function sanitize_string($chaineNonValide) { $chaineNonValide = strip_tags($chaineNonValide); $chaineNonValide = delQuotes($chaineNonValide); $chaineNonValide = utf8_decode($chaineNonValide); $chaineNonValide = strtolower($chaineNonValide); $chaineNonValide = preg_replace('`\\s+`', '-', trim($chaineNonValide)); $a = 'ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõöøùúûýýþÿŔŕ?'; $b = 'aaaaaaaceeeeiiiidnoooooouuuuybsaaaaaaaceeeeiiiidnoooooouuuyybyRr-'; $chaineValide = strtr($chaineNonValide, utf8_decode($a), $b); $c = "&~#{([|`\\^])}{$¤£µ}*ù%§!:/;,?<>.°''\""; $chaineValide = strtr($chaineValide, utf8_decode($c), ""); $chaineValide = strtr($chaineValide, "+", "_"); $chaineValide = preg_replace('/([-])\\1+/', '-', $chaineValide); $chaineValide = preg_replace('/([_])\\1+/', '_', $chaineValide); return utf8_encode($chaineValide); }
public function add($param = "") { if (!is_array($this->items) && $this->tags != true) { return 0; } global $myAdmin; global $formMaj; global $datas_lang; global $smarty; global $thisSite; if ($this->tags == true) { $this->multiLang = false; // multilangue géré par la table des tags } $this->LIST_LANG_EXTENSION_FIELD = $myAdmin->LIST_LANG_EXTENSION_FIELD; parent::add(); $smarty->assign('this', $this); $listDisabled = array(); if (!is_array($this->valuesDisabled)) { $valuesDisabled = explode(",", $this->valuesDisabled); $listDisabled = $valuesDisabled; } else { $listDisabled = $this->valuesDisabled; } foreach ($this->list_lang as $clg => $extlg) { $value = $this->getValue($clg); $values = explode(",", $value); if (!is_array($values)) { $values = array(); } if ($this->tags == true) { if ($listItems == "") { $listItems = array(); $mySelect2 = new mySelect(__FILE__); $mySelect2->tables = $thisSite->PREFIXE_TBL_GEN . "tags"; $mySelect2->fields = "*"; $mySelect2->where = "parent=:parent AND lg=:lg"; $mySelect2->whereValue["parent"] = array($this->field, PDO::PARAM_STR); $mySelect2->whereValue["lg"] = array("fr", PDO::PARAM_STR); $mySelect2->orderby = "titre ASC"; $result2 = $mySelect2->query(); foreach ($result2 as $row2) { $listItems[$row2['id']] = $row2['titre']; } } } else { $listItems = $this->items; } if ($this->iconeLangue() == true || $this->tags == true) { $smarty->assign('marginLeft', 50); } else { $smarty->assign('marginLeft', 0); } $indice = 0; $datasItem = array(); $count_items = count($listItems); $myGroup = ""; foreach ($listItems as $val => $text) { $val = delQuotes($val); $value = delQuotes($value); if (in_array($val, $listDisabled)) { $stateDisabled = "state-disabled"; $disabled = "disabled"; } else { $stateDisabled = ""; $disabled = ""; } if (in_array(htmlspecialchars($val, ENT_QUOTES), $values)) { $selected = "selected"; } else { $selected = ""; } if ($count_items == 1) { $str_indice = ""; } else { $str_indice = "_" . $indice; } $idField = $this->field . $extlg . $str_indice; $datasItem[$indice] = array("val" => $val, "text" => $text, "idField" => $idField, "stateDisabled" => $stateDisabled, "disabled" => $disabled, "selected" => $selected); $myGroup = $idField; $indice++; $marginLeft = 0; } //echoa($datasItem); $datasItemByLg[$clg] = $datasItem; } // lg $smarty->assign('datasItemByLg', $datasItemByLg); $allmyGroup = $smarty->getTemplateVars("myGroup"); $allmyGroup .= $this->field . $extlg . ":\"" . $myGroup . "\",\n"; $smarty->assign("myGroup", $allmyGroup); $data = $smarty->fetch($this->pathTemplate . 'inc/fields/class.selectM.tpl'); addStructure("addJsStructure", DOS_OUTILS_ADMIN . "multiple-select/jquery.multiple.select.js"); $this->smartAssign($this->field, $data); return $data; }
/** * Removes HTML from Messages * * @param $str * @param $strip * @return string */ function check_html($str, $strip = "") { /* The core of this code has been lifted from phpslash */ /* which is licenced under the GPL. */ if ($strip == "nohtml") { $AllowableHTML = array(''); } $str = stripslashes($str); $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>", '<\\1>', $str); // Delete all spaces from html tags . $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>", '<a href="\\1">', $str); // Delete all attribs from Anchor, except an href, double quoted. $str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str); // Delete all img tags $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str); // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com $tmp = ""; while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>", $str, $reg)) { $i = strpos($str, $reg[0]); $l = strlen($reg[0]); $tag = $reg[1][0] == "/" ? strtolower(substr($reg[1], 1)) : strtolower($reg[1]); if ($a = $AllowableHTML[$tag]) { if ($reg[1][0] == "/") { $tag = "</{$tag}>"; } elseif ($a == 1 || $reg[2] == "") { $tag = "<{$tag}>"; } else { # Place here the double quote fix function. $attrb_list = delQuotes($reg[2]); // A VER $attrb_list = ereg_replace("&", "&", $attrb_list); $tag = "<{$tag}" . $attrb_list . ">"; } # Attribs in tag allowed } else { $tag = ""; } $tmp .= substr($str, 0, $i) . $tag; $str = substr($str, $i + $l); } $str = $tmp . $str; // parse for strings starting with http:// and subst em with hyperlinks. if ($strip != "nohtml") { global $cfg; $str = $cfg["enable_dereferrer"] != 0 ? preg_replace('/(http:\\/\\/)(.*)([[:space:]]*)/i', '<a href="index.php?iid=dereferrer&u=${1}${2}" target="_blank">${1}${2}</a>${3}', $str) : preg_replace('/(http:\\/\\/)(.*)([[:space:]]*)/i', '<a href="${1}${2}" target="_blank">${1}${2}</a>${3}', $str); } return $str; }
function check_html($str, $strip = '') { // The core of this code has been lifted from phpslash // which is licenced under the GPL. $AllowableHTML = pnConfigGetVar('AllowableHTML'); if ($strip == "nohtml") { $AllowableHTML = array(''); } $str = stripslashes($str); $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>", '<\\1>', $str); // Delete all spaces from html tags . $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>", '<a href="\\1">', $str); # " // Delete all attribs from Anchor, except an href, double quoted. $tmp = ""; while (ereg("<(/?[[:alpha:]]*)[[:space:]]*([^>]*)>", $str, $reg)) { $i = strpos($str, $reg[0]); $l = strlen($reg[0]); if ($reg[1][0] == "/") { $tag = strtolower(substr($reg[1], 1)); } else { $tag = strtolower($reg[1]); } if (isset($AllowableHTML[$tag])) { if ($a = $AllowableHTML[$tag]) { if ($reg[1][0] == "/") { $tag = "</{$tag}>"; } elseif ($a == 1 || $reg[2] == "") { $tag = "<{$tag}>"; } else { # Place here the double quote fix function. $attrb_list = delQuotes($reg[2]); $tag = "<{$tag}" . $attrb_list . ">"; } } # Attribs in tag allowed } else { $tag = ""; } $tmp .= substr($str, 0, $i) . $tag; $str = substr($str, $i + $l); } $str = $tmp . $str; return $str; exit; // Squash PHP tags unconditionally $str = ereg_replace("<\\?", "", $str); return $str; }
public function add($param = "") { if (!is_array($this->items)) { return 0; } global $formMaj; global $datas_lang; global $smarty; global $thisSite; parent::add(); $smarty->assign('this', $this); $smarty->assign('classPlus', "inline-group"); $listDisabled = array(); if (!is_array($this->valuesDisabled)) { $valuesDisabled = explode(",", $this->valuesDisabled); $listDisabled = $valuesDisabled; } else { $listDisabled = $this->valuesDisabled; } $listItemsByLg = array(); foreach ($this->list_lang as $clg => $extlg) { $value = $this->getValue($clg); $listItems = array(); if (isset($this->noneItem)) { if ($this->noneItem === true) { $listItems["noneItem"] = $datas_lang["noneItem"]; } else { $listItems["noneItem"] = $this->noneItem; } } if (isset($this->allItems)) { if ($this->allItems === true) { $listItems["allItems"] = $datas_lang["allItems"]; } else { $listItems["allItems"] = $this->allItems; } } $listItems += $this->items; if ($this->iconeLangue() == true) { $marginLeft = 50; } else { $marginLeft = 0; } $indice = 0; $datasItem = array(); foreach ($listItems as $val => $text) { $val = delQuotes($val); $value = delQuotes($value); if (in_array($val, $listDisabled)) { $stateDisabled = "state-disabled"; $disabled = "disabled"; } else { $stateDisabled = ""; $disabled = ""; } if (htmlspecialchars($val, ENT_QUOTES) == $value) { $checked = "checked"; } else { $checked = ""; } $idField = $this->field . $extlg . "_" . $indice; $datasItem[$indice] = array("val" => $val, "text" => $text, "idField" => $idField, "stateDisabled" => $stateDisabled, "disabled" => $disabled, "checked" => $checked, "marginLeft" => $marginLeft); $indice++; $marginLeft = 0; } //echoa($datasItem); $datasItemByLg[$clg] = $datasItem; } // lg $smarty->assign('datasItemByLg', $datasItemByLg); $data = $smarty->fetch($this->pathTemplate . 'inc/fields/class.radio.tpl'); $this->smartAssign($this->field, $data); return $data; }
function check_html($str, $strip = "") { /* The core of this code has been lifted from phpslash */ /* which is licenced under the GPL. */ include "config.php"; if ($strip == "nohtml") { $AllowableHTML = array(''); } $str = stripslashes($str); $str = eregi_replace("<[[:space:]]*([^>]*)[[:space:]]*>", '<\\1>', $str); // Delete all spaces from html tags . $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?[[:space:]]*([^\" >]*)[[:space:]]*\"?[^>]*>", '<a href="\\1">', $str); // Delete all attribs from Anchor, except an href, double quoted. $str = eregi_replace("<[[:space:]]* img[[:space:]]*([^>]*)[[:space:]]*>", '', $str); // Delete all img tags $str = eregi_replace("<a[^>]*href[[:space:]]*=[[:space:]]*\"?javascript[[:punct:]]*\"?[^>]*>", '', $str); // Delete javascript code from a href tags -- Zhen-Xjell @ http://nukecops.com $tmp = ""; while (ereg("<(\\?[[:alpha:]]*)[[:space:]]*([^>]*)>", $str, $reg)) { $i = strpos($str, $reg[0]); $l = strlen($reg[0]); if ($reg[1][0] == "/") { $tag = strtolower(substr($reg[1], 1)); } else { $tag = strtolower($reg[1]); } if ($a = $AllowableHTML[$tag]) { if ($reg[1][0] == "/") { $tag = "</{$tag}>"; } elseif ($a == 1 || $reg[2] == "") { $tag = "<{$tag}>"; } else { # Place here the double quote fix function. $attrb_list = delQuotes($reg[2]); // A VER //$attrb_list = ereg_replace("&","&",$attrb_list); $tag = "<{$tag}" . $attrb_list . ">"; } } else { $tag = ""; } $tmp .= substr($str, 0, $i) . $tag; $str = substr($str, $i + $l); } $str = $tmp . $str; return $str; exit; /* Squash PHP tags unconditionally */ $str = ereg_replace("<\\?", "", $str); return $str; }