2013-12-03 23:06 阅读 64

PHP filter_strip_low / high允许将控制字符转换为字符串

Hey guys you'll have to run this to see what I'm talking about, but I am getting either low or high control characters into my strings using the below code, I recommend running it through a bash terminal as this is how I am seeing glyph like characters.

To my knowledge this should be happening? How are these character escaping the filter?

$i=0; while ($i++ <= 20)

    echo 'STR: ' .filter_var(openssl_random_pseudo_bytes(100), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH) . "

Example, I'm not sure if you can see the [] after the character sequence js*w but that is pretty much what I'm talking about, it was my opinion that it should have been filtered out with the rest of the high/low stuff

STR: &#60;|f)/KZ2|36rb2&#60;.9|X3 js*wjZ6Dp-f8R[/O/VY
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

1条回答 默认 最新

  • 已采纳
    dongtan6695 dongtan6695 2013-12-04 06:13

    FILTER_FLAG_STRIP_LOW: Strips characters that has a numerical value <32. FILTER_FLAG_STRIP_HIGH: Strips characters that has a numerical value >127.

    ord("[") returns 91, and ord("]") returns 93 so they should not be filtered out

    点赞 评论 复制链接分享