。post('/ url',{
id:postID
filters:$('#form')。serialize b});然后在我的PHP中,我使用 parse_str
<要读取过滤器
:
<?php
postID = $ this-> input-> post('id');
parse_str($ this-> input-> post('filters'),$ filters);
问题是 parse_str
code>; 随机到键。我得到这样的结果:
array(4){
[users] =>
string(0)
[companies;] =>
string(0)
[pref; _123] =>
string(0)
[products;] =>
array(2){
[0] =>
string(4)1234
[1] =>
string(4)5678
}
}
为什么服务器添加;
?我试过在另一台服务器,这不会发生。
parse_str
的错误,但某种XSS过滤器。 $ this-> input-> post('filters')
(甚至 $ _ POST ['filters']
!)包含;
字符。 :我设法通过执行以下操作来修复: $ filters = array_combine(array_map(function($ x){
return str_replace(';','',$ x);
},array_keys($ filters)),array_values($ filters));
这是由配置变量 global_xss_filtering
。将其设置为false可禁用此行为。
另请参阅:
xss_clean为带有& 的任何内容添加分号
CodeIgniter添加分号
I am passing a query string as part of my query string to a PHP script.
Kinda like this:
$.post('/url', {
id: postID
filters: $('#form').serialize()
});
Then in my PHP, I use parse_str
to read filters
:
<?php
$postID = $this->input->post('id');
parse_str($this->input->post('filters'), $filters);
The problem is that parse_str
is adding ;
s randomly to the keys. I'm getting a result like this:
array(4) {
["users"]=>
string(0) ""
["companies;"]=>
string(0) ""
["pref;_123"]=>
string(0) ""
["products;"]=>
array(2) {
[0]=>
string(4) "1234"
[1]=>
string(4) "5678"
}
}
Why is the server adding ;
? I tried it on another server, and this doesn't happen. It also doesn't happen when testing via CLI.
EDIT: Seems this is not parse_str
's fault, but some sort of XSS filter. $this->input->post('filters')
(and even $_POST['filters']
!) contains the ;
characters. I checked, and jQuery is not adding them.
EDIT: I managed to "fix" this by doing:
$filters = array_combine(array_map(function($x){
return str_replace(';', '', $x);
}, array_keys($filters)), array_values($filters));
This is caused by the config variable global_xss_filtering
in Codeigniter. Set it to false to disable this behaviour.
See also:
xss_clean adds semicolon to anything with an &
CodeIgniter adding semicolons
这篇关于parse_str随机向键添加分号的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!