[Sommaire] [Imprimer]

   1  <?php
   2  
   3  if(!defined("PHORUM")) return;
   4  
   5  // HTML Phorum Mod
   6  function phorum_html($data)
   7  {
   8      $PHORUM = $GLOBALS["PHORUM"];
   9  
  10      foreach($data as $message_id => $message){
  11  
  12          if(isset($message["body"])){
  13  
  14              $body = $message["body"];
  15  
  16              // pull out the phorum breaks
  17              $body = str_replace("<phorum break>", "", $body);
  18  
  19              // Protect against poisoned null byte XSS attacks
  20              // (MSIE does not protect itself against these, so we have
  21              // to take care of that).
  22              str_replace("\0", "", $body);
  23  
  24              // restore tags where Phorum has killed them
  25              $body = preg_replace("!&lt;(\/*[a-z].*?)&gt;!si", "<$1>", $body);
  26  
  27              // restore escaped & and "
  28              $body = str_replace("&amp;", "&", $body);
  29              $body = str_replace("&quot;", '"', $body);
  30  
  31              // strip out javascript events
  32              if(preg_match_all("/<[a-z][^>]+>/si", $body, $matches)){
  33                  $tags=array_unique($matches[0]);
  34                  foreach($tags as $tag){
  35                      $newtag=str_replace("\n", " ", $tag);
  36                      $newtag=preg_replace("/\son[^=]+=\".+?\"/is", "$1", $newtag);
  37                      $newtag=preg_replace("/\son[^=]+='.+?'/is", "$1", $newtag);
  38                      $newtag=preg_replace("/\son[^=]+=[^'\"][^\s>]+/si", "$1", $newtag);
  39                      $body=str_replace($tag, $newtag, $body);
  40                  }
  41              }
  42  
  43              // turn script and meta tags into comments
  44              $body=preg_replace("/<(\/*(script|meta).*?)>/is", "<!--$1-->", $body);
  45  
  46              // put the phorum breaks back
  47              $body = str_replace("\n", "<phorum break>\n", $body);
  48  
  49              // strip any <phorum break> tags that got inside certain
  50              // blocks like tables (to prevent <table><br/><tr> like
  51              // code) and pre/xmp (newlines are shown, even without
  52              // <br/> tags).
  53              $block_tags="table|pre|xmp";
  54  
  55              preg_match_all("!(<($block_tags).*?>).+?(</($block_tags).*?>)!ms", $body, $matches);
  56  
  57              foreach($matches[0] as $block){
  58                  $newblock=str_replace("<phorum break>", "", $block);
  59                  $body=str_replace($block, $newblock, $body);
  60              }
  61  
  62              $data[$message_id]["body"] = $body;
  63          }
  64      }
  65  
  66      return $data;
  67  }
  68  
  69  ?>