clean_key($k); if( is_array($HTTP_GET_VARS[$k]) ) { while( list($k2, $v2) = each($HTTP_GET_VARS[$k]) ) { $return[$k][ $this->clean_key($k2) ] = $this->clean_value($v2); } } else { $return[$k] = $this->clean_value($v); } } } // --------------------------------------------------------------------- // 如果GET和POST存在相同的变量,用POST的值覆盖GET的值 // --------------------------------------------------------------------- if( is_array($HTTP_POST_VARS) ) { while( list($k, $v) = each($HTTP_POST_VARS) ) { // echo $k,$v; //$k = $this->clean_key($k); if ( is_array($HTTP_POST_VARS[$k]) ) { while( list($k2, $v2) = each($HTTP_POST_VARS[$k]) ) { $return[$k][ $this->clean_key($k2) ] = $this->clean_value($v2); } } else { $return[$k] = $this->clean_value($v); } } } // --------------------------------------------------------------------- // 取出访问者的IP地址 // --------------------------------------------------------------------- $return['IP_ADDRESS'] = $this->select_var( array( 1 => $_SERVER['REMOTE_ADDR'], 2 => $HTTP_X_FORWARDED_FOR, 3 => $HTTP_PROXY_USER, 4 => $REMOTE_ADDR ) ); // --------------------------------------------------------------------- // 取出有效的地址 // --------------------------------------------------------------------- $return['IP_ADDRESS'] = preg_replace( "/^([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})/", "\\1.\\2.\\3.\\4", $return['IP_ADDRESS'] ); $return['request_method'] = ( $_SERVER['REQUEST_METHOD'] != "" ) ? strtolower($_SERVER['REQUEST_METHOD']) : strtolower($REQUEST_METHOD); return $return; } // --------------------------------------------------------------------- // // 清除有害的递交参数 // // --------------------------------------------------------------------- function clean_key($key) { if ($key == "") { return ""; } // $key = preg_replace( "/\.\./" , "" , $key ); // $key = preg_replace( "/\_\_(.+?)\_\_/" , "" , $key ); // $key = preg_replace( "/^([\w\.\-\_]+)$/", "$1", $key ); return $key; } // --------------------------------------------------------------------- // // 清除有害的递交参数值 // // --------------------------------------------------------------------- function clean_value($val) { if ($val == "") { return ""; } /* $val = str_replace( " " , " " , $val ); $val = str_replace( " " , " " , $val ); // $val = str_replace( "&" , "&" , $val ); $val = str_replace( "@" , "@" , $val ); // $val = str_replace( "" , "-->" , $val ); $val = preg_replace( "/