+++ /dev/null
-<?php
-// $Id: module.textsanitizer.php,v 1.1 2007/05/15 02:34:21 minahito Exp $
-// ------------------------------------------------------------------------ //
-// XOOPS - PHP Content Management System //
-// Copyright (c) 2000 XOOPS.org //
-// <http://www.xoops.org/> //
-// ------------------------------------------------------------------------ //
-// This program is free software; you can redistribute it and/or modify //
-// it under the terms of the GNU General Public License as published by //
-// the Free Software Foundation; either version 2 of the License, or //
-// (at your option) any later version. //
-// //
-// You may not change or alter any portion of this comment or credits //
-// of supporting developers from this source code or any supporting //
-// source code which is considered copyrighted (c) material of the //
-// original comment or credit authors. //
-// //
-// This program is distributed in the hope that it will be useful, //
-// but WITHOUT ANY WARRANTY; without even the implied warranty of //
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
-// GNU General Public License for more details. //
-// //
-// You should have received a copy of the GNU General Public License //
-// along with this program; if not, write to the Free Software //
-// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
-// ------------------------------------------------------------------------ //
-// Author: Kazumi Ono (http://www.myweb.ne.jp/, http://jp.xoops.org/) //
-// Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/) //
-// Project: The XOOPS Project (http://www.xoops.org/) //
-// ------------------------------------------------------------------------- //
-
-/**
- * Class to "clean up" text for various uses
- *
- * <b>Singleton</b>
- *
- * @package kernel
- * @subpackage core
- *
- * @author Kazumi Ono <onokazu@xoops.org>
- * @author Goghs Cheng
- * @copyright (c) 2000-2003 The Xoops Project - www.xoops.org
- */
-class MyTextSanitizer
-{
- /**
- *
- */
- var $censorConf;
-
- /**
- * @var XCube_TextFilter
- */
- var $mTextFilter = null;
-
- /**
- * @var XCube_Delegate
- * @deprecated
- */
- var $mMakeClickablePostFilter = null;
-
- /**
- * @var XCube_Delegate
- * @deprecated
- */
- var $mXoopsCodePostFilter = null;
-
- /*
- * Constructor of this class
- *
- * Gets allowed html tags from admin config settings
- * <br> should not be allowed since nl2br will be used
- * when storing data.
- *
- * @access private
- *
- * @todo Sofar, this does nuttin' ;-)
- */
- function MyTextSanitizer()
- {
-
- $this->mMakeClickablePostFilter =& new XCube_Delegate();
- $this->mMakeClickablePostFilter->register('MyTextSanitizer.MakeClickablePostFilter');
-
- $this->mXoopsCodePostFilter =& new XCube_Delegate();
- $this->mXoopsCodePostFilter->register('MyTextSanitizer.XoopsCodePostFilter');
-
- $root =& XCube_Root::getSingleton();
- $this->mTextFilter =& $root->getTextFilter();
-
- }
-
- /**
- * Access the only instance of this class
- *
- * @return object
- *
- * @static
- * @staticvar object
- */
- function &getInstance()
- {
- static $instance;
- if (!isset($instance)) {
- $instance = new MyTextSanitizer();
- }
- return $instance;
- }
-
- /**
- * Make links in the text clickable
- *
- * @param string $text
- * @return string
- **/
- function &makeClickable($text)
- {
- $text = $this->mTextFilter->makeClickable($text);
-
- // RaiseEvent : 'MyTextSanitizer.MakeClickablePostFilter'
- // Delegate may convert output text with quickApplyFilter rule
- // Args :
- // 'string' [I/O] : Text to convert;
- //
- $this->mMakeClickablePostFilter->call(new XCube_Ref($text));
- return $text;
- }
-
- /**
- * Replace XoopsCodes with their equivalent HTML formatting
- *
- * @param string $text
- * @param bool $allowimage Allow images in the text?
- * On FALSE, uses links to images.
- * @return string
- **/
- function &xoopsCodeDecode($text, $allowimage = 1)
- {
- $text = $this->mTextFilter->convertXCode($text, $allowimage);
-
- // RaiseEvent : 'MyTextSanitizer.XoopsCodePostFilter'
- // Delegate may convert output text with quickApplyFilter rule
- // Args :
- // 'string' [I/O] : Text to convert;
- // 'allowimage' [I] : xoopsCodeDecode $allowimage parameter
- //
- $this->mXoopsCodePostFilter->call(new XCube_Ref($text), $allowimage);
- return $text;
- }
-
- /**
- * Filters out invalid strings included in URL, if any
- *
- * @param array $matches
- * @return string
- */
- function _filterImgUrl($matches)
- {
- if ($this->checkUrlString($matches[2])) {
- return $matches[0];
- } else {
- return "";
- }
- }
-
- /**
- * Checks if invalid strings are included in URL
- *
- * @param string $text
- * @return bool
- */
- function checkUrlString($text)
- {
- // Check control code
- if (preg_match("/[\\0-\\31]/", $text)) {
- return false;
- }
- // check black pattern(deprecated)
- return !preg_match("/^(javascript|vbscript|about):/i", $text);
- }
-
- /**
- * Convert linebreaks to <br /> tags
- *
- * @param string $text
- *
- * @return string
- */
- function &nl2Br($text)
- {
- $ret = $this->mTextFilter->nl2Br($text);
- return $ret;
- }
-
- /**
- * Add slashes to the text if magic_quotes_gpc is turned off.
- *
- * @param string $text
- * @return string
- **/
- function &addSlashes($text)
- {
- if (!get_magic_quotes_gpc()) {
- $text = addslashes($text);
- }
- return $text;
- }
- /*
- * if magic_quotes_gpc is on, stirip back slashes
- *
- * @param string $text
- *
- * @return string
- */
- function &stripSlashesGPC($text)
- {
- if (get_magic_quotes_gpc()) {
- $text = stripslashes($text);
- }
- return $text;
- }
-
- /*
- * for displaying data in html textbox forms
- *
- * @param string $text
- * @param bool $forEdit (experimental)
- *
- * @return string
- */
- function &htmlSpecialChars($text, $forEdit=false)
- {
- if (!$forEdit) {
- $ret = $this->mTextFilter->toShow($text, true);
- } else {
- $ret = $this->mTextFilter->toEdit($text);
- }
- return $ret;
- }
-
- /**
- * Reverses {@link htmlSpecialChars()}
- *
- * @param string $text
- * @return string
- * @deprecated
- **/
- function &undoHtmlSpecialChars($text)
- {
- $ret = preg_replace(array("/>/i", "/</i", "/"/i", "/'/i"), array(">", "<", "\"", "'"), $text);
- return $ret;
- }
-
- /**
- * Filters textarea data for display
- * (This method makes overhead but needed for compatibility)
- *
- * @param string $text
- * @param bool $html allow html?
- * @param bool $smiley allow smileys?
- * @param bool $xcode allow xoopscode?
- * @param bool $image allow inline images?
- * @param bool $br convert linebreaks?
- * @return string
- **/
-
- function _ToShowTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) {
- $text = $this->codePreConv($text, $xcode);
- if ($html != 1) $text = $this->htmlSpecialChars($text);
- $text = $this->makeClickable($text);
- if ($xcode != 0) $text = $this->xoopsCodeDecode($text, $image);
- if ($br != 0) $text = $this->nl2Br($text);
- $text = $this->codeConv($text, $xcode, $image);
- return $text;
- }
-
- /**
- * Filters textarea form data in DB for display
- *
- * @param string $text
- * @param bool $html allow html?
- * @param bool $smiley allow smileys?
- * @param bool $xcode allow xoopscode?
- * @param bool $image allow inline images?
- * @param bool $br convert linebreaks?
- * @return string
- **/
- function &displayTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
- {
- $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br);
- return $text;
- }
-
- /**
- * Filters textarea form data submitted for preview
- *
- * @param string $text
- * @param bool $html allow html?
- * @param bool $smiley allow smileys?
- * @param bool $xcode allow xoopscode?
- * @param bool $image allow inline images?
- * @param bool $br convert linebreaks?
- * @return string
- **/
- function &previewTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
- {
- $text =& $this->stripSlashesGPC($text);
- $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br);
- return $text;
- }
-
- /**
- * Replaces banned words in a string with their replacements
- *
- * @param string $text
- * @return string
- *
- * @deprecated
- **/
- function &censorString($text)
- {
- if (!isset($this->censorConf)) {
- $config_handler =& xoops_gethandler('config');
- $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR);
- }
- if ($this->censorConf['censor_enable'] == 1) {
- $replacement = $this->censorConf['censor_replace'];
- foreach ($this->censorConf['censor_words'] as $bad) {
- if ( !empty($bad) ) {
- $bad = quotemeta($bad);
- $patterns[] = "/(\s)".$bad."/siU";
- $replacements[] = "\\1".$replacement;
- $patterns[] = "/^".$bad."/siU";
- $replacements[] = $replacement;
- $patterns[] = "/(\n)".$bad."/siU";
- $replacements[] = "\\1".$replacement;
- $patterns[] = "/]".$bad."/siU";
- $replacements[] = "]".$replacement;
- $text = preg_replace($patterns, $replacements, $text);
- }
- }
- }
- return $text;
- }
-
-
- /**#@+
- * Sanitizing of [code] tag
- */
- function codePreConv($text, $xcode = 1) {
- if($xcode != 0){
- $text = $this->mTextFilter->preConvertXCode($text, $xcode);
- }
- return $text;
- }
-
- function codeConv($text, $xcode = 1, $image = 1){
- if($xcode != 0){
- $text = $this->mTextFilter->postConvertXCode($text, $xcode);
- }
- return $text;
- }
-
-##################### Deprecated Methods ######################
-
- /**#@+
- * @deprecated
- */
- function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
- {
- $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
- return $text;
- }
-
- function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
- {
- $text = $this->oopsStripSlashesGPC($text);
- $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
- return $text;
- }
-
- function makeTboxData4Save($text)
- {
- return $this->addSlashes($text);
- }
-
- function makeTboxData4Show($text, $smiley=0)
- {
- $text = $this->mTextFilter->toShow($text, true);
- return $text;
- }
-
- function makeTboxData4Edit($text)
- {
- return $this->mTextFilter->toEdit($text);
- }
-
- function makeTboxData4Preview($text, $smiley=0)
- {
- $text = $this->stripSlashesGPC($text);
- $text = $this->mTextFilter->toShow($text, true);
- return $text;
- }
-
- function makeTboxData4PreviewInForm($text)
- {
- $text = $this->stripSlashesGPC($text);
- return $this->mTextFilter->toEdit($text);
- }
-
- function makeTareaData4Save($text)
- {
- return $this->addSlashes($text);
- }
-
- function &makeTareaData4Show($text, $html=1, $smiley=1, $xcode=1)
- {
- $ret = $this->displayTarea($text, $html, $smiley, $xcode);
- return $ret;
- }
-
- function makeTareaData4Edit($text)
- {
- return $this->mTextFilter->toEdit($text);
- }
-
- function &makeTareaData4Preview($text, $html=1, $smiley=1, $xcode=1)
- {
- $ret = $this->previewTarea($text, $html, $smiley, $xcode);
- return $ret;
- }
-
- function makeTareaData4PreviewInForm($text)
- {
- //if magic_quotes_gpc is on, do stipslashes
- $text = $this->stripSlashesGPC($text);
- return $this->mTextFilter->toEdit($text);
- }
-
- function makeTareaData4InsideQuotes($text)
- {
- return $this->mTextFilter->toShow($text, true);
- }
-
- function &oopsStripSlashesGPC($text)
- {
- $ret = $this->stripSlashesGPC($text);
- return $ret;
- }
-
- function &oopsStripSlashesRT($text)
- {
- if (get_magic_quotes_runtime()) {
- $text =& stripslashes($text);
- }
- return $text;
- }
-
- function &oopsAddSlashes($text)
- {
- $ret = $this->addSlashes($text);
- return $ret;
- }
-
- function &oopsHtmlSpecialChars($text)
- {
- $ret = $this->mTextFilter->toShow($text, true);
- return $ret;
- }
-
- function &oopsNl2Br($text)
- {
- $ret = $this->nl2br($text);
- return $ret;
- }
- /**#@-*/
-}
-?>
\ No newline at end of file
*/
function &getVar($key, $format = 's')
{
+ static $filter = null;
+ static $stripSlashesGPC = null;
+ if($filter == null)
+ {
+ $root =& XCube_Root::getSingleton();
+ $filter =& $root->getTextFilter();
+ $stripSlashesGPC = create_function('$v',sprintf('return %s;',get_magic_quotes_gpc() ? 'stripslashes($v)' : '$v');
+ }
$ret = $this->vars[$key]['value'];
switch ($this->vars[$key]['data_type']) {
case 'show':
case 'e':
case 'edit':
- $ts =& MyTextSanitizer::getInstance();
- $ret = $ts->htmlSpecialChars($ret);
+ $ret = $filter->toShow($ret);
break 1;
case 'p':
case 'preview':
case 'f':
case 'formpreview':
- $ts =& MyTextSanitizer::getInstance();
- $ret = $ts->htmlSpecialChars($ts->stripSlashesGPC($ret));
+ $ret = $filter->toShow($stripSlashesGPC($ret));
break 1;
case 'n':
case 'none':
switch (strtolower($format)) {
case 's':
case 'show':
- $ts =& MyTextSanitizer::getInstance();
$html = !empty($this->vars['dohtml']['value']) ? 1 : 0;
$xcode = (!isset($this->vars['doxcode']['value']) || $this->vars['doxcode']['value'] == 1) ? 1 : 0;
$image = (!isset($this->vars['doimage']['value']) || $this->vars['doimage']['value'] == 1) ? 1 : 0;
$br = (!isset($this->vars['dobr']['value']) || $this->vars['dobr']['value'] == 1) ? 1 : 0;
- $ret = $ts->displayTarea($ret, $html, false, $xcode, $image, $br);
+ $ret = $filter->toShowTarea($ret, $html, false, $xcode, $image, $br);
break 1;
case 'e':
case 'edit':
- $ret = htmlspecialchars($ret, ENT_QUOTES);
+ $ret = $filter->toShow($ret);
break 1;
case 'p':
case 'preview':
- $ts =& MyTextSanitizer::getInstance();
$html = !empty($this->vars['dohtml']['value']) ? 1 : 0;
$xcode = (!isset($this->vars['doxcode']['value']) || $this->vars['doxcode']['value'] == 1) ? 1 : 0;
$image = (!isset($this->vars['doimage']['value']) || $this->vars['doimage']['value'] == 1) ? 1 : 0;
$br = (!isset($this->vars['dobr']['value']) || $this->vars['dobr']['value'] == 1) ? 1 : 0;
- $ret = $ts->previewTarea($ret, $html, false, $xcode, $image, $br);
+ $ret = $filter->toShowTarea($ret, $html, false, $xcode, $image, $br);
break 1;
case 'f':
case 'formpreview':
- $ts =& MyTextSanitizer::getInstance();
- $ret = htmlspecialchars($ts->stripSlashesGPC($ret), ENT_QUOTES);
+ $ret = $filter->toShow($stripSlashesGPC($ret));
break 1;
case 'n':
case 'none':
break 1;
case 'e':
case 'edit':
- $ret = htmlspecialchars($ret, ENT_QUOTES);
+ $ret = $filter->toShow($ret);
break 1;
case 'p':
case 'preview':
- $ts =& MyTextSanitizer::getInstance();
- $ret = $ts->stripSlashesGPC($ret);
+ $ret = $stripSlashesGPC($ret);
break 1;
case 'f':
case 'formpreview':
- $ts =& MyTextSanitizer::getInstance();
- $ret = htmlspecialchars($ts->stripSlashesGPC($ret), ENT_QUOTES);
+ $ret = $filter->toShow($stripSlashesGPC($ret));
break 1;
case 'n':
case 'none':
*/
function cleanVars()
{
- $ts =& MyTextSanitizer::getInstance();
+ $stripSlashesGPC = create_function('$v',sprintf('return %s;',get_magic_quotes_gpc() ? 'stripslashes($v)' : '$v');
foreach ($this->vars as $k => $v) {
$cleanv = $v['value'];
if (!$v['changed']) {
continue;
}
if (!$v['not_gpc']) {
- $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
- } else {
- $cleanv = $ts->censorString($cleanv);
+ $cleanv = $stripSlashesGPC($cleanv);
}
break;
case XOBJ_DTYPE_TXTAREA:
continue;
}
if (!$v['not_gpc']) {
- $cleanv = $ts->stripSlashesGPC($ts->censorString($cleanv));
- } else {
- $cleanv = $ts->censorString($cleanv);
+ $cleanv = $stripSlashesGPC($cleanv);
}
break;
case XOBJ_DTYPE_SOURCE:
if (!$v['not_gpc']) {
- $cleanv = $ts->stripSlashesGPC($cleanv);
- } else {
- $cleanv = $cleanv;
+ $cleanv = $stripSlashesGPC($cleanv);
}
break;
continue;
}
if (!$v['not_gpc']) {
- $cleanv = $ts->stripSlashesGPC($cleanv);
+ $cleanv = $stripSlashesGPC($cleanv);
}
break;
case XOBJ_DTYPE_URL:
$cleanv = 'http://' . $cleanv;
}
if (!$v['not_gpc']) {
- $cleanv =& $ts->stripSlashesGPC($cleanv);
+ $cleanv =& $stripSlashesGPC($cleanv);
}
break;
case XOBJ_DTYPE_ARRAY: