| [ Index ] |
|
Code source de GeekLog 1.4.1 |
[Code source] [Imprimer] [Statistiques]
Class file for PHP4 OOP version of kses This is an updated version of kses to work with PHP4 that works under E_STRICT.
| Poids: | 1160 lignes (34 kb) |
| Inclus ou requis: | 0 fois |
| Référencé: | 0 fois |
| Nécessite: | 0 fichiers |
kses4:: (30 méthodes):
kses4()
Parse()
AddProtocols()
Protocols()
AddProtocol()
SetProtocols()
DumpProtocols()
DumpElements()
AddHTML()
RemoveProtocol()
RemoveProtocols()
_no_null()
_js_entities()
_normalize_entities()
_normalize_entities2()
_hook()
filterKsesTextHook()
_array_lc()
_split()
_split2()
_attr()
_hair()
_bad_protocol()
_bad_protocol_once()
_bad_protocol_once2()
_check_attr_val()
_stripslashes()
_html_error()
_decode_entities()
_version()
| kses4() X-Ref |
| Constructor for kses. This sets a default collection of protocols allowed in links, and creates an empty set of allowed HTML tags. |
| Parse($string = "") X-Ref |
| Basic task of kses - parses $string and strips it as required. This method strips all the disallowed (X)HTML tags, attributes and protocols from the input $string. param: string $string String to be stripped of 'evil scripts' return: string The stripped string |
| AddProtocols() X-Ref |
| Allows for single/batch addition of protocols This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored. The argument will be processed, and each string will be added via AddProtocol(). param: mixed , A string or array of protocols that will be added to the internal list of allowed protocols. return: bool Status of adding valid protocols. |
| Protocols() X-Ref |
| Allows for single/batch addition of protocols return: bool |
| AddProtocol($protocol = "") X-Ref |
| Adds a single protocol to $this->allowed_protocols. This method accepts a string argument and adds it to the list of allowed protocols to keep when performing Parse(). param: string $protocol The name of the protocol to be added. return: bool Status of adding valid protocol. |
| SetProtocols() X-Ref |
| Allows for single/batch replacement of protocols This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored. Existing protocols will be removed, then the argument will be processed, and each string will be added via AddProtocol(). param: mixed , A string or array of protocols that will be the new internal list of allowed protocols. return: bool Status of replacing valid protocols. |
| DumpProtocols() X-Ref |
| Raw dump of allowed protocols This returns an indexed array of allowed protocols for a particular KSES instantiation. return: array The list of allowed protocols. |
| DumpElements() X-Ref |
| Raw dump of allowed (X)HTML elements This returns an indexed array of allowed (X)HTML elements and attributes for a particular KSES instantiation. return: array The list of allowed elements. |
| AddHTML($tag = "", $attribs = array() X-Ref |
| Adds valid (X)HTML with corresponding attributes that will be kept when stripping 'evil scripts'. This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored. param: string $tag (X)HTML tag that will be allowed after stripping text. param: array $attribs Associative array of allowed attributes - key => attribute name - value => attribute parameter return: bool Status of Adding (X)HTML and attributes. |
| RemoveProtocol($protocol = "") X-Ref |
| Removes a single protocol from $this->allowed_protocols. This method accepts a string argument and removes it from the list of allowed protocols to keep when performing Parse(). param: string $protocol The name of the protocol to be removed. return: bool Status of removing valid protocol. |
| RemoveProtocols() X-Ref |
| Allows for single/batch removal of protocols This method accepts one argument that can be either a string or an array of strings. Invalid data will be ignored. The argument will be processed, and each string will be removed via RemoveProtocol(). param: mixed , A string or array of protocols that will be removed from the internal list of allowed protocols. return: bool Status of removing valid protocols. |
| _no_null($string) X-Ref |
| This method removes any NULL or characters in $string. param: string $string return: string String without any NULL/chr(173) |
| _js_entities($string) X-Ref |
| This function removes the HTML JavaScript entities found in early versions of Netscape 4. param: string $string return: string String without any NULL/chr(173) |
| _normalize_entities($string) X-Ref |
| Normalizes HTML entities This function normalizes HTML entities. It will convert "AT&T" to the correct "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on. param: string $string return: string String with normalized entities |
| _normalize_entities2($i) X-Ref |
| Helper method used by normalizeEntites() This method helps normalizeEntities() to only accept 16 bit values and nothing more for &#number; entities. This method helps normalize_entities() during a preg_replace() where a &#(0)*XXXXX; occurs. The '(0)*XXXXXX' value is converted to a number and the result is returned as a numeric entity if the number is less than 65536. Otherwise, the value is returned 'as is'. param: string $i return: string Normalized numeric entity |
| _hook($string) X-Ref |
| Allows for additional user defined modifications to text. param: string $string return: string |
| filterKsesTextHook($string) X-Ref |
| Allows for additional user defined modifications to text. This method allows for additional modifications to be performed on a string that's being run through Parse(). Currently, it returns the input string 'as is'. This method is provided for users to extend the kses class for their own requirements. param: string $string String to perfrom additional modifications on. return: string User modified string. |
| _array_lc($inarray) X-Ref |
| This method goes through an array, and changes the keys to all lower case. param: array $in_array Associative array return: array Modified array |
| _split($string) X-Ref |
| This method searched for HTML tags, no matter how malformed. It also matches stray ">" characters. param: string $string return: string HTML tags |
| _split2($string) X-Ref |
| This method strips out disallowed and/or mangled (X)HTML tags along with assigned attributes. This method does a lot of work. It rejects some very malformed things like <:::>. It returns an empty string if the element isn't allowed (look ma, no strip_tags()!). Otherwise it splits the tag into an element and an allowed attribute list. param: string $string return: string Modified string minus disallowed/mangled (X)HTML and attributes |
| _attr($element, $attr) X-Ref |
| This method strips out disallowed attributes for (X)HTML tags. This method removes all attributes if none are allowed for this element. If some are allowed it calls $this->_hair() to split them further, and then it builds up new HTML code from the data that $this->_hair() returns. It also removes "<" and ">" characters, if there are any left. One more thing it does is to check if the tag has a closing XHTML slash, and if it does, it puts one in the returned code as well. param: string $element (X)HTML tag to check param: string $attr Text containing attributes to check for validity. return: string Resulting valid (X)HTML or '' |
| _hair($attr) X-Ref |
| This method combs through an attribute list string and returns an associative array of attributes and values. This method does a lot of work. It parses an attribute list into an array with attribute data, and tries to do the right thing even if it gets weird input. It will add quotes around attribute values that don't have any quotes or apostrophes around them, to make it easier to produce HTML code that will conform to W3C's HTML specification. It will also remove bad URL protocols from attribute values. param: string $attr Text containing tag attributes for parsing return: array Associative array containing data on attribute and value |
| _bad_protocol($string) X-Ref |
| This method removes disallowed protocols. This method removes all non-allowed protocols from the beginning of $string. It ignores whitespace and the case of the letters, and it does understand HTML entities. It does its work in a while loop, so it won't be fooled by a string like "javascript:javascript:alert(57)". param: string $string String to check for protocols return: string String with removed protocols |
| _bad_protocol_once($string) X-Ref |
| Helper method used by _bad_protocol() This function searches for URL protocols at the beginning of $string, while handling whitespace and HTML entities. param: string $string String to check for protocols return: string String with removed protocols |
| _bad_protocol_once2($string) X-Ref |
| Helper method used by _bad_protocol_once() regex This function processes URL protocols, checks to see if they're in the white- list or not, and returns different data depending on the answer. param: string $string String to check for protocols return: string String with removed protocols |
| _check_attr_val($value, $vless, $checkname, $checkvalue) X-Ref |
| This function performs different checks for attribute values. The currently implemented checks are "maxlen", "minlen", "maxval", "minval" and "valueless" with even more checks to come soon. param: string $value The value of the attribute to be checked. param: string $vless Indicates whether the the value is supposed to be valueless param: string $checkname The check to be performed param: string $checkvalue The value that is to be checked against return: bool Indicates whether the check passed or not |
| _stripslashes($string) X-Ref |
| Changes \" to " This function changes the character sequence \" to just " It leaves all other slashes alone. It's really weird, but the quoting from preg_replace(//e) seems to require this. param: string $string The string to be stripped. return: string string stripped of \" |
| _html_error($string) X-Ref |
| helper method for _hair() This function deals with parsing errors in _hair(). The general plan is to remove everything to and including some whitespace, but it deals with quotes and apostrophes as well. param: string $string The string to be stripped. return: string string stripped of whitespace |
| _decode_entities($string) X-Ref |
| Decodes numeric HTML entities This method decodes numeric HTML entities (A and A). It doesn't do anything with other entities like ä, but we don't need them in the URL protocol white listing system anyway. param: string $value The entitiy to be decoded. return: string Decoded entity |
| _version() X-Ref |
| Returns PHP4 OOP version # of kses. Since this class has been refactored and documented and proven to work, I'm syncing the version number to procedural kses. return: string Version number |
| Généré le : Wed Nov 21 12:27:40 2007 | par Balluche grâce à PHPXref 0.7 |
|
|