/** * Encodes data to the target encoding. * * @param string UTF-8 string to reencode * @return string The reencoded string */ function encode($data) { if ($this->encoding == $this->target_encoding) { return $data; } // Escape HTML if ($this->escape_html) { $data = @htmlspecialchars($data, ENT_COMPAT, $this->encoding); } // NCR encode if ($this->ncr_encode) { $data = ncrencode($data, true); } // Convert to the target charset return to_charset($data, $this->encoding, $this->target_encoding); }
/** * Makes GPC variables safe to use * * @param string Either, g, p, c, r or f (corresponding to get, post, cookie, request and files) * @param array Array of variable names and types we want to extract from the source array * * @return array */ function clean_array_gpc($source, $variables) { $sg =& $GLOBALS[$this->superglobal_lookup["{$source}"]]; foreach ($variables as $varname => $vartype) { // clean a variable only once unless its a different type if (!isset($this->cleaned_vars["{$varname}"]) or $this->cleaned_vars["{$varname}"] != $vartype) { $this->registry->GPC_exists["{$varname}"] = isset($sg["{$varname}"]); $this->registry->GPC["{$varname}"] =& $this->registry->cleaner->clean($sg["{$varname}"], $vartype, isset($sg["{$varname}"])); // All STR type passed from API client should be in UTF-8 encoding and we need to convert it back to vB's current encoding. // We also need to do this this for the ajax requests for the mobile style. // Checking the forcenoajax flag isn't ideal, but it works and limits the scope of the fix (and the risk). if (defined('VB_API') and VB_API === true or !empty($GLOBALS[$this->superglobal_lookup['r']]['forcenoajax'])) { switch ($vartype) { case vB_Cleaner::TYPE_STR: case vB_Cleaner::TYPE_NOTRIM: case vB_Cleaner::TYPE_NOHTML: case vB_Cleaner::TYPE_NOHTMLCOND: if (!($charset = vB_Template_Runtime::fetchStyleVar('charset'))) { $charset = $this->registry->userinfo['lang_charset']; } $lower_charset = strtolower($charset); if ($lower_charset != 'utf-8') { if ($lower_charset == 'iso-8859-1') { $this->registry->GPC["{$varname}"] = to_charset(ncrencode($this->registry->GPC["{$varname}"], true, true), 'utf-8'); } else { $this->registry->GPC["{$varname}"] = to_charset($this->registry->GPC["{$varname}"], 'utf-8'); } } } } $this->cleaned_vars["{$varname}"] = $vartype; } } }
/** * Makes GPC variables safe to use * * @param string Either, g, p, c, r or f (corresponding to get, post, cookie, request and files) * @param array Array of variable names and types we want to extract from the source array * * @return array */ function clean_array_gpc($source, $variables) { $sg =& $GLOBALS[$this->superglobal_lookup["{$source}"]]; foreach ($variables as $varname => $vartype) { // clean a variable only once unless its a different type if (!isset($this->cleaned_vars["{$varname}"]) or $this->cleaned_vars["{$varname}"] != $vartype) { $this->registry->GPC_exists["{$varname}"] = isset($sg["{$varname}"]); $this->registry->GPC["{$varname}"] =& $this->clean($sg["{$varname}"], $vartype, isset($sg["{$varname}"])); if (defined('NEED_DECODE') and NEED_DECODE === true) { switch ($vartype) { case TYPE_STR: case TYPE_NOTRIM: case TYPE_NOHTML: case TYPE_NOHTMLCOND: if (!($charset = vB_Template_Runtime::fetchStyleVar('charset'))) { $charset = $this->registry->userinfo['lang_charset']; } $lower_charset = strtolower($charset); if ($lower_charset != 'utf-8') { if ($lower_charset == 'iso-8859-1') { $this->registry->GPC["{$varname}"] = to_charset(ncrencode($this->registry->GPC["{$varname}"], true, true), 'utf-8'); } else { $this->registry->GPC["{$varname}"] = to_charset($this->registry->GPC["{$varname}"], 'utf-8'); } } if (function_exists('html_entity_decode') and defined('VB_API') and VB_API == true) { // this converts certain { entities to their actual character // note: we don't want to convert >, etc as that undoes the effects of STR_NOHTML $this->registry->GPC["{$varname}"] = preg_replace('#&([a-z]+);#i', '&$1;', $this->registry->GPC["{$varname}"]); if ($lower_charset == 'windows-1251') { // there's a bug in PHP5 html_entity_decode that decodes some entities that // it shouldn't. So double encode them to ensure they don't get decoded. $this->registry->GPC["{$varname}"] = preg_replace('/&#(128|129|1[3-9][0-9]|2[0-4][0-9]|25[0-5]);/', '&#$1;', $this->registry->GPC["{$varname}"]); } $this->registry->GPC["{$varname}"] = @html_entity_decode($this->registry->GPC["{$varname}"], ENT_COMPAT, $lower_charset); } } } $this->cleaned_vars["{$varname}"] = $vartype; } } }
/** * Cleans output to be parsed into the uri. * Setting $canonical is useful for creating redirect url's that cannot be * encoded for redirects. * * @param string $fragment * @param bool $canonical - Whether to encode for output * @return string */ public static function clean_fragment($fragment, $canonical = false) { global $vbulletin; if (class_exists('vBulletinHook', false)) { ($hook = vBulletinHook::fetch_hook('friendlyurl_clean_fragment')) ? eval($hook) : false; } // Convert to UTF-8 if (self::UNI_CONVERT == $vbulletin->options['friendlyurl_unicode']) { // convert to UTF-8 $fragment = to_utf8($fragment, $vbulletin->userinfo['lang_charset']); // convert NCRs $fragment = unhtmlspecialchars($fragment, true); } else { if (self::UNI_STRIP == $vbulletin->options['friendlyurl_unicode']) { // strip NCRs $fragment = stripncrs($fragment); } } // Remove url entities $fragment = self::clean_entities($fragment); // Prepare the URL for output if (!$canonical and self::UNI_CONVERT == $vbulletin->options['friendlyurl_unicode'] and 'UTF-8' != $vbulletin->userinfo['lang_charset']) { if (is_browser('ie')) { if ($vbulletin->options['friendlyurl_ncrencode']) { $fragment = ncrencode($fragment, true); } } else { $fragment = urlencode($fragment); } } else { if ($canonical and self::UNI_IGNORE == $vbulletin->options['friendlyurl_unicode']) { // ensure NCRs are converted $fragment = unhtmlspecialchars($fragment, true); } } return $fragment; }
function clean_array_gpc($source, $variables) { $sg =& $GLOBALS[$this->superglobal_lookup["{$source}"]]; foreach ($variables as $varname => $vartype) { // clean a variable only once unless its a different type if (!isset($this->cleaned_vars["{$varname}"]) or $this->cleaned_vars["{$varname}"] != $vartype) { $this->registry->GPC_exists["{$varname}"] = isset($sg["{$varname}"]); $this->registry->GPC["{$varname}"] =& $this->clean($sg["{$varname}"], $vartype, isset($sg["{$varname}"])); if (defined('NEED_DECODE') and NEED_DECODE === true) { switch ($vartype) { case TYPE_STR: case TYPE_NOTRIM: case TYPE_NOHTML: case TYPE_NOHTMLCOND: if (!($charset = vB_Template_Runtime::fetchStyleVar('charset'))) { $charset = $this->registry->userinfo['lang_charset']; } $lower_charset = strtolower($charset); if ($lower_charset != 'utf-8') { if ($lower_charset == 'iso-8859-1') { $this->registry->GPC["{$varname}"] = to_charset(ncrencode($this->registry->GPC["{$varname}"], true, true), 'utf-8'); } else { $this->registry->GPC["{$varname}"] = to_charset($this->registry->GPC["{$varname}"], 'utf-8'); } } } } $this->cleaned_vars["{$varname}"] = $vartype; } } }
/** * Public * NCR encodes a unicode filename * * @return string */ function ncrencode_filename($filename) { $extension = file_extension($filename); $base = substr($filename, 0, (strpos($filename, $extension) - 1)); $base = ncrencode($base, true); return $base . '.' . $extension; }