| [ Index ] |
|
Code source de XOOPS 2.0.17.1 |
1 <?php 2 // $Id: module.textsanitizer.php 957 2007-08-06 23:40:36Z malanciault $ 3 // ------------------------------------------------------------------------ // 4 // XOOPS - PHP Content Management System // 5 // Copyright (c) 2000 XOOPS.org // 6 // <http://www.xoops.org/> // 7 // ------------------------------------------------------------------------ // 8 // This program is free software; you can redistribute it and/or modify // 9 // it under the terms of the GNU General Public License as published by // 10 // the Free Software Foundation; either version 2 of the License, or // 11 // (at your option) any later version. // 12 // // 13 // You may not change or alter any portion of this comment or credits // 14 // of supporting developers from this source code or any supporting // 15 // source code which is considered copyrighted (c) material of the // 16 // original comment or credit authors. // 17 // // 18 // This program is distributed in the hope that it will be useful, // 19 // but WITHOUT ANY WARRANTY; without even the implied warranty of // 20 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // 21 // GNU General Public License for more details. // 22 // // 23 // You should have received a copy of the GNU General Public License // 24 // along with this program; if not, write to the Free Software // 25 // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // 26 // ------------------------------------------------------------------------ // 27 // Author: Kazumi Ono (http://www.myweb.ne.jp/, http://jp.xoops.org/) // 28 // Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/) // 29 // Project: The XOOPS Project (http://www.xoops.org/) // 30 // ------------------------------------------------------------------------- // 31 32 /** 33 * Class to "clean up" text for various uses 34 * 35 * <b>Singleton</b> 36 * 37 * @package kernel 38 * @subpackage core 39 * 40 * @author Kazumi Ono <onokazu@xoops.org> 41 * @author Goghs Cheng 42 * @copyright (c) 2000-2003 The Xoops Project - www.xoops.org 43 */ 44 class MyTextSanitizer 45 { 46 /** 47 * @var array 48 */ 49 var $smileys = array(); 50 51 /** 52 * 53 */ 54 var $censorConf; 55 56 /* 57 * Constructor of this class 58 * 59 * Gets allowed html tags from admin config settings 60 * <br> should not be allowed since nl2br will be used 61 * when storing data. 62 * 63 * @access private 64 * 65 * @todo Sofar, this does nuttin' ;-) 66 */ 67 function MyTextSanitizer() 68 { 69 70 } 71 72 /** 73 * Access the only instance of this class 74 * 75 * @return object 76 * 77 * @static 78 * @staticvar object 79 */ 80 function &getInstance() 81 { 82 static $instance; 83 if (!isset($instance)) { 84 $instance = new MyTextSanitizer(); 85 } 86 return $instance; 87 } 88 89 /** 90 * Get the smileys 91 * 92 * @return array 93 */ 94 function getSmileys() 95 { 96 return $this->smileys; 97 } 98 99 /** 100 * Replace emoticons in the message with smiley images 101 * 102 * @param string $message 103 * 104 * @return string 105 */ 106 function smiley($message) 107 { 108 $db =& Database::getInstance(); 109 if (count($this->smileys) == 0) { 110 if ($getsmiles = $db->query("SELECT * FROM ".$db->prefix("smiles"))){ 111 while ($smiles = $db->fetchArray($getsmiles)) { 112 $message = str_replace($smiles['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smiles['smile_url']).'" alt="" />', $message); 113 array_push($this->smileys, $smiles); 114 } 115 } 116 } 117 elseif (is_array($this->smileys)) { 118 foreach ($this->smileys as $smile) { 119 $message = str_replace($smile['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smile['smile_url']).'" alt="" />', $message); 120 } 121 } 122 return $message; 123 } 124 125 /** 126 * Make links in the text clickable 127 * 128 * @param string $text 129 * @return string 130 **/ 131 function makeClickable(&$text) 132 { 133 $patterns = array("/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([^, \r\n\"\(\)'<>\[\]]+)/i"); 134 $replacements = array("\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", "\\1<a href=\"http://www.\\2.\\3\" target=\"_blank\">www.\\2.\\3</a>", "\\1<a href=\"ftp://ftp.\\2.\\3\" target=\"_blank\">ftp.\\2.\\3</a>", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>"); 135 return preg_replace($patterns, $replacements, $text); 136 } 137 138 /** 139 * Replace XoopsCodes with their equivalent HTML formatting 140 * 141 * @param string $text 142 * @param bool $allowimage Allow images in the text? 143 * On FALSE, uses links to images. 144 * @return string 145 **/ 146 function &xoopsCodeDecode(&$text, $allowimage = 1) 147 { 148 $patterns = array(); 149 $replacements = array(); 150 //$patterns[] = "/\[code](.*)\[\/code\]/esU"; 151 //$replacements[] = "'<div class=\"xoopsCode\"><code><pre>'.wordwrap(MyTextSanitizer::htmlSpecialChars('\\1'), 100).'</pre></code></div>'"; 152 // RMV: added new markup for intrasite url (allows easier site moves) 153 // TODO: automatically convert other URLs to this format if XOOPS_URL matches?? 154 $patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU"; 155 $replacements[] = '<a href="'.XOOPS_URL.'/\\2">\\3</a>'; 156 $patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; 157 $replacements[] = '<a href="\\2" target="_blank">\\3</a>'; 158 $patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; 159 $replacements[] = '<a href="\\2" target="_blank">\\3</a>'; 160 $patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU"; 161 $replacements[] = '<a href="http://\\2" target="_blank">\\3</a>'; 162 $patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/color\]/sU"; 163 $replacements[] = '<span style="color: #\\2;">\\3</span>'; 164 $patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU"; 165 $replacements[] = '<span style="font-size: \\2;">\\3</span>'; 166 $patterns[] = "/\[font=(['\"]?)([^;<>\*\(\)\"']*)\\1](.*)\[\/font\]/sU"; 167 $replacements[] = '<span style="font-family: \\2;">\\3</span>'; 168 $patterns[] = "/\[email]([^;<>\*\(\)\"']*)\[\/email\]/sU"; 169 $replacements[] = '<a href="mailto:\\1">\\1</a>'; 170 $patterns[] = "/\[b](.*)\[\/b\]/sU"; 171 $replacements[] = '<b>\\1</b>'; 172 $patterns[] = "/\[i](.*)\[\/i\]/sU"; 173 $replacements[] = '<i>\\1</i>'; 174 $patterns[] = "/\[u](.*)\[\/u\]/sU"; 175 $replacements[] = '<u>\\1</u>'; 176 $patterns[] = "/\[d](.*)\[\/d\]/sU"; 177 $replacements[] = '<del>\\1</del>'; 178 //$patterns[] = "/\[li](.*)\[\/li\]/sU"; 179 //$replacements[] = '<li>\\1</li>'; 180 $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; 181 $patterns[] = "/\[img]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; 182 $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1 id=(['\"]?)([0-9]*)\\3]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; 183 $patterns[] = "/\[img id=(['\"]?)([0-9]*)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; 184 if ($allowimage != 1) { 185 $replacements[] = '<a href="\\3" target="_blank">\\3</a>'; 186 $replacements[] = '<a href="\\1" target="_blank">\\1</a>'; 187 $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\4" target="_blank">\\5</a>'; 188 $replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\2" target="_blank">\\3</a>'; 189 } else { 190 $replacements[] = '<img src="\\3" align="\\2" alt="" />'; 191 $replacements[] = '<img src="\\1" alt="" />'; 192 $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\4" align="\\2" alt="\\5" />'; 193 $replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\2" alt="\\3" />'; 194 } 195 $patterns[] = "/\[quote]/sU"; 196 $replacements[] = _QUOTEC.'<div class="xoopsQuote"><blockquote>'; 197 //$replacements[] = 'Quote: <div class="xoopsQuote"><blockquote>'; 198 $patterns[] = "/\[\/quote]/sU"; 199 $replacements[] = '</blockquote></div>'; 200 $text = str_replace( "\x00", "", $text ); 201 $c = "[\x01-\x1f]*"; 202 $patterns[] = "/j{$c}a{$c}v{$c}a{$c}s{$c}c{$c}r{$c}i{$c}p{$c}t{$c}:/si"; 203 $replacements[] = "(script removed)"; 204 $patterns[] = "/a{$c}b{$c}o{$c}u{$c}t{$c}:/si"; 205 $replacements[] = "about :"; 206 $text = preg_replace($patterns, $replacements, $text); 207 return $text; 208 } 209 210 /** 211 * Convert linebreaks to <br /> tags 212 * 213 * @param string $text 214 * 215 * @return string 216 */ 217 function nl2Br($text) 218 { 219 return preg_replace("/(\015\012)|(\015)|(\012)/","<br />",$text); 220 } 221 222 /** 223 * Add slashes to the text if magic_quotes_gpc is turned off. 224 * 225 * @param string $text 226 * @return string 227 **/ 228 function addSlashes($text) 229 { 230 if (!get_magic_quotes_gpc()) { 231 $text = addslashes($text); 232 } 233 return $text; 234 } 235 /* 236 * if magic_quotes_gpc is on, stirip back slashes 237 * 238 * @param string $text 239 * 240 * @return string 241 */ 242 function stripSlashesGPC($text) 243 { 244 if (get_magic_quotes_gpc()) { 245 $text = stripslashes($text); 246 } 247 return $text; 248 } 249 250 /* 251 * for displaying data in html textbox forms 252 * 253 * @param string $text 254 * 255 * @return string 256 */ 257 function htmlSpecialChars($text) 258 { 259 //return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES)); 260 return preg_replace(array("/&/i", "/ /i"), array('&', '&nbsp;'), htmlspecialchars($text, ENT_QUOTES)); 261 } 262 263 /** 264 * Reverses {@link htmlSpecialChars()} 265 * 266 * @param string $text 267 * @return string 268 **/ 269 function undoHtmlSpecialChars( $text ) 270 { 271 return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i", '/&nbsp;/i'), array(">", "<", "\"", "'", " "), $text); 272 } 273 274 /** 275 * Filters textarea form data in DB for display 276 * 277 * @param string $text 278 * @param bool $html allow html? 279 * @param bool $smiley allow smileys? 280 * @param bool $xcode allow xoopscode? 281 * @param bool $image allow inline images? 282 * @param bool $br convert linebreaks? 283 * @return string 284 **/ 285 function &displayTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) 286 { 287 if ($html != 1) { 288 // html not allowed 289 $text = $this->htmlSpecialChars($text); 290 } 291 $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) 292 $text = $this->makeClickable($text); 293 if ($smiley != 0) { 294 // process smiley 295 $text = $this->smiley($text); 296 } 297 if ($xcode != 0) { 298 // decode xcode 299 if ($image != 0) { 300 // image allowed 301 $text = $this->xoopsCodeDecode($text); 302 } else { 303 // image not allowed 304 $text = $this->xoopsCodeDecode($text, 0); 305 } 306 } 307 if ($br != 0) { 308 $text = $this->nl2Br($text); 309 } 310 $text = $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18) 311 return $text; 312 } 313 314 /** 315 * Filters textarea form data submitted for preview 316 * 317 * @param string $text 318 * @param bool $html allow html? 319 * @param bool $smiley allow smileys? 320 * @param bool $xcode allow xoopscode? 321 * @param bool $image allow inline images? 322 * @param bool $br convert linebreaks? 323 * @return string 324 **/ 325 function &previewTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) 326 { 327 $text = $this->stripSlashesGPC($text); 328 if ($html != 1) { 329 // html not allowed 330 $text = $this->htmlSpecialChars($text); 331 } 332 $text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18) 333 $text = $this->makeClickable($text); 334 if ($smiley != 0) { 335 // process smiley 336 $text = $this->smiley($text); 337 } 338 if ($xcode != 0) { 339 // decode xcode 340 if ($image != 0) { 341 // image allowed 342 $text = $this->xoopsCodeDecode($text); 343 } else { 344 // image not allowed 345 $text = $this->xoopsCodeDecode($text, 0); 346 } 347 } 348 if ($br != 0) { 349 $text = $this->nl2Br($text); 350 } 351 $text = $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18) 352 return $text; 353 } 354 355 /** 356 * Replaces banned words in a string with their replacements 357 * 358 * @param string $text 359 * @return string 360 * 361 * @deprecated 362 **/ 363 function &censorString(&$text) 364 { 365 if (!isset($this->censorConf)) { 366 $config_handler =& xoops_gethandler('config'); 367 $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR); 368 } 369 if ($this->censorConf['censor_enable'] == 1) { 370 $replacement = $this->censorConf['censor_replace']; 371 foreach ($this->censorConf['censor_words'] as $bad) { 372 if ( !empty($bad) ) { 373 $bad = quotemeta($bad); 374 $patterns[] = "/(\s)".$bad."/siU"; 375 $replacements[] = "\\1".$replacement; 376 $patterns[] = "/^".$bad."/siU"; 377 $replacements[] = $replacement; 378 $patterns[] = "/(\n)".$bad."/siU"; 379 $replacements[] = "\\1".$replacement; 380 $patterns[] = "/]".$bad."/siU"; 381 $replacements[] = "]".$replacement; 382 $text = preg_replace($patterns, $replacements, $text); 383 } 384 } 385 } 386 return $text; 387 } 388 389 390 /**#@+ 391 * Sanitizing of [code] tag 392 */ 393 function codePreConv($text, $xcode = 1) { 394 if($xcode != 0){ 395 $patterns = "/\[code](.*)\[\/code\]/esU"; 396 $replacements = "'[code]'.base64_encode('$1').'[/code]'"; 397 $text = preg_replace($patterns, $replacements, $text); 398 } 399 return $text; 400 } 401 402 function codeConv($text, $xcode = 1, $image = 1){ 403 if($xcode != 0){ 404 $patterns = "/\[code](.*)\[\/code\]/esU"; 405 if ($image != 0) { 406 // image allowed 407 $replacements = "'<div class=\"xoopsCode\"><code><pre>'.MyTextSanitizer::codeSanitizer('$1').'</pre></code></div>'"; 408 //$text =& $this->xoopsCodeDecode($text); 409 } else { 410 // image not allowed 411 $replacements = "'<div class=\"xoopsCode\"><code><pre>'.MyTextSanitizer::codeSanitizer('$1', 0).'</pre></code></div>'"; 412 //$text =& $this->xoopsCodeDecode($text, 0); 413 } 414 $text = preg_replace($patterns, $replacements, $text); 415 } 416 return $text; 417 } 418 419 function codeSanitizer($str, $image = 1){ 420 if($image != 0){ 421 $str = $this->xoopsCodeDecode( 422 $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))) 423 ); 424 }else{ 425 $str = $this->xoopsCodeDecode( 426 $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0 427 ); 428 } 429 return $str; 430 } 431 432 433 /**#@-*/ 434 435 436 ##################### Deprecated Methods ###################### 437 438 /**#@+ 439 * @deprecated 440 */ 441 function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) 442 { 443 if ( $allowhtml == 0 ) { 444 $text = $this->htmlSpecialChars($text); 445 } else { 446 //$config =& $GLOBALS['xoopsConfig']; 447 //$allowed = $config['allowed_html']; 448 //$text = strip_tags($text, $allowed); 449 $text = $this->makeClickable($text); 450 } 451 if ( $smiley == 1 ) { 452 $text = $this->smiley($text); 453 } 454 if ( $bbcode == 1 ) { 455 $text = $this->xoopsCodeDecode($text); 456 } 457 $text = $this->nl2Br($text); 458 return $text; 459 } 460 461 function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) 462 { 463 $text = $this->oopsStripSlashesGPC($text); 464 if ( $allowhtml == 0 ) { 465 $text = $this->htmlSpecialChars($text); 466 } else { 467 //$config =& $GLOBALS['xoopsConfig']; 468 //$allowed = $config['allowed_html']; 469 //$text = strip_tags($text, $allowed); 470 $text = $this->makeClickable($text); 471 } 472 if ( $smiley == 1 ) { 473 $text = $this->smiley($text); 474 } 475 if ( $bbcode == 1 ) { 476 $text = $this->xoopsCodeDecode($text); 477 } 478 $text = $this->nl2Br($text); 479 return $text; 480 } 481 482 function makeTboxData4Save($text) 483 { 484 //$text = $this->undoHtmlSpecialChars($text); 485 return $this->addSlashes($text); 486 } 487 488 function makeTboxData4Show($text, $smiley=0) 489 { 490 $text = $this->htmlSpecialChars($text); 491 return $text; 492 } 493 494 function makeTboxData4Edit($text) 495 { 496 return $this->htmlSpecialChars($text); 497 } 498 499 function makeTboxData4Preview($text, $smiley=0) 500 { 501 $text = $this->stripSlashesGPC($text); 502 $text = $this->htmlSpecialChars($text); 503 return $text; 504 } 505 506 function makeTboxData4PreviewInForm($text) 507 { 508 $text = $this->stripSlashesGPC($text); 509 return $this->htmlSpecialChars($text); 510 } 511 512 function makeTareaData4Save($text) 513 { 514 return $this->addSlashes($text); 515 } 516 517 function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1) 518 { 519 $text = $this->displayTarea($text, $html, $smiley, $xcode); 520 return $text; 521 } 522 523 function makeTareaData4Edit($text) 524 { 525 return $this->htmlSpecialChars($text); 526 } 527 528 function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1) 529 { 530 $text = $this->previewTarea($text, $html, $smiley, $xcode); 531 return $text; 532 } 533 534 function makeTareaData4PreviewInForm($text) 535 { 536 //if magic_quotes_gpc is on, do stipslashes 537 $text = $this->stripSlashesGPC($text); 538 return $this->htmlSpecialChars($text); 539 } 540 541 function makeTareaData4InsideQuotes($text) 542 { 543 return $this->htmlSpecialChars($text); 544 } 545 546 function oopsStripSlashesGPC($text) 547 { 548 return $this->stripSlashesGPC($text); 549 } 550 551 function oopsStripSlashesRT($text) 552 { 553 if (get_magic_quotes_runtime()) { 554 $text = stripslashes($text); 555 } 556 return $text; 557 } 558 559 function oopsAddSlashes($text) 560 { 561 return $this->addSlashes($text); 562 } 563 564 function oopsHtmlSpecialChars($text) 565 { 566 return $this->htmlSpecialChars($text); 567 } 568 569 function oopsNl2Br($text) 570 { 571 return $this->nl2br($text); 572 } 573 /**#@-*/ 574 } 575 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Nov 25 11:44:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|