PHP后取出样式属性 [英] PHP post removing styles attribute

查看:90
本文介绍了PHP后取出样式属性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个奇怪的情况,我似乎无法找到谷歌的答案。

我是把一个JavaScript数组,应用JSON.stringify它,然后通过AJAX发布到一个PHP控制器存储在一个表中,现在json_en codeD阵列。一旦通过AJAX发布时,$ _ POST以某种方式剥离风格上的HTML提交属性。

下面是示例HTML正在通过JavaScript / jQuery的抓住了:

 <DIV CLASS =blahblah的风格=边界:1px的固体#000000;><强>测试< / STRONG>< / DIV>
 

下面是AJAX后code:

  VAR post_data = [];
    $(divclasshere)。每个(函数(){
        post_data.push({HTML:$(本)。html的()});
    });
    VAR数据= JSON.stringify(post_data);
    $阿贾克斯({
        键入:POST,
        网址:拯救,
        数据:{内容:数据},
        成功:函数(结果){
        }
    });
 

这里是控制器的功能将其保存到数据库:

  $数据=阵列(
    '内容'=> $这个 - >输入 - >后期(内容)
);
$这个 - > DB->更新('表',$数据);
 

如果我的print_r在PHP控制器上的数据,我得到(例如)

 < D​​IV CLASS =blahblah><强>测试< / STRONG>< / DIV>
 

但是,没有风格的DIV CLASS =blahblah元素属性。我使用codeIgniter是否有差别?在某些情况下,去掉第一部分:风格=边界:1px的,并留下固体#000000;

编辑:

下面是被发布(作为一个例子):

 内容:[{HTML:< D​​IV CLASS = \内容\风格= \边界:1px的固体#000000; \>< / DIV&GT ;}]
 

和这里是被print_r'd:

 < pre> [{HTML:< D​​IV CLASS = \内容\固体#000000; \>< / DIV>中}]
 

解决方案

核心_remove_evil_attributes函数从标签的样式属性。为了克服这个问题,你有一个解决方法吧。只要创建应用程序的核心目录(应用程序/核心/ MY_security.php )内的文件名My_Security.php并粘贴以下code。在它覆盖默认功能。

 < PHP的,如果(定义(BASEPATH')!)出口('没有直接的脚本允许访问);
类MY_Security扩展CI_Security {
    功能__construct()
    {
      父:: __结构();
    }

    // ------------------------------------------------ --------------------

    / *
        *修正了cb_cms
     * /
    保护功能_remove_evil_attributes($海峡,$ is_image)
    {
        //所有的JavaScript事件处理程序(如onload事件,的onclick,的onmouseover),风格,和xmlns
        $允许=阵列(允许的网址不一样'/管理/ EditText上/'域);
        如果(in_array($ _ SERVER ['REQUEST_URI'],$允许)){
            $ evil_attributes =阵列('上\ W *','的xmlns');
        }其他{
            $ evil_attributes =阵列('上\ W *','风格','的xmlns');
        }

        如果($ is_image ===真)
        {
            / *
             * Adob​​e公司的Photoshop把XML元数据到JFIF图像,
             *包括命名空间,所以我们必须让本作的图像。
             * /
            取消设置($ evil_attributes [array_search('的xmlns',$ evil_attributes)]);
        }

        做 {
            $海峡= preg_replace(
                #&LT;(?/ [^&GT;&LT;] +)([^ A-ZA-Z \  - ])(内爆('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
                &LT; $ 1 $ 6,
                $海峡,-1,$数
            );
        }而($计数);

        返回$海峡;
    }

}
?&GT;
 

I have a weird situation and I can't seem to find the answer on Google.

I am taking a javascript array, applying JSON.stringify to it, and then posting via AJAX to a php controller for storing the now json_encoded array in a table. Upon posting via ajax, the $_POST is somehow stripping the styles attribute on the html being submitted.

Here is the sample html being grabbed via javascript/jquery:

<"div class="blahblah" style="border:1px solid #000000;"><strong>test</strong></div>

Here is the AJAX post code:

var post_data = [];
    $("divclasshere").each(function(){
        post_data.push({html:$(this).html()});
    });
    var data = JSON.stringify(post_data); 
    $.ajax({
        type: "POST",
        url: "save",
        data: { content: data },
        success: function(result){
        }
    });

And here is the controller function that saves it to the db:

$data = array(
    'content' => $this->input->post('content')
);
$this->db->update('table', $data);

If I print_r on the data on the PHP controller, I get (example)

<div class="blahblah"><strong>test</strong></div>

But no styles attribute on the div class="blahblah" element. I am using CodeIgniter if that makes a difference? In some cases, it strips the first part: style="border:1px and leaves solid #000000;"

EDIT:

Here is what gets posted (as an example):

content:[{"html":"<div class=\"content\" style=\"border:1px solid #000000;\"></div>"}]

And here is what gets print_r'd:

<pre>[{"html":"<div class=\"content\"  solid #000000;\"></div>"}]

解决方案

The core _remove_evil_attributes function removes the style attribute from the tags. To overcome this problem you have a workaround for it. Just create a file name My_Security.php inside the core directory of your application (application/core/MY_security.php) and paste the following code in it to override default function.

<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
class MY_Security extends CI_Security {
    function __construct()
    {
      parent::__construct();
    }

    // --------------------------------------------------------------------

    /*
        * Modified for cb_cms
     */
    protected function _remove_evil_attributes($str, $is_image)
    {
        // All javascript event handlers (e.g. onload, onclick, onmouseover), style, and xmlns
        $allowed = array("your allowed url's without domain like '/admin/edittext/'");
        if(in_array($_SERVER['REQUEST_URI'],$allowed)){
            $evil_attributes = array('on\w*', 'xmlns');
        }else{
            $evil_attributes = array('on\w*', 'style', 'xmlns');
        }

        if ($is_image === TRUE)
        {
            /*
             * Adobe Photoshop puts XML metadata into JFIF images, 
             * including namespacing, so we have to allow this for images.
             */
            unset($evil_attributes[array_search('xmlns', $evil_attributes)]);
        }

        do {
            $str = preg_replace(
                "#<(/?[^><]+?)([^A-Za-z\-])(".implode('|', $evil_attributes).")(\s*=\s*)([\"][^>]*?[\"]|[\'][^>]*?[\']|[^>]*?)([\s><])([><]*)#i",
                "<$1$6",
                $str, -1, $count
            );
        } while ($count);

        return $str;
    }

} 
?>

这篇关于PHP后取出样式属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆