Context Navigation

source: temp/test-xoops.ec-cube.net/html/class/module.textsanitizer.php @ 405

Visit:

Revision 405, 20.2 KB checked in by root, 20 years ago (diff)

Line
1	<?php
2	// $Id: module.textsanitizer.php,v 1.8 2006/07/27 00:17:17 onokazu Exp $
3	// ------------------------------------------------------------------------ //
4	// XOOPS - PHP Content Management System //
5	// Copyright (c) 2000 XOOPS.org //
6	// <http://www.xoops.org/> //
7	// ------------------------------------------------------------------------ //
8	// This program is free software; you can redistribute it and/or modify //
9	// it under the terms of the GNU General Public License as published by //
10	// the Free Software Foundation; either version 2 of the License, or //
11	// (at your option) any later version. //
12	// //
13	// You may not change or alter any portion of this comment or credits //
14	// of supporting developers from this source code or any supporting //
15	// source code which is considered copyrighted (c) material of the //
16	// original comment or credit authors. //
17	// //
18	// This program is distributed in the hope that it will be useful, //
19	// but WITHOUT ANY WARRANTY; without even the implied warranty of //
20	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21	// GNU General Public License for more details. //
22	// //
23	// You should have received a copy of the GNU General Public License //
24	// along with this program; if not, write to the Free Software //
25	// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26	// ------------------------------------------------------------------------ //
27	// Author: Kazumi Ono (http://www.myweb.ne.jp/, http://jp.xoops.org/) //
28	// Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/) //
29	// Project: The XOOPS Project (http://www.xoops.org/) //
30	// ------------------------------------------------------------------------- //
31
32	/**
33	* Class to "clean up" text for various uses
34	*
35	* <b>Singleton</b>
36	*
37	* @package kernel
38	* @subpackage core
39	*
40	* @author Kazumi Ono <[email protected]>
41	* @author Goghs Cheng
42	* @copyright (c) 2000-2003 The Xoops Project - www.xoops.org
43	*/
44	class MyTextSanitizer
45	{
46	/**
47	* @var array
48	*/
49	var $smileys = array();
50
51	/**
52	*
53	*/
54	var $censorConf;
55
56	/*
57	* Constructor of this class
58	*
59	* Gets allowed html tags from admin config settings
60	* <br> should not be allowed since nl2br will be used
61	* when storing data.
62	*
63	* @access private
64	*
65	* @todo Sofar, this does nuttin' ;-)
66	*/
67	function MyTextSanitizer()
68	{
69
70	}
71
72	/**
73	* Access the only instance of this class
74	*
75	* @return object
76	*
77	* @static
78	* @staticvar object
79	*/
80	function &getInstance()
81	{
82	static $instance;
83	if (!isset($instance)) {
84	$instance = new MyTextSanitizer();
85	}
86	return $instance;
87	}
88
89	/**
90	* Get the smileys
91	*
92	* @return array
93	*/
94	function getSmileys()
95	{
96	return $this->smileys;
97	}
98
99	/**
100	* Replace emoticons in the message with smiley images
101	*
102	* @param string $message
103	*
104	* @return string
105	*/
106	function &smiley($message)
107	{
108	$db =& Database::getInstance();
109	if (count($this->smileys) == 0) {
110	if ($getsmiles = $db->query("SELECT * FROM ".$db->prefix("smiles"))){
111	while ($smiles = $db->fetchArray($getsmiles)) {
112	$message = str_replace($smiles['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smiles['smile_url']).'" alt="" />', $message);
113	array_push($this->smileys, $smiles);
114	}
115	}
116	}
117	elseif (is_array($this->smileys)) {
118	foreach ($this->smileys as $smile) {
119	$message = str_replace($smile['code'], '<img src="'.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smile['smile_url']).'" alt="" />', $message);
120	}
121	}
122	return $message;
123	}
124
125	/**
126	* Make links in the text clickable
127	*
128	* @param string $text
129	* @return string
130	**/
131	function &makeClickable(&$text)
132	{
133	$patterns = array("/(^\|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([^, \r\n\"\(\)'<>]+)/i", "/(^\|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^\|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^\|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([^, \r\n\"\(\)'<>\[\]]+)/i");
134	$replacements = array("\\1<a href=\"\\2://\\3\" target=\"_blank\">\\2://\\3</a>", "\\1<a href=\"http://www.\\2.\\3\" target=\"_blank\">www.\\2.\\3</a>", "\\1<a href=\"ftp://ftp.\\2.\\3\" target=\"_blank\">ftp.\\2.\\3</a>", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>");
135	$ret = preg_replace($patterns, $replacements, $text);
136	return $ret;
137	}
138
139	/**
140	* Replace XoopsCodes with their equivalent HTML formatting
141	*
142	* @param string $text
143	* @param bool $allowimage Allow images in the text?
144	* On FALSE, uses links to images.
145	* @return string
146	**/
147	function &xoopsCodeDecode(&$text, $allowimage = 1)
148	{
149	$imgCallbackPattern = "/\[img( align=\w+)]([^\"\(\)\?\&'<>]*)\[\/img\]/sU";
150	$text = preg_replace_callback($imgCallbackPattern, array($this, '_filterImgUrl'), $text);
151
152	$patterns = array();
153	$replacements = array();
154	// RMV: added new markup for intrasite url (allows easier site moves)
155	// TODO: automatically convert other URLs to this format if XOOPS_URL matches??
156	$patterns[] = "/\[siteurl=(['\"]?)([^\"'<>])\\1](.)\[\/siteurl\]/sU";
157	$replacements[] = '<a href="'.XOOPS_URL.'/\\2" target="_blank">\\3</a>';
158	$patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>])\\1](.)\[\/url\]/sU";
159	$replacements[] = '<a href="\\2" target="_blank">\\3</a>';
160	$patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>])\\1](.)\[\/url\]/sU";
161	$replacements[] = '<a href="\\2" target="_blank">\\3</a>';
162	$patterns[] = "/\[url=(['\"]?)([^\"'<>])\\1](.)\[\/url\]/sU";
163	$replacements[] = '<a href="http://\\2" target="_blank">\\3</a>';
164	$patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9])\\1](.)\[\/color\]/sU";
165	$replacements[] = '<span style="color: #\\2;">\\3</span>';
166	$patterns[] = "/\[size=(['\"]?)([a-z0-9-])\\1](.)\[\/size\]/sU";
167	$replacements[] = '<span style="font-size: \\2;">\\3</span>';
168	$patterns[] = "/\[font=(['\"]?)([^;<>\\(\)\"'])\\1](.*)\[\/font\]/sU";
169	$replacements[] = '<span style="font-family: \\2;">\\3</span>';
170	$patterns[] = "/\[email]([^;<>\\(\)\"'])\[\/email\]/sU";
171	$replacements[] = '<a href="mailto:\\1">\\1</a>';
172	$patterns[] = "/\[b](.*)\[\/b\]/sU";
173	$replacements[] = '<b>\\1</b>';
174	$patterns[] = "/\[i](.*)\[\/i\]/sU";
175	$replacements[] = '<i>\\1</i>';
176	$patterns[] = "/\[u](.*)\[\/u\]/sU";
177	$replacements[] = '<u>\\1</u>';
178	$patterns[] = "/\[d](.*)\[\/d\]/sU";
179	$replacements[] = '<del>\\1</del>';
180	//$patterns[] = "/\[li](.*)\[\/li\]/sU";
181	//$replacements[] = '<li>\\1</li>';
182	$patterns[] = "/\[img align=(['\"]?)(left\|center\|right)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU";
183	$patterns[] = "/\[img]([^\"\(\)\?\&'<>]*)\[\/img\]/sU";
184	$patterns[] = "/\[img align=(['\"]?)(left\|center\|right)\\1 id=(['\"]?)([0-9])\\3]([^\"\(\)\?\&'<>])\[\/img\]/sU";
185	$patterns[] = "/\[img id=(['\"]?)([0-9])\\1]([^\"\(\)\?\&'<>])\[\/img\]/sU";
186	if ($allowimage != 1) {
187	$replacements[] = '<a href="\\3" target="_blank">\\3</a>';
188	$replacements[] = '<a href="\\1" target="_blank">\\1</a>';
189	$replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\4" target="_blank">\\5</a>';
190	$replacements[] = '<a href="'.XOOPS_URL.'/image.php?id=\\2" target="_blank">\\3</a>';
191	} else {
192	$replacements[] = '<img src="\\3" align="\\2" alt="" />';
193	$replacements[] = '<img src="\\1" alt="" />';
194	$replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\4" align="\\2" alt="\\5" />';
195	$replacements[] = '<img src="'.XOOPS_URL.'/image.php?id=\\2" alt="\\3" />';
196	}
197	$patterns[] = "/\[quote]/sU";
198	$replacements[] = _QUOTEC.'<div class="xoopsQuote"><blockquote>';
199	//$replacements[] = 'Quote: <div class="xoopsQuote"><blockquote>';
200	$patterns[] = "/\[\/quote]/sU";
201	$replacements[] = '</blockquote></div>';
202	$patterns[] = "/javascript:/si";
203	$replacements[] = "java script:";
204	$patterns[] = "/about:/si";
205	$replacements[] = "about :";
206	$ret = preg_replace($patterns, $replacements, $text);
207	return $ret;
208	}
209
210	/**
211	* Filters out invalid strings included in URL, if any
212	*
213	* @param array $matches
214	* @return string
215	*/
216	function _filterImgUrl($matches)
217	{
218	if ($this->checkUrlString($matches[2])) {
219	return $matches[0];
220	} else {
221	return "";
222	}
223	}
224
225	/**
226	* Checks if invalid strings are included in URL
227	*
228	* @param string $text
229	* @return bool
230	*/
231	function checkUrlString($text)
232	{
233	// Check control code
234	if (preg_match("/[\\0-\\31]/", $text)) {
235	return false;
236	}
237	// check black pattern(deprecated)
238	return !preg_match("/^(javascript\|vbscript\|about):/i", $text);
239	}
240
241	/**
242	* Convert linebreaks to <br /> tags
243	*
244	* @param string $text
245	*
246	* @return string
247	*/
248	function &nl2Br($text)
249	{
250	$ret = preg_replace("/(\015\012)\|(\015)\|(\012)/","<br />",$text);
251	return $ret;
252	}
253
254	/**
255	* Add slashes to the text if magic_quotes_gpc is turned off.
256	*
257	* @param string $text
258	* @return string
259	**/
260	function &addSlashes($text)
261	{
262	if (!get_magic_quotes_gpc()) {
263	$text = addslashes($text);
264	}
265	return $text;
266	}
267	/*
268	* if magic_quotes_gpc is on, stirip back slashes
269	*
270	* @param string $text
271	*
272	* @return string
273	*/
274	function &stripSlashesGPC($text)
275	{
276	if (get_magic_quotes_gpc()) {
277	$text = stripslashes($text);
278	}
279	return $text;
280	}
281
282	/*
283	* for displaying data in html textbox forms
284	*
285	* @param string $text
286	*
287	* @return string
288	*/
289	function &htmlSpecialChars($text)
290	{
291	//return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES));
292	$ret = preg_replace(array("/&/i", "/ /i"), array('&', '&nbsp;'), htmlspecialchars($text, ENT_QUOTES));
293	return $ret;
294	}
295
296	/**
297	* Reverses {@link htmlSpecialChars()}
298	*
299	* @param string $text
300	* @return string
301	**/
302	function &undoHtmlSpecialChars(&$text)
303	{
304	return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i"), array(">", "<", "\"", "'"), $text);
305	}
306
307	/**
308	* Filters textarea form data in DB for display
309	*
310	* @param string $text
311	* @param bool $html allow html?
312	* @param bool $smiley allow smileys?
313	* @param bool $xcode allow xoopscode?
314	* @param bool $image allow inline images?
315	* @param bool $br convert linebreaks?
316	* @return string
317	**/
318	function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
319	{
320	if ($html != 1) {
321	// html not allowed
322	$text =& $this->htmlSpecialChars($text);
323	}
324	$text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
325	$text =& $this->makeClickable($text);
326	if ($smiley != 0) {
327	// process smiley
328	$text =& $this->smiley($text);
329	}
330	if ($xcode != 0) {
331	// decode xcode
332	if ($image != 0) {
333	// image allowed
334	$text =& $this->xoopsCodeDecode($text);
335	} else {
336	// image not allowed
337	$text =& $this->xoopsCodeDecode($text, 0);
338	}
339	}
340	if ($br != 0) {
341	$text =& $this->nl2Br($text);
342	}
343	$text = $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18)
344	return $text;
345	}
346
347	/**
348	* Filters textarea form data submitted for preview
349	*
350	* @param string $text
351	* @param bool $html allow html?
352	* @param bool $smiley allow smileys?
353	* @param bool $xcode allow xoopscode?
354	* @param bool $image allow inline images?
355	* @param bool $br convert linebreaks?
356	* @return string
357	**/
358	function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
359	{
360	$text =& $this->stripSlashesGPC($text);
361	if ($html != 1) {
362	// html not allowed
363	$text =& $this->htmlSpecialChars($text);
364	}
365	$text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
366	$text =& $this->makeClickable($text);
367	if ($smiley != 0) {
368	// process smiley
369	$text =& $this->smiley($text);
370	}
371	if ($xcode != 0) {
372	// decode xcode
373	if ($image != 0) {
374	// image allowed
375	$text =& $this->xoopsCodeDecode($text);
376	} else {
377	// image not allowed
378	$text =& $this->xoopsCodeDecode($text, 0);
379	}
380	}
381	if ($br != 0) {
382	$text =& $this->nl2Br($text);
383	}
384	$text = $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18)
385	return $text;
386	}
387
388	/**
389	* Replaces banned words in a string with their replacements
390	*
391	* @param string $text
392	* @return string
393	*
394	* @deprecated
395	**/
396	function &censorString(&$text)
397	{
398	if (!isset($this->censorConf)) {
399	$config_handler =& xoops_gethandler('config');
400	$this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR);
401	}
402	if ($this->censorConf['censor_enable'] == 1) {
403	$replacement = $this->censorConf['censor_replace'];
404	foreach ($this->censorConf['censor_words'] as $bad) {
405	if ( !empty($bad) ) {
406	$bad = quotemeta($bad);
407	$patterns[] = "/(\s)".$bad."/siU";
408	$replacements[] = "\\1".$replacement;
409	$patterns[] = "/^".$bad."/siU";
410	$replacements[] = $replacement;
411	$patterns[] = "/(\n)".$bad."/siU";
412	$replacements[] = "\\1".$replacement;
413	$patterns[] = "/]".$bad."/siU";
414	$replacements[] = "]".$replacement;
415	$text = preg_replace($patterns, $replacements, $text);
416	}
417	}
418	}
419	return $text;
420	}
421
422
423	/**#@+
424	* Sanitizing of [code] tag
425	*/
426	function codePreConv($text, $xcode = 1) {
427	if($xcode != 0){
428	$patterns = "/\[code](.*)\[\/code\]/esU";
429	$replacements = "'[code]'.base64_encode('$1').'[/code]'";
430	$text = preg_replace($patterns, $replacements, $text);
431	}
432	return $text;
433	}
434
435	function codeConv($text, $xcode = 1, $image = 1){
436	if($xcode != 0){
437	$patterns = "/\[code](.*)\[\/code\]/esU";
438	if ($image != 0) {
439	// image allowed
440	$replacements = "'<div class=\"xoopsCode\"><pre><code>'.MyTextSanitizer::codeSanitizer('$1').'</code></pre></div>'";
441	//$text =& $this->xoopsCodeDecode($text);
442	} else {
443	// image not allowed
444	$replacements = "'<div class=\"xoopsCode\"><pre><code>'.MyTextSanitizer::codeSanitizer('$1', 0).'</code></pre></div>'";
445	//$text =& $this->xoopsCodeDecode($text, 0);
446	}
447	$text = preg_replace($patterns, $replacements, $text);
448	}
449	return $text;
450	}
451
452	function codeSanitizer($str, $image = 1){
453	if($image != 0){
454	$str = $this->xoopsCodeDecode(
455	$this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str)))
456	);
457	}else{
458	$str = $this->xoopsCodeDecode(
459	$this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0
460	);
461	}
462	return $str;
463	}
464
465
466	/*#@-/
467
468
469	##################### Deprecated Methods ######################
470
471	/**#@+
472	* @deprecated
473	*/
474	function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
475	{
476	if ( $allowhtml == 0 ) {
477	$text = $this->htmlSpecialChars($text);
478	} else {
479	//$config =& $GLOBALS['xoopsConfig'];
480	//$allowed = $config['allowed_html'];
481	//$text = strip_tags($text, $allowed);
482	$text = $this->makeClickable($text);
483	}
484	if ( $smiley == 1 ) {
485	$text = $this->smiley($text);
486	}
487	if ( $bbcode == 1 ) {
488	$text = $this->xoopsCodeDecode($text);
489	}
490	$text = $this->nl2Br($text);
491	return $text;
492	}
493
494	function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
495	{
496	$text = $this->oopsStripSlashesGPC($text);
497	if ( $allowhtml == 0 ) {
498	$text = $this->htmlSpecialChars($text);
499	} else {
500	//$config =& $GLOBALS['xoopsConfig'];
501	//$allowed = $config['allowed_html'];
502	//$text = strip_tags($text, $allowed);
503	$text = $this->makeClickable($text);
504	}
505	if ( $smiley == 1 ) {
506	$text = $this->smiley($text);
507	}
508	if ( $bbcode == 1 ) {
509	$text = $this->xoopsCodeDecode($text);
510	}
511	$text = $this->nl2Br($text);
512	return $text;
513	}
514
515	function makeTboxData4Save($text)
516	{
517	//$text = $this->undoHtmlSpecialChars($text);
518	return $this->addSlashes($text);
519	}
520
521	function makeTboxData4Show($text, $smiley=0)
522	{
523	$text = $this->htmlSpecialChars($text);
524	return $text;
525	}
526
527	function makeTboxData4Edit($text)
528	{
529	return $this->htmlSpecialChars($text);
530	}
531
532	function makeTboxData4Preview($text, $smiley=0)
533	{
534	$text = $this->stripSlashesGPC($text);
535	$text = $this->htmlSpecialChars($text);
536	return $text;
537	}
538
539	function makeTboxData4PreviewInForm($text)
540	{
541	$text = $this->stripSlashesGPC($text);
542	return $this->htmlSpecialChars($text);
543	}
544
545	function makeTareaData4Save($text)
546	{
547	return $this->addSlashes($text);
548	}
549
550	function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1)
551	{
552	$ret = $this->displayTarea($text, $html, $smiley, $xcode);
553	return $ret;
554	}
555
556	function makeTareaData4Edit($text)
557	{
558	return $this->htmlSpecialChars($text);
559	}
560
561	function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1)
562	{
563	$ret = $this->previewTarea($text, $html, $smiley, $xcode);
564	return $ret;
565	}
566
567	function makeTareaData4PreviewInForm($text)
568	{
569	//if magic_quotes_gpc is on, do stipslashes
570	$text = $this->stripSlashesGPC($text);
571	return $this->htmlSpecialChars($text);
572	}
573
574	function makeTareaData4InsideQuotes($text)
575	{
576	return $this->htmlSpecialChars($text);
577	}
578
579	function &oopsStripSlashesGPC($text)
580	{
581	$ret = $this->stripSlashesGPC($text);
582	return $ret;
583	}
584
585	function &oopsStripSlashesRT($text)
586	{
587	if (get_magic_quotes_runtime()) {
588	$text =& stripslashes($text);
589	}
590	return $text;
591	}
592
593	function &oopsAddSlashes($text)
594	{
595	$ret = $this->addSlashes($text);
596	return $ret;
597	}
598
599	function &oopsHtmlSpecialChars($text)
600	{
601	$ret = $this->htmlSpecialChars($text);
602	return $ret;
603	}
604
605	function &oopsNl2Br($text)
606	{
607	$ret = $this->nl2br($text);
608	return $ret;
609	}
610	/*#@-/
611	}
612	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: