'; $patterns[] = "/\[\/quote]/sU"; $replacements[] = '
'; $patterns[] = "/javascript:/si"; $replacements[] = "java script:"; $patterns[] = "/about:/si"; $replacements[] = "about :"; $ret = preg_replace($patterns, $replacements, $text); return $ret; } /** * Filters out invalid strings included in URL, if any * * @param array $matches * @return string */ function _filterImgUrl($matches) { if ($this->checkUrlString($matches[2])) { return $matches[0]; } else { return ""; } } /** * Checks if invalid strings are included in URL * * @param string $text * @return bool */ function checkUrlString($text) { // Check control code if (preg_match("/[\\0-\\31]/", $text)) { return false; } // check black pattern(deprecated) return !preg_match("/^(javascript|vbscript|about):/i", $text); } /** * Convert linebreaks to
tags * * @param string $text * * @return string */ function &nl2Br($text) { $ret = preg_replace("/(\015\012)|(\015)|(\012)/","
",$text); return $ret; } /** * Add slashes to the text if magic_quotes_gpc is turned off. * * @param string $text * @return string **/ function &addSlashes($text) { if (!get_magic_quotes_gpc()) { $text = addslashes($text); } return $text; } /* * if magic_quotes_gpc is on, stirip back slashes * * @param string $text * * @return string */ function &stripSlashesGPC($text) { if (get_magic_quotes_gpc()) { $text = stripslashes($text); } return $text; } /* * for displaying data in html textbox forms * * @param string $text * * @return string */ function &htmlSpecialChars($text) { //return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES)); $ret = preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($text, ENT_QUOTES)); return $ret; } /** * Reverses {@link htmlSpecialChars()} * * @param string $text * @return string **/ function &undoHtmlSpecialChars(&$text) { return preg_replace(array("/>/i", "/</i", "/"/i", "/'/i"), array(">", "<", "\"", "'"), $text); } // Original function function renderWiki_getEscTags () { return array('quote', 'color', 'font', 'size', 'b', 'c', 'd', 'i', 'u'); } // Original function function renderWiki_getBypassTags () { return array('siteimg', 'fig', 'img'); } // Original function function &renderWikistyle($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1, $use_cache = 0) { static $pat = array(); static $rep = array(); $className = get_class($this); $br = ($br)? 1 : 0; $use_cache = ($use_cache)? 1 : 0; $smiley = ($smiley)? 1 : 0; $image = ($image)? 1 : 0; // xpWiki if (! class_exists('XpWiki')) { include XOOPS_TRUST_PATH . '/modules/xpwiki/include.php'; } $render = XpWiki::getSingleton(XPWIKI_RENDERER_DIR); // pukiwiki.ini.php setting $render->setIniRoot('line_break', $br); $render->setIniRoot('render_use_cache', $use_cache); $render->setIniRoot('use_extra_facemark', 1); $render->setIniRoot('usefacemark', $smiley); $render->setIniRoot('render_cache_min', 1440); // 1day $render->setIniRoot('link_target', '_blank'); $render->setIniRoot('nowikiname', 1); $render->setIniRoot('show_passage', 0); $render->setIniRoot('no_slashes_commentout', 1); if ($xcode) { if (! isset($pat[$className][$image])) { // BB Code code $pat[$className][$image][] = '/(?:\r\n|\r|\n)?\[code](?:\r\n|\r|\n)?(.*)(?:\r\n|\r|\n)?\[\/code\](?:\r\n|\r|\n)?/sUS'; $rep[$className][$image][] = "\n".'#code(){{{'."\n".'$1'."\n".'}}}'."\n"; // BB Code email $pat[$className][$image][] = '/\[email](.+?)\[\/email]/iS'; $rep[$className][$image][] = '$1'; // BB Code url $pat[$className][$image][] = '/\[url=([\'"]?)((?:ht|f)tp[s]?:\/\/[!~*\'();\/?:\@&=+\$,%#\w.-]+)\\1\](.+)\[\/url\]/esUS'; $rep[$className][$image][] = '\'[[\'.MyTextSanitizer::renderWiki_ret2br(\'$3\').\':$2]]\''; $pat[$className][$image][] = '/\[url=([\'"]?)([!~*\'();\/?:\@&=+\$,%#\w.-]+)\\1\](.+)\[\/url\]/esUS'; $rep[$className][$image][] = '\'[[\'.MyTextSanitizer::renderWiki_ret2br(\'$3\').\':http://$2]]\''; $pat[$className][$image][] = '/\[siteurl=([\'"]?)([!~*\'();\/?:\@&=+\$,%#\w.-]+)\\1\](.+)\[\/siteurl\]/esUS'; $rep[$className][$image][] = '\'[[\'.MyTextSanitizer::renderWiki_ret2br(\'$3\').\':http:///$2]]\''; // BB Code quote $pat[$className][$image][] = '/(\[quote[^\]]*])(?:\r\n|\r|\n)(?![<>*|,#: \t+-])/S'; $rep[$className][$image][] = "\n\n$1"; $pat[$className][$image][] = '/(?:\r\n|\r|\n)*\[\/quote\]/S'; $rep[$className][$image][] = '[/quote]'."\n\n"; if ($image) { // BB Code image with align $pat[$className][$image][] = '/\[img\s+align=([\'"]?)(left|center|right)\\1]([!~*\'();\/?:\@&=+\$,%#\w.-]+)\[\/img\]/US'; $rep[$className][$image][] = '&ref($3,$2);'; // BB Code image normal $pat[$className][$image][] = '/\[img]([!~*\'();\/?:\@&=+\$,%#\w.-]+)\[\/img\]/US'; $rep[$className][$image][] = '&ref($1);'; } // Some BB Code Tags, Contents allows xpWiki rendering. if ($_reg = join('|', $this->renderWiki_getEscTags())) { $pat[$className][$image][] = '/\[\/?(?:' . $_reg . ')(?:(?: |=)[^\]]+)?\]/eS'; $rep[$className][$image][] = '\'[ b 6 4 ]\' . base64_encode(\'$0\') . \'[ / b 6 4 ]\''; } // Other or Unknown BB Code Tags, All part escapes. if ($_reg = join('|', $this->renderWiki_getBypassTags())) { $pat[$className][$image][] = '/\[(' . $_reg . ')(?:\s[^\]]+)?].+\[\/\\1\]/esUS'; $rep[$className][$image][] = '\'[ b 6 4 ]\' . base64_encode(\'$0\') . \'[ / b 6 4 ]\''; } } $text = preg_replace($pat[$className][$image], $rep[$className][$image], $text); } if ($text = $render->transform($text, XPWIKI_RENDERER_DIR)) { if (isset($pat[$className])) { // BB Code decode $text = preg_replace( '/\[ b 6 4 ](.+?)\[ \/ b 6 4 ]/eS', 'MyTextSanitizer::renderWiki_base64decode(\'$1\',\''.$render->root->word_breaker.'\')', $text); } // XOOPS Quote style $text = str_replace( array('',''), array(''._QUOTEC.''),$text ); } return $text; } // Original function function renderWiki_ret2br($text) { $text = str_replace('\\"', '"', $text); return str_replace(array("\r\n", "\r", "\n"), '&br;', $text); } // Original function function renderWiki_base64decode($text, $word_breaker) { return str_replace(array('<','>','\\"'),array('<','>','"'),base64_decode(strip_tags(str_replace($word_breaker, '', $text)))); } // Original function function renderWikistyleFinsher($input) { //$input = str_replace(array("\x07", "\x08"), array('','', ''), $this->renderWikistyleParagraphRegularize($input)); $input = $this->renderWikistyleParagraphRegularize($input); return $input; } // Original function function renderWikistyleParagraphRegularize($input) { // removeinclude block elements. $regex = '#
((?:[^<]+|<(?!/?p[^>]*?>)|(?R))+)
#'; if (is_array($input)) { if (preg_match('/<(?:div|p|pre|code)/i', $input[1])) { $input = $input[1]; } else { return $input[0]; } } return preg_replace_callback($regex, array(& $this, 'renderWikistyleParagraphRegularize'), $input); } /** * Filters textarea data for display * (This method makes overhead but needed for compatibility) * * @param string $text * @param bool $html allow html? * @param bool $smiley allow smileys? * @param bool $xcode allow xoopscode? * @param bool $image allow inline images? * @param bool $br convert linebreaks? * @return string **/ function _ToShowTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1, $use_cache = 0) { if ($html != 1) { $text = $this->renderWikistyle($text, $html, $smiley, $xcode, $image, $br, $use_cache); } else { $text = $this->codePreConv($text, $xcode); $text = $this->makeClickable($text); if ($smiley != 0) $text = $this->smiley($text); } if ($xcode != 0) $text = $this->xoopsCodeDecode($text, $image); if (!$html) { $text = $this->renderWikistyleFinsher($text); } if ($html && $br != 0) $text = $this->nl2Br($text); if ($html) $text = $this->codeConv($text, $xcode, $image); return $text; } /** * Filters textarea form data in DB for display * * @param string $text * @param bool $html allow html? * @param bool $smiley allow smileys? * @param bool $xcode allow xoopscode? * @param bool $image allow inline images? * @param bool $br convert linebreaks? * @return string **/ function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br, 1); return $text; } /** * Filters textarea form data submitted for preview * * @param string $text * @param bool $html allow html? * @param bool $smiley allow smileys? * @param bool $xcode allow xoopscode? * @param bool $image allow inline images? * @param bool $br convert linebreaks? * @return string **/ function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { $text =& $this->stripSlashesGPC($text); $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br, 0); return $text; } /** * Replaces banned words in a string with their replacements * * @param string $text * @return string * * @deprecated **/ function &censorString(&$text) { if (!isset($this->censorConf)) { $config_handler =& xoops_gethandler('config'); $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR); } if ($this->censorConf['censor_enable'] == 1) { $replacement = $this->censorConf['censor_replace']; foreach ($this->censorConf['censor_words'] as $bad) { if ( !empty($bad) ) { $bad = quotemeta($bad); $patterns[] = "/(\s)".$bad."/siU"; $replacements[] = "\\1".$replacement; $patterns[] = "/^".$bad."/siU"; $replacements[] = $replacement; $patterns[] = "/(\n)".$bad."/siU"; $replacements[] = "\\1".$replacement; $patterns[] = "/]".$bad."/siU"; $replacements[] = "]".$replacement; $text = preg_replace($patterns, $replacements, $text); } } } return $text; } /**#@+ * Sanitizing of [code] tag */ function codePreConv($text, $xcode = 1) { if($xcode != 0){ $patterns = "/\[code](.*)\[\/code\]/esU"; $replacements = "'[code]'.base64_encode('$1').'[/code]'"; $text = preg_replace($patterns, $replacements, $text); } return $text; } function codeConv($text, $xcode = 1, $image = 1){ if($xcode != 0){ $patterns = "/\[code](.*)\[\/code\]/esU"; if ($image != 0) { // image allowed $replacements = "''"; //$text =& $this->xoopsCodeDecode($text); } else { // image not allowed $replacements = "''.MyTextSanitizer::codeSanitizer('$1').'
'"; //$text =& $this->xoopsCodeDecode($text, 0); } $text = preg_replace($patterns, $replacements, $text); } return $text; } function codeSanitizer($str, $image = 1){ if($image != 0){ $str = $this->xoopsCodeDecode( $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))) ); }else{ $str = $this->xoopsCodeDecode( $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0 ); } return $str; } /**#@-*/ ##################### Deprecated Methods ###################### /**#@+ * @deprecated */ function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) { $text =& displayTarea($text, $allowhtml, $smiley, $bbcode, 1, 1); return $text; } function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) { $text =& previewTarea($text, $allowhtml, $smiley, $bbcode, 1, 1); return $text; } function makeTboxData4Save($text) { //$text = $this->undoHtmlSpecialChars($text); return $this->addSlashes($text); } function makeTboxData4Show($text, $smiley=0) { $text = $this->htmlSpecialChars($text); return $text; } function makeTboxData4Edit($text) { return $this->htmlSpecialChars($text); } function makeTboxData4Preview($text, $smiley=0) { $text = $this->stripSlashesGPC($text); $text = $this->htmlSpecialChars($text); return $text; } function makeTboxData4PreviewInForm($text) { $text = $this->stripSlashesGPC($text); return $this->htmlSpecialChars($text); } function makeTareaData4Save($text) { return $this->addSlashes($text); } function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1) { $ret = $this->displayTarea($text, $html, $smiley, $xcode); return $ret; } function makeTareaData4Edit($text) { return $this->htmlSpecialChars($text); } function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1) { $ret = $this->previewTarea($text, $html, $smiley, $xcode); return $ret; } function makeTareaData4PreviewInForm($text) { //if magic_quotes_gpc is on, do stipslashes $text = $this->stripSlashesGPC($text); return $this->htmlSpecialChars($text); } function makeTareaData4InsideQuotes($text) { return $this->htmlSpecialChars($text); } function &oopsStripSlashesGPC($text) { $ret = $this->stripSlashesGPC($text); return $ret; } function &oopsStripSlashesRT($text) { if (get_magic_quotes_runtime()) { $text =& stripslashes($text); } return $text; } function &oopsAddSlashes($text) { $ret = $this->addSlashes($text); return $ret; } function &oopsHtmlSpecialChars($text) { $ret = $this->htmlSpecialChars($text); return $ret; } function &oopsNl2Br($text) { $ret = $this->nl2br($text); return $ret; } /**#@-*/ } ?>'.MyTextSanitizer::codeSanitizer('$1', 0).'