// // ------------------------------------------------------------------------ // // This program is free software; you can redistribute it and/or modify // // it under the terms of the GNU General Public License as published by // // the Free Software Foundation; either version 2 of the License, or // // (at your option) any later version. // // // // You may not change or alter any portion of this comment or credits // // of supporting developers from this source code or any supporting // // source code which is considered copyrighted (c) material of the // // original comment or credit authors. // // // // This program is distributed in the hope that it will be useful, // // but WITHOUT ANY WARRANTY; without even the implied warranty of // // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // // GNU General Public License for more details. // // // // You should have received a copy of the GNU General Public License // // along with this program; if not, write to the Free Software // // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // ------------------------------------------------------------------------ // // Author: Kazumi Ono (http://www.myweb.ne.jp/, http://jp.xoops.org/) // // Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/) // // Project: The XOOPS Project (http://www.xoops.org/) // // ------------------------------------------------------------------------- // // xpWiki wikirenderer dirctory name define('XPWIKI_RENDERER_DIR', 'xpwiki'); /** * Class to "clean up" text for various uses * * Singleton * * @package kernel * @subpackage core * * @author Kazumi Ono * @author Goghs Cheng * @copyright (c) 2000-2003 The Xoops Project - www.xoops.org */ class MyTextSanitizer { /** * @var array */ var $smileys = array(); /** * */ var $censorConf; /* * Constructor of this class * * Gets allowed html tags from admin config settings *
should not be allowed since nl2br will be used * when storing data. * * @access private * * @todo Sofar, this does nuttin' ;-) */ function MyTextSanitizer() { } /** * Access the only instance of this class * * @return object * * @static * @staticvar object */ function &getInstance() { static $instance; if (!isset($instance)) { $instance = new MyTextSanitizer(); } return $instance; } /** * Get the smileys * * @return array */ function getSmileys() { return $this->smileys; } /** * Replace emoticons in the message with smiley images * * @param string $message * * @return string */ function &smiley($message) { $db =& Database::getInstance(); if (count($this->smileys) == 0) { if ($getsmiles = $db->query("SELECT * FROM ".$db->prefix("smiles"))){ while ($smiles = $db->fetchArray($getsmiles)) { $message = str_replace($smiles['code'], '', $message); array_push($this->smileys, $smiles); } } } elseif (is_array($this->smileys)) { foreach ($this->smileys as $smile) { $message = str_replace($smile['code'], '', $message); } } return $message; } /** * Make links in the text clickable * * @param string $text * @return string **/ function &makeClickable(&$text) { $patterns = array("/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([^, \r\n\"\(\)'<>\[\]]+)/i"); $replacements = array("\\1\\2://\\3", "\\1www.\\2.\\3", "\\1ftp.\\2.\\3", "\\1\\2@\\3"); $ret = preg_replace($patterns, $replacements, $text); return $ret; } /** * Replace XoopsCodes with their equivalent HTML formatting * * @param string $text * @param bool $allowimage Allow images in the text? * On FALSE, uses links to images. * @return string **/ function &xoopsCodeDecode(&$text, $allowimage = 1) { $imgCallbackPattern = "/\[img( align=\w+)]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; $text = preg_replace_callback($imgCallbackPattern, array($this, '_filterImgUrl'), $text); $patterns = array(); $replacements = array(); // RMV: added new markup for intrasite url (allows easier site moves) // TODO: automatically convert other URLs to this format if XOOPS_URL matches?? $patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU"; $replacements[] = '\\3'; $patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; $replacements[] = '\\3'; $patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU"; $replacements[] = '\\3'; $patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU"; $replacements[] = '\\3'; $patterns[] = "/\[c(?:olor)?=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/c(?:olor)?\]/sU"; $replacements[] = '\\3'; $patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU"; $replacements[] = '\\3'; $patterns[] = "/\[font=(['\"]?)([^;<>\*\(\)\"']*)\\1](.*)\[\/font\]/sU"; $replacements[] = '\\3'; $patterns[] = "/\[email]([^;<>\*\(\)\"']*)\[\/email\]/sU"; $replacements[] = '\\1'; $patterns[] = "/\[b](.*)\[\/b\]/sU"; $replacements[] = '\\1'; $patterns[] = "/\[i](.*)\[\/i\]/sU"; $replacements[] = '\\1'; $patterns[] = "/\[u](.*)\[\/u\]/sU"; $replacements[] = '\\1'; $patterns[] = "/\[d](.*)\[\/d\]/sU"; $replacements[] = '\\1'; //$patterns[] = "/\[li](.*)\[\/li\]/sU"; //$replacements[] = '
  • \\1
    • '; $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; $patterns[] = "/\[img]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; $patterns[] = "/\[img align=(['\"]?)(left|center|right)\\1 id=(['\"]?)([0-9]*)\\3]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; $patterns[] = "/\[img id=(['\"]?)([0-9]*)\\1]([^\"\(\)\?\&'<>]*)\[\/img\]/sU"; if ($allowimage != 1) { $replacements[] = '\\3'; $replacements[] = '\\1'; $replacements[] = '\\5'; $replacements[] = '\\3'; } else { $replacements[] = ''; $replacements[] = ''; $replacements[] = '\\5'; $replacements[] = '\\3'; } $patterns[] = "/\[quote]/sU"; $replacements[] = '
    '._QUOTEC.'
    '; $patterns[] = "/\[\/quote]/sU"; $replacements[] = '
    '; // [quote sitecite=] $patterns[] = "/\[quote sitecite=([^\"'<>]*)\]/sU"; $replacements[] = '
    '._QUOTEC.'
    '; $patterns[] = "/javascript:/si"; $replacements[] = "java script:"; $patterns[] = "/about:/si"; $replacements[] = "about :"; $ret = preg_replace($patterns, $replacements, $text); return $ret; } /** * Filters out invalid strings included in URL, if any * * @param array $matches * @return string */ function _filterImgUrl($matches) { if ($this->checkUrlString($matches[2])) { return $matches[0]; } else { return ""; } } /** * Checks if invalid strings are included in URL * * @param string $text * @return bool */ function checkUrlString($text) { // Check control code if (preg_match("/[\\0-\\31]/", $text)) { return false; } // check black pattern(deprecated) return !preg_match("/^(javascript|vbscript|about):/i", $text); } /** * Convert linebreaks to
    tags * * @param string $text * * @return string */ function &nl2Br($text) { $ret = preg_replace("/(\015\012)|(\015)|(\012)/","
    ",$text); return $ret; } /** * Add slashes to the text if magic_quotes_gpc is turned off. * * @param string $text * @return string **/ function &addSlashes($text) { if (!get_magic_quotes_gpc()) { $text = addslashes($text); } return $text; } /* * if magic_quotes_gpc is on, stirip back slashes * * @param string $text * * @return string */ function &stripSlashesGPC($text) { if (get_magic_quotes_gpc()) { $text = stripslashes($text); } return $text; } /* * for displaying data in html textbox forms * * @param string $text * * @return string */ function &htmlSpecialChars($text) { //return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES)); $ret = preg_replace(array("/&/i", "/ /i"), array('&', '&nbsp;'), htmlspecialchars($text, ENT_QUOTES)); return $ret; } /** * Reverses {@link htmlSpecialChars()} * * @param string $text * @return string **/ function &undoHtmlSpecialChars(&$text) { return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i"), array(">", "<", "\"", "'"), $text); } // Original function function renderWiki_getEscTags () { return array('quote', 'color', 'font', 'size', 'b', 'c', 'd', 'i', 'u'); } // Original function function renderWiki_getBypassTags () { return array('siteimg', 'fig', 'img'); } // Original function function &renderWikistyle($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1, $use_cache = 0) { static $pat = array(); static $rep = array(); $className = get_class($this); $br = ($br)? 1 : 0; $use_cache = ($use_cache)? 1 : 0; $smiley = ($smiley)? 1 : 0; $image = ($image)? 1 : 0; // xpWiki if (! class_exists('XpWiki')) { include XOOPS_TRUST_PATH . '/modules/xpwiki/include.php'; } $render = XpWiki::getSingleton(XPWIKI_RENDERER_DIR); // pukiwiki.ini.php setting $render->setIniRoot('line_break', $br); $render->setIniRoot('render_use_cache', $use_cache); $render->setIniRoot('use_extra_facemark', 1); $render->setIniRoot('usefacemark', $smiley); $render->setIniRoot('render_cache_min', 1440); // 1day $render->setIniRoot('link_target', '_blank'); $render->setIniRoot('nowikiname', 1); $render->setIniRoot('show_passage', 0); $render->setIniRoot('no_slashes_commentout', 1); if ($xcode) { if (! isset($pat[$className][$image])) { // BB Code code $pat[$className][$image][] = '/(?:\r\n|\r|\n)?\[code](?:\r\n|\r|\n)?(.*)(?:\r\n|\r|\n)?\[\/code\](?:\r\n|\r|\n)?/sUS'; $rep[$className][$image][] = "\n".'#code(){{{'."\n".'$1'."\n".'}}}'."\n"; // BB Code email $pat[$className][$image][] = '/\[email](.+?)\[\/email]/iS'; $rep[$className][$image][] = '$1'; // BB Code url $pat[$className][$image][] = '/\[url=([\'"]?)((?:ht|f)tp[s]?:\/\/[!~*\'();\/?:\@&=+\$,%#\w.-]+)\\1\](.+)\[\/url\]/esUS'; $rep[$className][$image][] = '\'[[\'.MyTextSanitizer::renderWiki_ret2br(\'$3\').\':$2]]\''; $pat[$className][$image][] = '/\[url=([\'"]?)([!~*\'();\/?:\@&=+\$,%#\w.-]+)\\1\](.+)\[\/url\]/esUS'; $rep[$className][$image][] = '\'[[\'.MyTextSanitizer::renderWiki_ret2br(\'$3\').\':http://$2]]\''; $pat[$className][$image][] = '/\[siteurl=([\'"]?)([!~*\'();\/?:\@&=+\$,%#\w.-]+)\\1\](.+)\[\/siteurl\]/esUS'; $rep[$className][$image][] = '\'[[\'.MyTextSanitizer::renderWiki_ret2br(\'$3\').\':http:///$2]]\''; // BB Code quote $pat[$className][$image][] = '/(\[quote[^\]]*])(?:\r\n|\r|\n)(?![<>*|,#: \t+-])/S'; $rep[$className][$image][] = "\n\n$1"; $pat[$className][$image][] = '/(?:\r\n|\r|\n)*\[\/quote\]/S'; $rep[$className][$image][] = '[/quote]'."\n\n"; if ($image) { // BB Code image with align $pat[$className][$image][] = '/\[img\s+align=([\'"]?)(left|center|right)\\1]([!~*\'();\/?:\@&=+\$,%#\w.-]+)\[\/img\]/US'; $rep[$className][$image][] = '&ref($3,$2);'; // BB Code image normal $pat[$className][$image][] = '/\[img]([!~*\'();\/?:\@&=+\$,%#\w.-]+)\[\/img\]/US'; $rep[$className][$image][] = '&ref($1);'; } // Some BB Code Tags, Contents allows xpWiki rendering. if ($_reg = join('|', $this->renderWiki_getEscTags())) { $pat[$className][$image][] = '/\[\/?(?:' . $_reg . ')(?:(?: |=)[^\]]+)?\]/eS'; $rep[$className][$image][] = '\'[ b 6 4 ]\' . base64_encode(\'$0\') . \'[ / b 6 4 ]\''; } // Other or Unknown BB Code Tags, All part escapes. if ($_reg = join('|', $this->renderWiki_getBypassTags())) { $pat[$className][$image][] = '/\[(' . $_reg . ')(?:\s[^\]]+)?].+\[\/\\1\]/esUS'; $rep[$className][$image][] = '\'[ b 6 4 ]\' . base64_encode(\'$0\') . \'[ / b 6 4 ]\''; } } $text = preg_replace($pat[$className][$image], $rep[$className][$image], $text); } if ($text = $render->transform($text, XPWIKI_RENDERER_DIR)) { if (isset($pat[$className])) { // BB Code decode $text = preg_replace( '/\[ b 6 4 ](.+?)\[ \/ b 6 4 ]/eS', 'MyTextSanitizer::renderWiki_base64decode(\'$1\',\''.$render->root->word_breaker.'\')', $text); } // XOOPS Quote style $text = str_replace( array('
    ','
    '), array('
    '._QUOTEC.'
    ','
    '),$text ); } return $text; } // Original function function renderWiki_ret2br($text) { $text = str_replace('\\"', '"', $text); return str_replace(array("\r\n", "\r", "\n"), '&br;', $text); } // Original function function renderWiki_base64decode($text, $word_breaker) { return str_replace(array('<','>','\\"'),array('<','>','"'),base64_decode(strip_tags(str_replace($word_breaker, '', $text)))); } // Original function function renderWikistyleFinsher($input) { //$input = str_replace(array("\x07", "\x08"), array('
    ', '
    '), $this->renderWikistyleParagraphRegularize($input)); $input = $this->renderWikistyleParagraphRegularize($input); return $input; } // Original function function renderWikistyleParagraphRegularize($input) { // remove

    include block elements. $regex = '#

    ((?:[^<]+|<(?!/?p[^>]*?>)|(?R))+)

    #'; if (is_array($input)) { if (preg_match('/<(?:div|p|pre|code)/i', $input[1])) { $input = $input[1]; } else { return $input[0]; } } return preg_replace_callback($regex, array(& $this, 'renderWikistyleParagraphRegularize'), $input); } /** * Filters textarea data for display * (This method makes overhead but needed for compatibility) * * @param string $text * @param bool $html allow html? * @param bool $smiley allow smileys? * @param bool $xcode allow xoopscode? * @param bool $image allow inline images? * @param bool $br convert linebreaks? * @return string **/ function _ToShowTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1, $use_cache = 0) { if ($html != 1) { $text = $this->renderWikistyle($text, $html, $smiley, $xcode, $image, $br, $use_cache); } else { $text = $this->codePreConv($text, $xcode); $text = $this->makeClickable($text); if ($smiley != 0) $text = $this->smiley($text); } if ($xcode != 0) $text = $this->xoopsCodeDecode($text, $image); if (!$html) { $text = $this->renderWikistyleFinsher($text); } if ($html && $br != 0) $text = $this->nl2Br($text); if ($html) $text = $this->codeConv($text, $xcode, $image); return $text; } /** * Filters textarea form data in DB for display * * @param string $text * @param bool $html allow html? * @param bool $smiley allow smileys? * @param bool $xcode allow xoopscode? * @param bool $image allow inline images? * @param bool $br convert linebreaks? * @return string **/ function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br, 1); return $text; } /** * Filters textarea form data submitted for preview * * @param string $text * @param bool $html allow html? * @param bool $smiley allow smileys? * @param bool $xcode allow xoopscode? * @param bool $image allow inline images? * @param bool $br convert linebreaks? * @return string **/ function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { $text =& $this->stripSlashesGPC($text); $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br, 0); return $text; } /** * Replaces banned words in a string with their replacements * * @param string $text * @return string * * @deprecated **/ function &censorString(&$text) { if (!isset($this->censorConf)) { $config_handler =& xoops_gethandler('config'); $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR); } if ($this->censorConf['censor_enable'] == 1) { $replacement = $this->censorConf['censor_replace']; foreach ($this->censorConf['censor_words'] as $bad) { if ( !empty($bad) ) { $bad = quotemeta($bad); $patterns[] = "/(\s)".$bad."/siU"; $replacements[] = "\\1".$replacement; $patterns[] = "/^".$bad."/siU"; $replacements[] = $replacement; $patterns[] = "/(\n)".$bad."/siU"; $replacements[] = "\\1".$replacement; $patterns[] = "/]".$bad."/siU"; $replacements[] = "]".$replacement; $text = preg_replace($patterns, $replacements, $text); } } } return $text; } /**#@+ * Sanitizing of [code] tag */ function codePreConv($text, $xcode = 1) { if($xcode != 0){ $patterns = "/\[code](.*)\[\/code\]/esU"; $replacements = "'[code]'.base64_encode('$1').'[/code]'"; $text = preg_replace($patterns, $replacements, $text); } return $text; } function codeConv($text, $xcode = 1, $image = 1){ if($xcode != 0){ $patterns = "/\[code](.*)\[\/code\]/esU"; if ($image != 0) { // image allowed $replacements = "'
    '.MyTextSanitizer::codeSanitizer('$1').'
    '"; //$text =& $this->xoopsCodeDecode($text); } else { // image not allowed $replacements = "'
    '.MyTextSanitizer::codeSanitizer('$1', 0).'
    '"; //$text =& $this->xoopsCodeDecode($text, 0); } $text = preg_replace($patterns, $replacements, $text); } return $text; } function codeSanitizer($str, $image = 1){ if($image != 0){ $str = $this->xoopsCodeDecode( $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))) ); }else{ $str = $this->xoopsCodeDecode( $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0 ); } return $str; } /**#@-*/ ##################### Deprecated Methods ###################### /**#@+ * @deprecated */ function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) { $text =& displayTarea($text, $allowhtml, $smiley, $bbcode, 1, 1); return $text; } function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) { $text =& previewTarea($text, $allowhtml, $smiley, $bbcode, 1, 1); return $text; } function makeTboxData4Save($text) { //$text = $this->undoHtmlSpecialChars($text); return $this->addSlashes($text); } function makeTboxData4Show($text, $smiley=0) { $text = $this->htmlSpecialChars($text); return $text; } function makeTboxData4Edit($text) { return $this->htmlSpecialChars($text); } function makeTboxData4Preview($text, $smiley=0) { $text = $this->stripSlashesGPC($text); $text = $this->htmlSpecialChars($text); return $text; } function makeTboxData4PreviewInForm($text) { $text = $this->stripSlashesGPC($text); return $this->htmlSpecialChars($text); } function makeTareaData4Save($text) { return $this->addSlashes($text); } function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1) { $ret = $this->displayTarea($text, $html, $smiley, $xcode); return $ret; } function makeTareaData4Edit($text) { return $this->htmlSpecialChars($text); } function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1) { $ret = $this->previewTarea($text, $html, $smiley, $xcode); return $ret; } function makeTareaData4PreviewInForm($text) { //if magic_quotes_gpc is on, do stipslashes $text = $this->stripSlashesGPC($text); return $this->htmlSpecialChars($text); } function makeTareaData4InsideQuotes($text) { return $this->htmlSpecialChars($text); } function &oopsStripSlashesGPC($text) { $ret = $this->stripSlashesGPC($text); return $ret; } function &oopsStripSlashesRT($text) { if (get_magic_quotes_runtime()) { $text =& stripslashes($text); } return $text; } function &oopsAddSlashes($text) { $ret = $this->addSlashes($text); return $ret; } function &oopsHtmlSpecialChars($text) { $ret = $this->htmlSpecialChars($text); return $ret; } function &oopsNl2Br($text) { $ret = $this->nl2br($text); return $ret; } /**#@-*/ } ?>