/**
* @param MyTextSanitizer $ts
* @param string $text
* @param bool $force
* @return mixed
*/
public function load(MyTextSanitizer &$ts, $text, $force = false)
{
$xoops = Xoops::getInstance();
if (empty($force) && $xoops->userIsAdmin) {
return $text;
}
// Built-in fitlers for XSS scripts
// To be improved
$text = $ts->filterXss($text);
if (XoopsLoad::load("purifier", "framework")) {
$text = XoopsPurifier::purify($text);
return $text;
}
$tags = array();
$search = array();
$replace = array();
$config = parent::loadConfig(__DIR__);
if (!empty($config["patterns"])) {
foreach ($config["patterns"] as $pattern) {
if (empty($pattern['search'])) {
continue;
}
$search[] = $pattern['search'];
$replace[] = $pattern['replace'];
}
}
if (!empty($config["tags"])) {
$tags = array_map("trim", $config["tags"]);
}
// Set embedded tags
$tags[] = "SCRIPT";
$tags[] = "VBSCRIPT";
$tags[] = "JAVASCRIPT";
foreach ($tags as $tag) {
$search[] = "/<" . $tag . "[^>]*?>.*?<\\/" . $tag . ">/si";
$replace[] = " [!" . strtoupper($tag) . " FILTERED!] ";
}
// Set meta refresh tag
$search[] = "/<META[^>\\/]*HTTP-EQUIV=(['\"])?REFRESH(\\1)[^>\\/]*?\\/>/si";
$replace[] = "";
// Sanitizing scripts in IMG tag
//$search[]= "/(<IMG[\s]+[^>\/]*SOURCE=)(['\"])?(.*)(\\2)([^>\/]*?\/>)/si";
//$replace[]="";
// Set iframe tag
$search[] = "/<IFRAME[^>\\/]*SRC=(['\"])?([^>\\/]*)(\\1)[^>\\/]*?\\/>/si";
$replace[] = " [!IFRAME FILTERED! \\2] ";
$search[] = "/<IFRAME[^>]*?>([^<]*)<\\/IFRAME>/si";
$replace[] = " [!IFRAME FILTERED! \\1] ";
// action
$text = preg_replace($search, $replace, $text);
return $text;
}