当前位置: 文江博客 话题详情

嵌入代码正则表达式不起作用

发布于 2024-09-15 08:32:05 字数 1173 浏览 3 评论 0 原文

我编写了一个正则表达式,以便提取用户输入的值并替换一些高度和宽度值并保留网址。这样就可以将其安全地添加到数据库中。

这就是我到目前为止所拥有的(只是试图让 preg_match 返回一个 TRUE 值)

$test ='<object height="81" width="100%"> <param name="movie" value="http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false"></param> <param name="allowscriptaccess" value="always"></param> <embed allowscriptaccess="always" height="81" src="http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false" type="application/x-shockwave-flash" width="100%"></embed> </object>'; 
  if (preg_match('/<object height=\"[0-9]*\" width=\"[0-9]*\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowscriptaccess\" value=\"always\"><\/param><embed allowscriptaccess=\"always\" height=\"[0-9]*\" src=\".*\" type=\"application\/x-shockwave-flash\" width=\"100%\"><\/embed><\/object>/', $test)) {

$embed = $test;

} else {

$embed = 'FALSE';

}

我似乎在验证中做了一些错误的事情,因为它总是返回 false。

原文

I have a regular expression that I have written in order to extract values that a user enters and replace some height and width values and keep the urls. This is so it can be safely added to a database.

This is what I have so far (just trying to get the preg_match to return a TRUE value)

$test ='<object height="81" width="100%"> <param name="movie" value="http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false"></param> <param name="allowscriptaccess" value="always"></param> <embed allowscriptaccess="always" height="81" src="http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false" type="application/x-shockwave-flash" width="100%"></embed> </object>'; 
  if (preg_match('/<object height=\"[0-9]*\" width=\"[0-9]*\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowscriptaccess\" value=\"always\"><\/param><embed allowscriptaccess=\"always\" height=\"[0-9]*\" src=\".*\" type=\"application\/x-shockwave-flash\" width=\"100%\"><\/embed><\/object>/', $test)) {

$embed = $test;

} else {

$embed = 'FALSE';

}

I seem to have done something wrong in the validation, as it always returns false.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

殤城〤 2024-09-22 08:32:05

我看到的第一件事会失败的是:

width="100%"  will not match /width=\"[0-9]*\"/

我不知道正则表达式的确切 PHP 定义;但我不确定这是否会匹配(正则表达式中的空格可能与目标文本中的零个或多个空格匹配,但反之则行不通):

> <param      will not match (probably) /><param/

如您所见,使用正则表达式解析 XML 非常困难且容易出错.
您真正想做的是使用 XML SAX 解析器。

试试这个:PS 我的 PHP 不是很好,所以它可能包含错误。

附言。长 URL 未正确编码为 XML。我在这里使用 urlencode() 只是为了停止错误消息。我没有检查这是否有意义。

<?php

$test = '<object height="81" width="100%">'
            .'<param name="movie" value="'
                .urlencode('http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false')
            .'">'
            .'</param>'
            .'<param name="allowscriptaccess" value="always">'
            .'</param>'
            .'<embed allowscriptaccess="always" height="81" src="'
                .urlencode('http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false')
                .'" type="application/x-shockwave-flash" width="100%">'
            .'</embed>'
        .'</object>';

function JustPrint($parser,$data)
{
    print $data;
}

function OpenTag($parser,$name ,$attribs)
{
    // For special tags add a new attribute.
    if (strcasecmp($name, "object") == 0)
    {
        $attribs['Martin'] = 'York';
    }


    // Print the tag.
    print "<$name ";
    foreach ($attribs as $loop => $value)
    {
        print "$loop=\"$value\" ";
    }
    print ">\n";
}

function CloseTag($parser,$name)
{
    print "<$name/>\n";
}

$xmlParser  =  xml_parser_create();
xml_set_default_handler($xmlParser ,'JustPrint'  );
xml_set_element_handler($xmlParser, 'OpenTag'  , 'CloseTag'  );
xml_parse($xmlParser, $test);

?>

The first thing I see that will fail is:

width="100%"  will not match /width=\"[0-9]*\"/

I don't know the exact PHP definition of regular expression; But I am not sure this will match (A space in the reg-expression may match zero or more spaces in the target text but the other way around will not work):

> <param      will not match (probably) /><param/

As you can see parsing XML with regular expressions is hard and error prone.
What you really want to do is use an XML SAX parser.

Try this: PS my PHP is not great so it could contain mistakes.

PS. The long URLs were not encoded correctly for XML. I used urlencode() here just to stop the error messages. I did not check to see if that made sense.

<?php

$test = '<object height="81" width="100%">'
            .'<param name="movie" value="'
                .urlencode('http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false')
            .'">'
            .'</param>'
            .'<param name="allowscriptaccess" value="always">'
            .'</param>'
            .'<embed allowscriptaccess="always" height="81" src="'
                .urlencode('http://player.soundcloud.com/player.swf?url=http%3A%2F%2Fsoundcloud.com%2Ftheshiverman%2Fsummer-beats-july-2010&secret_url=false')
                .'" type="application/x-shockwave-flash" width="100%">'
            .'</embed>'
        .'</object>';

function JustPrint($parser,$data)
{
    print $data;
}

function OpenTag($parser,$name ,$attribs)
{
    // For special tags add a new attribute.
    if (strcasecmp($name, "object") == 0)
    {
        $attribs['Martin'] = 'York';
    }


    // Print the tag.
    print "<$name ";
    foreach ($attribs as $loop => $value)
    {
        print "$loop=\"$value\" ";
    }
    print ">\n";
}

function CloseTag($parser,$name)
{
    print "<$name/>\n";
}

$xmlParser  =  xml_parser_create();
xml_set_default_handler($xmlParser ,'JustPrint'  );
xml_set_element_handler($xmlParser, 'OpenTag'  , 'CloseTag'  );
xml_parse($xmlParser, $test);

?>
回复 原文
狼性发作 2024-09-22 08:32:05

这就是我使用的,将 $url 替换为您使用的任何变量:

if ( strtolower(str_ireplace('www.', '', parse_url($url, PHP_URL_HOST))) == 'soundcloud.com' ) { ?>
    <embed id="swf_u621112_1" width="890" height="84" flashvars="width=398&height=84" wmode="opaque" salign="tl" allowscriptaccess="never    " allowfullscreen="true" scale="scale" quality="high" bgcolor="#FFFFFF" name="swf_u621112_1" style="" src="http://player.soundcloud.com/p    layer.swf?url=<?php echo htmlspecialchars(urlencode($url)) ?>" type="application/x-shockwave-flash">
<?php
}

This is what i use, replace $url by whatever var you are using:

if ( strtolower(str_ireplace('www.', '', parse_url($url, PHP_URL_HOST))) == 'soundcloud.com' ) { ?>
    <embed id="swf_u621112_1" width="890" height="84" flashvars="width=398&height=84" wmode="opaque" salign="tl" allowscriptaccess="never    " allowfullscreen="true" scale="scale" quality="high" bgcolor="#FFFFFF" name="swf_u621112_1" style="" src="http://player.soundcloud.com/p    layer.swf?url=<?php echo htmlspecialchars(urlencode($url)) ?>" type="application/x-shockwave-flash">
<?php
}
回复 原文
驱逐舰岛风号 2024-09-22 08:32:05

如果您想要做的是允许用户为您提供 SoundCloud 嵌入,同时您保留设置播放器样式的权利,您可能需要研究 SoundCloud 很好支持的 oEmbed (参见此处)和其他各方。这样,用户只需输入他们的正常跟踪 URL,您就可以根据需要在后端解析这些 URL。

另外,请记住,具有不同 顺序的嵌入代码仍然是有效的嵌入代码,但很难与正则表达式匹配

If what you want to do is allow the user to give you SoundCloud embeds while you retain the rights to style the players, you might want to look into oEmbed which is well supported by SoundCloud (see here) and other parties. This way, users just enter their normal track URLs and you can resolve those in the backend as you see fit.

Also, keep in mind that an embed code with a different order of <param>'s is still a valid embed code but would be very difficult to match with a regex

回复 原文
折戟 2024-09-22 08:32:05

如果可能的话,我不想操纵它(只需替换高度值。我希望它保持原样,我使用正则表达式来最小化sql注入并确保它是嵌入代码。

它不仅仅是被视为字符串并保持原样,但要检查某些内容?

例如,这适用于 YouTube 嵌入链接:

/preg_match(<object width=\"([0-9]*)\" height=\"([0-9]*)\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowFullScreen\" value=\".*\"><\/param><param name=\"allowscriptaccess\" value=\".*\"><\/param><embed src=\".*\" type=\".*\" allowscriptaccess=\".*\" allowfullscreen=\".*\" width=\"[0-9]*\" height=\"[0-9]*\"><\/embed><\/object>/',$test,$preg_out)

preg_match[0]
预匹配[1]
preg_match[3]

返回对象的宽度高度和 url。

I don't want to manipulate it if possible (just replace the height values. I want it to stay exactly like it is, I'm using regular expressions to mimimise sql injections and make sure it is an embed code.

Can it not just be treated like a string and kept exactly as it is, but checked against something?

For instance, this works with a youtube embed link:

/preg_match(<object width=\"([0-9]*)\" height=\"([0-9]*)\"><param name=\"movie\" value=\"(.*)\"><\/param><param name=\"allowFullScreen\" value=\".*\"><\/param><param name=\"allowscriptaccess\" value=\".*\"><\/param><embed src=\".*\" type=\".*\" allowscriptaccess=\".*\" allowfullscreen=\".*\" width=\"[0-9]*\" height=\"[0-9]*\"><\/embed><\/object>/',$test,$preg_out)

preg_match[0]
preg_match[1]
preg_match[3]

return the width height and the url of the object.

回复 原文
~没有更多了~

关于作者

池予

暂无简介

0 文章
0 评论
23 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

linfzu01

文章 0 评论 0

§对你不离不弃

文章 0 评论 0

可遇━不可求

文章 0 评论 0

枕梦

文章 0 评论 0

qq_3LFa8Q

文章 0 评论 0

JP

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文