ASP安全检测类
作者:孤劍
時間:2006-9-27
<%
?class security
??Private p_InvaildWords
??Private p_hError,p_Hex,p_errDetails
??Private p_msg
??Private P_ipAdd
??
??Private Sub Class_Initialize
???p_hError=&H00000000
???p_msg=""
???p_Hex=TRUE
???p_errDetails=false
???p_InvaildWords="from|select|update|delete|insert|--|;|'|#|%|xp|cmd|shell|drop|create"
??End Sub
??
??rem **********************************************************************
??rem 系統屬性定義區域
??public property get Version()
???version="Security 2.0.1.24"
??end property
??rem ----------------------------------------------------------------------
??
??public property let Filter(words)
???if(lcase(left(trim(words),7))="default") then
????p_InvaildWords =p_InvaildWords & right(trim(words),len(trim(words))-7)
???else
????p_InvaildWords=words
???end if
??end property
??rem ----------------------------------------------------------------------
??
??'**********************************
??'?獲得此過程中產生的錯誤信息
??'----------------------------------
??Public property let HexError(hnum)?'2006-9-18 添加編碼屬性
???if(isnumeric(hnum)) then
????if(cint(hnum)=16) then?p_hex=true
???end if
??End Property
??rem ----------------------------------------------------------------------??
??Public property let ShowErrorNum(value)?'2006-09-18 添加條事實顯示詳細的錯誤信息
???if(value) then
????p_errdetails=true
???else
????p_errdetails=false
???end if
??End Property??
??rem ----------------------------------------------------------------------?
??Public Property Get ErrNum()
???If?(p_hex) then?'Hex Code
????ErrNum=hex(p_hError)
???Else
????ErrNum=p_hError?'D Code
???End if
??End Property
??rem ----------------------------------------------------------------------??
??Public Property Get ErrDescription()
???if(len(trim(p_msg))<1) then
????ErrDescription="<li>系統正常!</li>"
???else
????ErrDescription=p_msg
???end if
??End Property
??'***********************************
??rem ----------------------------------------------------------------------
??rem 屬性定義結束
??rem **********************************************************************
??
??rem **********************************************************************
??rem 功能函數
??'******************************
??'名稱: ChkPost
??'參數:NULL
??'返回值:True:本站/False:未知來源
??'創建時間:2005年5月5日
??'作用:檢查被提交的數據來源
??'******************************
??Public Function ChkPost()
???Dim Server_v1,Server_v2
???ChkPost=false
???Server_v1=CStr(Request.ServerVariables("HTTP_REFERER"))
???Server_v2=CStr(Request.ServerVariables("SERVER_NAME"))
???If Mid(Server_v1,8,Len(Server_v2))=Server_v2 Then ?
????ChkPost=True
???else
????p_hError=&H11010301
????p_msg=p_msg & "<li><font color=red>數據來源不確定,請從常規入口進入!</font>"
????if?(p_errDetails) then p_msg=p_msg & "(錯誤碼:"& hex(p_hError) &")"
????p_msg =p_msg & "</li>"
???end if
??End Function
??rem ----------------------------------------------------------------------
?
??'******************************
??'名稱: ChkInvStr
??'參數:Str
??'返回值:True(有特殊字符)/False(無特殊字符)
??'創建時間:2006年9月16日
??'作用:檢查參數是否有非法字符
??'******************************
??Public Function ChkInvStr(Str)
???Rem 定義需要過濾得非法字符
???Dim InvaildWord,inWords,i
???Dim m_msg
???m_msg=""
???Str=CStr(Str)
???ChkInvStr=FALSE
???If Len(Replace(p_InvaildWords,Chr(0),""))<1 Then
????p_hError=&H10010001
????p_msg =m_msg & "<li>系統設置有誤!"
????if?(p_errDetails) then p_msg=p_msg & "(錯誤碼:"& hex(p_hError) &")"????
????p_msg = p_msg & "</li>"
???Else
????InvaildWord=Split(p_InvaildWords,"|")
????inWords=LCase(Trim(Str))
????For i=LBound(InvaildWord) To UBound(InvaildWord)
?????If Instr(inWords,trim(InvaildWord(i)))>0 and len(InvaildWord(i))>0 Then
??????p_hError=&H11010102?'發現非法字符
??????m_msg = m_msg & " <font color=""red"">" & InvaildWord(i) & "</font> "
?????End If
????Next
???End If
???if (p_hError=&H11010102) then
????p_msg=p_msg &"<li>"& m_msg & " 是被系統禁止的."
????if?(p_errDetails) then p_msg=p_msg & "(錯誤碼:"& hex(p_hError) &")"
????p_msg =p_msg & "</li>"
????ChkInvStr=TRUE
???end if
??End Function
??rem ----------------------------------------------------------------------
?
??'******************************
??'名稱: GetIP
??'參數:NULL
??'返回值:NULL
??'創建時間:2005年5月3日
??'作用:得到用戶的ip地址
??'******************************
??Public Function GetIP()
???p_IpAdd=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
???If IsNull(p_IpAdd) OR p_IpAdd="" Then
????p_IpAdd=Request.ServerVariables("REMOTE_ADDR")
???else
????p_herror=&H11010201
????p_msg =p_msg & "<li>您使用了代理 "
????if?(p_errDetails) then p_msg=p_msg & "(錯誤碼:"& hex(p_hError) &")"
????p_msg =p_msg & "</li>"
???End If
???GetIp=p_IpAdd
??End Function
??rem ----------------------------------------------------------------------
??rem **********************************************************************?
??
?end class
%>
轉載于:https://www.cnblogs.com/AloneSword/archive/2006/09/30/2237574.html
《新程序員》:云原生和全面數字化實踐50位技術專家共同創作,文字、視頻、音頻交互閱讀總結
- 上一篇: [导入]web2.0中流行的设计元素:颜
- 下一篇: 让你的主机运行ASP.NET 2.0 A