dedecms虽然有诸多漏洞,但不可否认确实是一个很不错的内容管理系统(cms),其他也不乏很多功能实用性的函数,以下就部分列举,持续更新,不作过多说明。使用时需部分修改,你懂的

1.XSS过滤

function XSSClean($val) {

    global $cfg_soft_lang;

    if($cfg_soft_lang=='gb2312') gb2utf8($val);

    if (is_array($val))

    {

        while (list($key) = each($val))

        {

            if(in_array($key,array('tags','body','dede_fields','dede_addonfields','dopost','introduce'))) continue;

            $val[$key] = XSSClean($val[$key]);

        }

        return $val;

    }

    $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);

    $search = 'abcdefghijklmnopqrstuvwxyz';

    $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';

    $search .= '1234567890!@#$%^&*()';

    $search .= '~`";:?+/={}[]-_|\'\\';

    for ($i = 0; $i < strlen($search); $i++) {

      $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;

      $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;

    }

    $val = str_replace("`","‘",$val);

    $val = str_replace("'","‘",$val);

    $val = str_replace("\"","“",$val);

    $val = str_replace(",",",",$val);

    $val = str_replace("(","(",$val);

    $val = str_replace(")",")",$val);

    $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');

    $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');

    $ra = array_merge($ra1, $ra2);

    $found = true;

    while ($found == true) {

      $val_before = $val;

      for ($i = 0; $i < sizeof($ra); $i++) {

         $pattern = '/';

         for ($j = 0; $j < strlen($ra[$i]); $j++) {

            if ($j > 0) {

               $pattern .= '(';

               $pattern .= '(&#[xX]0{0,8}([9ab]);)';

               $pattern .= '|';

               $pattern .= '|(&#0{0,8}([9|10|13]);)';

               $pattern .= ')*';

            }

            $pattern .= $ra[$i][$j];

         }

         $pattern .= '/i';

         $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);

         $val = preg_replace($pattern, $replacement, $val);

         if ($val_before == $val) {

            $found = false;

         }

      }

    }

    if($cfg_soft_lang=='gb2312') utf82gb($val);

    return $val;

}

$_GET = XSSClean($_GET);

$_POST = XSSClean($_POST);

$_REQUEST = XSSClean($_REQUEST);

$_COOKIE = XSSClean($_COOKIE);

2.编码函数

$UC2GBTABLE = $CODETABLE = $BIG5_DATA = $GB_DATA = '';

$GbkUniDic = null;

/**

 *  UTF-8 转GB编码

 *

 * @access    public

 * @param     string  $utfstr  需要转换的字符串

 * @return    string

 */

if ( ! function_exists('utf82gb'))

{

    function utf82gb($utfstr)

    {

        if(function_exists('iconv'))

        {

            return iconv('utf-8','gbk//ignore',$utfstr);

        }

        global $UC2GBTABLE;

        $okstr = "";

        if(trim($utfstr)=="")

        {

            return $utfstr;

        }

        if(empty($UC2GBTABLE))

        {

            $filename = DEDEINC."/data/gb2312-utf8.dat";

            $fp = fopen($filename,"r");

            while($l = fgets($fp,15))

            {

                $UC2GBTABLE[hexdec(substr($l, 7, 6))] = hexdec(substr($l, 0, 6));

            }

            fclose($fp);

        }

        $okstr = "";

        $ulen = strlen($utfstr);

        for($i=0;$i<$ulen;$i++)

        {

            $c = $utfstr[$i];

            $cb = decbin(ord($utfstr[$i]));

            if(strlen($cb)==8)

            {

                $csize = strpos(decbin(ord($cb)),"0");

                for($j=0;$j < $csize;$j++)

                {

                    $i++; $c .= $utfstr[$i];

                }

                $c = utf82u($c);

                if(isset($UC2GBTABLE[$c]))

                {

                    $c = dechex($UC2GBTABLE[$c]+0x8080);

                    $okstr .= chr(hexdec($c[0].$c[1])).chr(hexdec($c[2].$c[3]));

                }

                else

                {

                    $okstr .= "&#".$c.";";

                }

            }

            else

            {

                $okstr .= $c;

            }

        }

        $okstr = trim($okstr);

        return $okstr;

    }

}

/**

 *  GB转UTF-8编码

 *

 * @access    public

 * @param     string  $gbstr  gbk的字符串

 * @return    string

 */

if ( ! function_exists('gb2utf8'))

{

    function gb2utf8($gbstr)

    {

        if(function_exists('iconv'))

        {

            return iconv('gbk','utf-8//ignore',$gbstr);

        }

        global $CODETABLE;

        if(trim($gbstr)=="")

        {

            return $gbstr;

        }

        if(empty($CODETABLE))

        {

            $filename = DEDEINC."/data/gb2312-utf8.dat";

            $fp = fopen($filename,"r");

            while ($l = fgets($fp,15))

            {

                $CODETABLE[hexdec(substr($l, 0, 6))] = substr($l, 7, 6);

            }

            fclose($fp);

        }

        $ret = "";

        $utf8 = "";

        while ($gbstr != '')

        {

            if (ord(substr($gbstr, 0, 1)) > 0x80)

            {

                $thisW = substr($gbstr, 0, 2);

                $gbstr = substr($gbstr, 2, strlen($gbstr));

                $utf8 = "";

                @$utf8 = u2utf8(hexdec($CODETABLE[hexdec(bin2hex($thisW)) - 0x8080]));

                if($utf8!="")

                {

                    for ($i = 0;$i < strlen($utf8);$i += 3)

                    $ret .= chr(substr($utf8, $i, 3));

                }

            }

            else

            {

                $ret .= substr($gbstr, 0, 1);

                $gbstr = substr($gbstr, 1, strlen($gbstr));

            }

        }

        return $ret;

    }

}

/**

 *  Unicode转utf8

 *

 * @access    public

 * @param     string  $c  Unicode的字符串内容

 * @return    string

 */

if ( ! function_exists('u2utf8'))

{

    function u2utf8($c)

    {

        for ($i = 0;$i < count($c);$i++)

        {

            $str = "";

        }

        if ($c < 0x80)

        {

            $str .= $c;

        }

        else if ($c < 0x800)

        {

            $str .= (0xC0 | $c >> 6);

            $str .= (0x80 | $c & 0x3F);

        }

        else if ($c < 0x10000)

        {

            $str .= (0xE0 | $c >> 12);

            $str .= (0x80 | $c >> 6 & 0x3F);

            $str .= (0x80 | $c & 0x3F);

        }

        else if ($c < 0x200000)

        {

            $str .= (0xF0 | $c >> 18);

            $str .= (0x80 | $c >> 12 & 0x3F);

            $str .= (0x80 | $c >> 6 & 0x3F);

            $str .= (0x80 | $c & 0x3F);

        }

        return $str;

    }

}

/**

 *  utf8转Unicode

 *

 * @access    public

 * @param     string  $c  UTF-8的字符串信息

 * @return    string

 */

if ( ! function_exists('utf82u'))

{

    function utf82u($c)

    {

        switch(strlen($c))

        {

            case 1:

                return ord($c);

            case 2:

                $n = (ord($c[0]) & 0x3f) << 6;

                $n += ord($c[1]) & 0x3f;

                return $n;

            case 3:

                $n = (ord($c[0]) & 0x1f) << 12;

                $n += (ord($c[1]) & 0x3f) << 6;

                $n += ord($c[2]) & 0x3f;

                return $n;

            case 4:

                $n = (ord($c[0]) & 0x0f) << 18;

                $n += (ord($c[1]) & 0x3f) << 12;

                $n += (ord($c[2]) & 0x3f) << 6;

                $n += ord($c[3]) & 0x3f;

                return $n;

        }

    }

}

/**

 *  Big5码转换成GB码

 *

 * @access    public

 * @param     string   $Text  字符串内容

 * @return    string

 */

if ( ! function_exists('big52gb'))

{

    function big52gb($Text)

    {

        if(function_exists('iconv'))

        {

            return iconv('big5','gbk//ignore',$Text);

        }

        global $BIG5_DATA;

        if(empty($BIG5_DATA))

        {

            $filename = DEDEINC."/data/big5-gb.dat";

            $fp = fopen($filename, "rb");

            $BIG5_DATA = fread($fp,filesize($filename));

            fclose($fp);

        }

        $max = strlen($Text)-1;

        for($i=0;$i<$max;$i++)

        {

            $h = ord($Text[$i]);

            if($h>=0x80)

            {

                $l = ord($Text[$i+1]);

                if($h==161 && $l==64)

                {

                    $gbstr = " ";

                }

                else

                {

                    $p = ($h-160)*510+($l-1)*2;

                    $gbstr = $BIG5_DATA[$p].$BIG5_DATA[$p+1];

                }

                $Text[$i] = $gbstr[0];

                $Text[$i+1] = $gbstr[1];

                $i++;

            }

        }

        return $Text;

    }

}

/**

 *  GB码转换成Big5码

 *

 * @access    public

 * @param     string  $Text 字符串内容

 * @return    string

 */

if ( ! function_exists('gb2big5'))

{

    function gb2big5($Text)

    {

        if(function_exists('iconv'))

        {

            return iconv('gbk','big5//ignore',$Text);

        }

        global $GB_DATA;

        if(empty($GB_DATA))

        {

            $filename = DEDEINC."/data/gb-big5.dat";

            $fp = fopen($filename, "rb");

            $gb = fread($fp,filesize($filename));

            fclose($fp);

        }

        $max = strlen($Text)-1;

        for($i=0;$i<$max;$i++)

        {

            $h = ord($Text[$i]);

            if($h>=0x80)

            {

                $l = ord($Text[$i+1]);

                if($h==161 && $l==64)

                {

                    $big = " ";

                }

                else

                {

                    $p = ($h-160)*510+($l-1)*2;

                    $big = $GB_DATA[$p].$GB_DATA[$p+1];

                }

                $Text[$i] = $big[0];

                $Text[$i+1] = $big[1];

                $i++;

            }

        }

        return $Text;

    }

}

/**

 *  unicode url编码转gbk编码函数

 *

 * @access    public

 * @param     string  $str  转换的内容

 * @return    string

 */

if ( ! function_exists('UnicodeUrl2Gbk'))

{

    function UnicodeUrl2Gbk($str)

    {

        //载入对照词典

        if(!isset($GLOBALS['GbkUniDic']))

        {

            $fp = fopen(DEDEINC.'/data/gbk-unicode.dat','rb');

            while(!feof($fp))

            {

                $GLOBALS['GbkUniDic'][bin2hex(fread($fp,2))] = fread($fp,2);

            }

            fclose($fp);

        }

        //处理字符串

        $str = str_replace('$#$','+',$str);

        $glen = strlen($str);

        $okstr = "";

        for($i=0; $i < $glen; $i++)

        {

            if($glen-$i > 4)

            {

                if($str[$i]=='%' && $str[$i+1]=='u')

                {

                    $uni = strtolower(substr($str,$i+2,4));

                    $i = $i+5;

                    if(isset($GLOBALS['GbkUniDic'][$uni]))

                    {

                        $okstr .= $GLOBALS['GbkUniDic'][$uni];

                    }

                    else

                    {

                        $okstr .= "&#".hexdec('0x'.$uni).";";

                    }

                }

                else

                {

                    $okstr .= $str[$i];

                }

            }

            else

            {

                $okstr .= $str[$i];

            }

        }

        return $okstr;

    }

}

/**

 *  自动转换字符集 支持数组转换

 *

 * @access    public

 * @param     string  $str  转换的内容

 * @return    string

 */

if ( ! function_exists('AutoCharset'))

{

    function AutoCharset($fContents, $from='gbk', $to='utf-8')

    {

        $from   =  strtoupper($from)=='UTF8'? 'utf-8' : $from;

        $to       =  strtoupper($to)=='UTF8'? 'utf-8' : $to;

        if( strtoupper($from) === strtoupper($to) || empty($fContents) || (is_scalar($fContents) && !is_string($fContents)) ){

            //如果编码相同或者非字符串标量则不转换

            return $fContents;

        }

        if(is_string($fContents) )

        {

            if(function_exists('mb_convert_encoding'))

            {

                return mb_convert_encoding ($fContents, $to, $from);

            } elseif (function_exists('iconv'))

            {

                return iconv($from, $to, $fContents);

            } else {

                return $fContents;

            }

        }

        elseif(is_array($fContents))

        {

            foreach ( $fContents as $key => $val )

            {

                $_key =     AutoCharset($key,$from,$to);

                $fContents[$_key] = AutoCharset($val,$from,$to);

                if($key != $_key )

                    unset($fContents[$key]);

            }

            return $fContents;

        }

        else{

            return $fContents;

        }

    }

}

3.修复浏览器XSS hack的函数

/**

 *  XSS hack的函数

 *

 * @param     string   $val  需要处理的内容

 * @return    string

 */

if ( ! function_exists('RemoveXSS'))

{

    function RemoveXSS($val) {

       $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);

       $search = 'abcdefghijklmnopqrstuvwxyz';

       $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';

       $search .= '1234567890!@#$%^&*()';

       $search .= '~`";:?+/={}[]-_|\'\\';

       for ($i = 0; $i < strlen($search); $i++) {

          $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;

          $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;

       }

       $ra1 = array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base');

       $ra2 = array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload');

       $ra = array_merge($ra1, $ra2);

       $found = true;

       while ($found == true) {

          $val_before = $val;

          for ($i = 0; $i < sizeof($ra); $i++) {

             $pattern = '/';

             for ($j = 0; $j < strlen($ra[$i]); $j++) {

                if ($j > 0) {

                   $pattern .= '(';

                   $pattern .= '(&#[xX]0{0,8}([9ab]);)';

                   $pattern .= '|';

                   $pattern .= '|(&#0{0,8}([9|10|13]);)';

                   $pattern .= ')*';

                }

                $pattern .= $ra[$i][$j];

             }

             $pattern .= '/i';

             $replacement = substr($ra[$i], 0, 2).'<x>'.substr($ra[$i], 2);

             $val = preg_replace($pattern, $replacement, $val);

             if ($val_before == $val) {

                $found = false;

             }

          }

       }

       return $val;

    }

}

4.字符操作函数

<?php  if(!defined('DEDEINC')) exit('dedecms');

//拼音的缓冲数组

$pinyins = Array();

/**

 *  中文截取2,单字节截取模式

 *  如果是request的内容,必须使用这个函数

 *

 * @access    public

 * @param     string  $str  需要截取的字符串

 * @param     int  $slen  截取的长度

 * @param     int  $startdd  开始标记处

 * @return    string

 */

if ( ! function_exists('cn_substrR'))

{

    function cn_substrR($str, $slen, $startdd=0)

    {

        $str = cn_substr(stripslashes($str), $slen, $startdd);

        return addslashes($str);

    }

}

/**

 *  中文截取2,单字节截取模式

 *

 * @access    public

 * @param     string  $str  需要截取的字符串

 * @param     int  $slen  截取的长度

 * @param     int  $startdd  开始标记处

 * @return    string

 */

if ( ! function_exists('cn_substr'))

{

    function cn_substr($str, $slen, $startdd=0)

    {

        global $cfg_soft_lang;

        if($cfg_soft_lang=='utf-8')

        {

            return cn_substr_utf8($str, $slen, $startdd);

        }

        $restr = '';

        $c = '';

        $str_len = strlen($str);

        if($str_len < $startdd+1)

        {

            return '';

        }

        if($str_len < $startdd + $slen || $slen==0)

        {

            $slen = $str_len - $startdd;

        }

        $enddd = $startdd + $slen - 1;

        for($i=0;$i<$str_len;$i++)

        {

            if($startdd==0)

            {

                $restr .= $c;

            }

            else if($i > $startdd)

            {

                $restr .= $c;

            }

            if(ord($str[$i])>0x80)

            {

                if($str_len>$i+1)

                {

                    $c = $str[$i].$str[$i+1];

                }

                $i++;

            }

            else

            {

                $c = $str[$i];

            }

            if($i >= $enddd)

            {

                if(strlen($restr)+strlen($c)>$slen)

                {

                    break;

                }

                else

                {

                    $restr .= $c;

                    break;

                }

            }

        }

        return $restr;

    }

}

/**

 *  utf-8中文截取,单字节截取模式

 *

 * @access    public

 * @param     string  $str  需要截取的字符串

 * @param     int  $slen  截取的长度

 * @param     int  $startdd  开始标记处

 * @return    string

 */

if ( ! function_exists('cn_substr_utf8'))

{

    function cn_substr_utf8($str, $length, $start=0)

    {

        if(strlen($str) < $start+1)

        {

            return '';

        }

        preg_match_all("/./su", $str, $ar);

        $str = '';

        $tstr = '';

        //为了兼容mysql4.1以下版本,与数据库varchar一致,这里使用按字节截取

        for($i=0; isset($ar[0][$i]); $i++)

        {

            if(strlen($tstr) < $start)

            {

                $tstr .= $ar[0][$i];

            }

            else

            {

                if(strlen($str) < $length + strlen($ar[0][$i]) )

                {

                    $str .= $ar[0][$i];

                }

                else

                {

                    break;

                }

            }

        }

        return $str;

    }

}

/**

 *  HTML转换为文本

 *

 * @param    string  $str 需要转换的字符串

 * @param    string  $r   如果$r=0直接返回内容,否则需要使用反斜线引用字符串

 * @return   string

 */

if ( ! function_exists('Html2Text'))

{

    function Html2Text($str,$r=0)

    {

        if(!function_exists('SpHtml2Text'))

        {

            require_once(DEDEINC."/inc/inc_fun_funString.php");

        }

        if($r==0)

        {

            return SpHtml2Text($str);

        }

        else

        {

            $str = SpHtml2Text(stripslashes($str));

            return addslashes($str);

        }

    }

}

/**

 *  文本转HTML

 *

 * @param    string  $txt 需要转换的文本内容

 * @return   string

 */

if ( ! function_exists('Text2Html'))

{

    function Text2Html($txt)

    {

        $txt = str_replace("  ", " ", $txt);

        $txt = str_replace("<", "&lt;", $txt);

        $txt = str_replace(">", "&gt;", $txt);

        $txt = preg_replace("/[\r\n]{1,}/isU", "<br/>\r\n", $txt);

        return $txt;

    }

}

/**

 *  获取半角字符

 *

 * @param     string  $fnum  数字字符串

 * @return    string

 */

if ( ! function_exists('GetAlabNum'))

{

    function GetAlabNum($fnum)

    {

        $nums = array("0","1","2","3","4","5","6","7","8","9");

        //$fnums = "0123456789";

        $fnums = array("0","1","2","3","4","5","6","7","8","9");

        $fnum = str_replace($nums, $fnums, $fnum);

        $fnum = preg_replace("/[^0-9\.-]/", '', $fnum);

        if($fnum=='')

        {

            $fnum=0;

        }

        return $fnum;

    }

}

/**

 *  获取拼音以gbk编码为准

 *

 * @access    public

 * @param     string  $str     字符串信息

 * @param     int     $ishead  是否取头字母

 * @param     int     $isclose 是否关闭字符串资源

 * @return    string

 */

if ( ! function_exists('GetPinyin'))

{

    function GetPinyin($str, $ishead=0, $isclose=1)

    {

        global $cfg_soft_lang;

        if(!function_exists('SpGetPinyin'))

        {

            //全局函数仅是inc_fun_funAdmin.php文件中函数的一个映射

            require_once(DEDEINC."/inc/inc_fun_funAdmin.php");

        }

        if($cfg_soft_lang=='utf-8')

        {

            return SpGetPinyin(utf82gb($str), $ishead, $isclose);

        }

        else

        {

            return SpGetPinyin($str, $ishead, $isclose);

        }

    }

}

/**

 *  将实体html代码转换成标准html代码(兼容php4)

 *

 * @access    public

 * @param     string  $str     字符串信息

 * @param     long    $options  替换的字符集

 * @return    string

 */

if ( ! function_exists('htmlspecialchars_decode'))

{

        function htmlspecialchars_decode($str, $options=ENT_COMPAT) {

                $trans = get_html_translation_table(HTML_SPECIALCHARS, $options);

                $decode = ARRAY();

                foreach ($trans AS $char=>$entity) {

                        $decode[$entity] = $char;

                }

                $str = strtr($str, $decode);

                return $str;

        }

}

if ( ! function_exists('ubb'))

{

    function ubb($Text) {

          $Text=trim($Text);

          //$Text=htmlspecialchars($Text);

          //$Text=ereg_replace("\n","<br>",$Text);

          $Text=preg_replace("/\\t/is","  ",$Text);

          $Text=preg_replace("/\[hr\]/is","<hr>",$Text);

          $Text=preg_replace("/\[separator\]/is","<br/>",$Text);

          $Text=preg_replace("/\[h1\](.+?)\[\/h1\]/is","<h1>\\1</h1>",$Text);

          $Text=preg_replace("/\[h2\](.+?)\[\/h2\]/is","<h2>\\1</h2>",$Text);

          $Text=preg_replace("/\[h3\](.+?)\[\/h3\]/is","<h3>\\1</h3>",$Text);

          $Text=preg_replace("/\[h4\](.+?)\[\/h4\]/is","<h4>\\1</h4>",$Text);

          $Text=preg_replace("/\[h5\](.+?)\[\/h5\]/is","<h5>\\1</h5>",$Text);

          $Text=preg_replace("/\[h6\](.+?)\[\/h6\]/is","<h6>\\1</h6>",$Text);

          $Text=preg_replace("/\[center\](.+?)\[\/center\]/is","<center>\\1</center>",$Text);

          //$Text=preg_replace("/\[url=([^\[]*)\](.+?)\[\/url\]/is","<a href=\\1 target='_blank'>\\2</a>",$Text);

          $Text=preg_replace("/\[url\](.+?)\[\/url\]/is","<a href=\"\\1\" target='_blank'>\\1</a>",$Text);

          $Text=preg_replace("/\[url=(http:\/\/.+?)\](.+?)\[\/url\]/is","<a href='\\1' target='_blank'>\\2</a>",$Text);

          $Text=preg_replace("/\[url=(.+?)\](.+?)\[\/url\]/is","<a href=\\1>\\2</a>",$Text);

          $Text=preg_replace("/\[img\](.+?)\[\/img\]/is","<img src=\\1>",$Text);

          $Text=preg_replace("/\[img\s(.+?)\](.+?)\[\/img\]/is","<img \\1 src=\\2>",$Text);

          $Text=preg_replace("/\[color=(.+?)\](.+?)\[\/color\]/is","<font color=\\1>\\2</font>",$Text);

          $Text=preg_replace("/\[colorTxt\](.+?)\[\/colorTxt\]/eis","color_txt('\\1')",$Text);

          $Text=preg_replace("/\[style=(.+?)\](.+?)\[\/style\]/is","<div class='\\1'>\\2</div>",$Text);

          $Text=preg_replace("/\[size=(.+?)\](.+?)\[\/size\]/is","<font size=\\1>\\2</font>",$Text);

          $Text=preg_replace("/\[sup\](.+?)\[\/sup\]/is","<sup>\\1</sup>",$Text);

          $Text=preg_replace("/\[sub\](.+?)\[\/sub\]/is","<sub>\\1</sub>",$Text);

          $Text=preg_replace("/\[pre\](.+?)\[\/pre\]/is","<pre>\\1</pre>",$Text);

          $Text=preg_replace("/\[emot\](.+?)\[\/emot\]/eis","emot('\\1')",$Text);

          $Text=preg_replace("/\[email\](.+?)\[\/email\]/is","<a href='mailto:\\1'>\\1</a>",$Text);

          $Text=preg_replace("/\[i\](.+?)\[\/i\]/is","<i>\\1</i>",$Text);

          $Text=preg_replace("/\[u\](.+?)\[\/u\]/is","<u>\\1</u>",$Text);

          $Text=preg_replace("/\[b\](.+?)\[\/b\]/is","<b>\\1</b>",$Text);

          $Text=preg_replace("/\[quote\](.+?)\[\/quote\]/is","<blockquote>引用:<div style='border:1px solid silver;background:#EFFFDF;color:#393939;padding:5px' >\\1</div></blockquote>", $Text);

          $Text=preg_replace("/\[sig\](.+?)\[\/sig\]/is","<div style='text-align: left; color: darkgreen; margin-left: 5%'><br><br>--------------------------<br>\\1<br>--------------------------</div>", $Text);

          return $Text;

    }

}

部分内容引自:

http://www.neatstudio.com/show-378-1.shtml

附件下载地址:

http://files.cnblogs.com/mengdejun/data.zip

dedecms功能性函数封装(XSS过滤、编码、浏览器XSS hack、字符操作函数)的更多相关文章

  1. SQL_字符操作函数

    原创作品.出自 "深蓝的blog" 博客.欢迎转载,转载时请务必注明下面出处,否则追究版权法律责任. 深蓝的blog:http://blog.csdn.net/huangyanlo ...

  2. ctype.h库函数----字符操作函数

    在c++中使用时:  #include <cctype> 字符判断函数 1.isalnum函数--判断是否是英文字母或数字字符,如果是,则返回非0值,如果不是,则返回0. 函数参数 :可以 ...

  3. C语言-字符操作函数

    1字符数组的初始化: 1.1 char string={'c','h','i','n','a'} 1.2char string={"china"}或者去掉{}即char strin ...

  4. ACM编程技巧--常用字符操作函数

    字符串与基本数据类型的转换 int sscanf(buff,"%d%d",&a,&b); //返回值是参数个数 int sprintf(buff,"%d% ...

  5. js cookie创建读取删除函数封装

    js cookie创建读取删除函数封装 一.总结 都是为了方便操作,这样弄了很方便 1.创建cookie的函数封装的作用:方便设置过期时间expire,方便设置键和值 2.查询cookie的数据封装的 ...

  6. MYSQL常用操作函数的封装

    1.mysql常用函数封装文件:mysql.func.php <?php /** * 连接MYSQL函数 * @param string $host * @param string $usern ...

  7. linux makefile字符串操作函数 替换subst、模式替换patsubst、去首尾空格strip、查找字符串findstring、过滤filter、反过滤filter-out、排序函数sort、取单词word、取单词串wordlist、个数统计words

    1.1       字符操作函数使用 在Makefile中可以使用函数来处理变量,从而让我们的命令或是规则更为的灵活和具有智能.make所支持的函数也不算很多,不过已经足够我们的操作了.函数调用后,函 ...

  8. 跟着ALEX 学python day3集合 文件操作 函数和函数式编程 内置函数

    声明 : 文档内容学习于 http://www.cnblogs.com/xiaozhiqi/  一. 集合 集合是一个无序的,不重复的数据组合,主要作用如下 1.去重 把一个列表变成集合 ,就自动去重 ...

  9. 文件操作(FILE)与常用文件操作函数

    文件 1.文件基本概念 C程序把文件分为ASCII文件和二进制文件,ASCII文件又称文本文件,二进制文件和文本文件(也称ASCII码文件)二进制文件中,数值型数据是以二进制形式存储的, 而在文本文件 ...

随机推荐

  1. 软件设计Tips

    模块-----角色----用户----部门 | |    ------权限 | 系统管理-------业务管理-------报表展示 | |         --------------------待 ...

  2. Linux学习记录

    ---恢复内容开始--- linux与unix的关系 linux是借鉴了unix设计思想,也称linux位类unix系统. Linux常用命令 1.命令基本格式 命令[选项][参数] 注意:个别命令不 ...

  3. [转]程序员趣味读物:谈谈Unicode编码

    from : http://pcedu.pconline.com.cn/empolder/gj/other/0505/616631_all.html#content_page_1 这是一篇程序员写给程 ...

  4. 修复win10升级时断电inaccessible boot device

    代码提示0xc0000001 这里的解决方法对系统以及个人的没有文件丢失的影响,没有重装以及重置上丢失东西的顾虑 解决方法: WINDOWS/system32/config/RegBack/SYSTE ...

  5. Servlet引擎tomcat之安装

    原文来自:https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-ubuntu-14-04 ...

  6. 利用set排序数组并且去掉重复的数组元素

    public class testList { public static void main(String[] args){ java.util.List<String> ls = ne ...

  7. 通过JSch编写上传、下载文件

    package com.hct.util; /** * @作者: HCT * @时间:2016年12月29日下午3:13:20 * @描述: * */ import java.io.*; import ...

  8. pkcs1与pkcs8格式RSA私钥互相转换

    转自:http://blog.csdn.net/duan19056/article/details/52104966 1.PKCS1私钥生成 openssl genrsa -out private.k ...

  9. 如何在vim里删除空行?

    删除空行,进入底行模式 :g/^$/d ^代表首列 $代表尾列 d代表删除 g代表全局替换

  10. Quartz任务调度基本使用

    转自:http://www.cnblogs.com/bingoidea/archive/2009/08/05/1539656.html 上一篇:定时器的实现.Java定时器Timer和Quartz介绍 ...