• 자동로그인

보안클래스(security) Sample

<?php
/**
 * Xss Class
 *
 * Created on 2011. 11. 16.
 * @author 불의회상 <hoksi2k@hanmail.net>
 * @package library
 * @subpackage controllers
 * @version 1.0
 */
class Xss_lib extends CI_Controller {
	function __construct() {
		parent::__construct();
	}
	
	function index() {
		$data = array();

		if($this->input->post('test')) {
			$data['no_xss'] = $this->input->post('test'); 
			// XSS를 수동으로 처리
			$data['xss_clean'] = $this->security->xss_clean($this->input->post('test'));
			// 두번째 인자를 TRUE로 한 경우 안전한 이미지 인지 확인
			// $data['safe_image'] = $this->security->xss_clean();
			
			// $this->input->post의 경우 두번째 인자를 TRUE로 설정하여 XSS를 처리 가능
			$data['post_xss'] = $this->input->post('test', TRUE);
			
			// 안전한 파일명 가져오기
		}

		$this->load->view('xss_lib_sample', $data);
	}
}
<?php $this->load->view('inc/header')?>

<table class="tablesorter" border="0" cellpadding="0" cellspacing="1">
<thead>
<tr>
  <th style="text-align:center" colspan="2">Test 데이타</th>
</tr>
</thead>
<form method="post" action="<?=site_url('xss_lib')?>">
<tr>
  <td>XSS 가능 데이타</td>
  <td>
    <textarea name="test" rows="8" class="input-block-level"><a href="<a target="_blank" class="con_link"  href="http://sample.com/comment.cgi?comment=<script>악성코드</script>" target="_blank">http://sample.com/comment.cgi?comment=<script>악성코드</script></a>"> Click here</a>
<iframe src=<a target="_blank" class="con_link"  href="http://sample.com/~bbs/hack.htm" >http://sample.com/~bbs/hack.htm</a> <font color="#000000"><span style="FONT-FAMILY: 957317_9; FONT-SIZE: 9pt">name</span></font>="Click here" width=0 heigth=0frameborder=0></iframe></textarea><br/>
    <input type="submit"/>
  </td>
</tr>
</form>
<?php if($this->input->post('test')):?>
<thead>
<tr>
  <th style="text-align:center" width="20%">구분</th>
  <th width="80%">결과</th>
</tr>
</thead>
<tr>
	<td>$this->input->post('test')</td>
	<td><textarea rows="8" class="input-block-level"><?php echo $no_xss?></textarea></td>
</tr>
<tr>
	<td>$this->security->xss_clean($this->input->post('test'))</td>
	<td><textarea rows="8" class="input-block-level"><?php echo $xss_clean?></textarea></td>
</tr>
<tr>
	<td>$this->input->post('test', TRUE)</td>
	<td><textarea rows="8" class="input-block-level"><?php echo $xss_clean?></textarea></td>
</tr>
<?php endif;?>
</table>

<?php $this->load->view('inc/footer')?>

© Copyright by hoksi(Page rendered in 0.0066 seconds)