function get_attribute($tag, $attribute)
{
    # Use Tidy library to 'clean' input
    $cleaned_html = tidy_html($tag);
    # Remove all line feeds from the string
    $cleaned_html = str_replace("\r", "", $cleaned_html);
    $cleaned_html = str_replace("\n", "", $cleaned_html);
    # Use return_between() to find the properly quoted value for the attribute
    return return_between($cleaned_html, strtoupper($attribute) . "=\"", "\"", EXCL);
}
Ejemplo n.º 2
0
/**
 * Parsing intro or body
 */
function parse_intro_or_body($text, $strip = "")
{
    global $db, $Weblogs, $Current_weblog;
    $output = $text;
    if ($strip == "strip") {
        $output = strip_tags($output, "<a><b><i><u><embed><strong><ol><li><ul>");
    }
    $output = parse_step4($output);
    /* text processing: nl2br, Textile or Markdown/SmartyPants
    	   We ensure that newlines aren't converted to br elements in script 
    	   blocks - currently handling PHP and JavaScript.
    	   More exclusions will/can be added.
    	*/
    // Use the ACK (006) ASCII symbol to replace all script elements temporarily
    $output = str_replace("", "", $output);
    $regexp = "#(<script[ >].*?</script>)|(<\\?php\\s.*?\\?>)#is";
    preg_match_all($regexp, $output, $scripts);
    $output = preg_replace($regexp, "", $output);
    if ($db->entry['convert_lb'] == 1) {
        $output = strip_trailing_space(nl2br($output));
    } else {
        if ($db->entry['convert_lb'] == 2) {
            $output = pivot_textile($output);
        } else {
            if ($db->entry['convert_lb'] == 3 || $db->entry['convert_lb'] == 4) {
                $output = pivot_markdown($output, $db->entry['convert_lb']);
            }
        }
    }
    // Put captured scripts back into the output
    foreach ($scripts[0] as $script) {
        $output = preg_replace("//", $script, $output, 1);
    }
    // targetblank
    if ($Weblogs[$Current_weblog]['target_blank'] > 0) {
        $output = targetblank($output);
    }
    // emoticons..
    if ($Weblogs[$Current_weblog]['emoticons'] == 1) {
        $output = emoticonize($output);
    }
    // There's a silly quirk in TinyMCE, that prevents transparent Flash. We
    // need to fix this, to make Youtube videos work properly.
    $output = str_replace("<param name=\"wmode\" value=\"\" />", "<param name=\"wmode\" value=\"transparent\" />", $output);
    $output = str_replace(" wmode=\"\" ", " wmode=\"transparent\" ", $output);
    return tidy_html($output);
}
Ejemplo n.º 3
0
/**
 * Updates a post.
 *
 * @param string $uid
 * @param string $postid
 * @param string $title
 * @param string $content
 * @param array $categories
 * @return void
 */
function pivot_update_post($uid, $postid, $title, $content, $categories = '')
{
    global $db, $conversion_method, $body_separator;
    $oldentry = $db->read_entry($postid);
    $entry['code'] = $postid;
    $entry['date'] = $oldentry['date'];
    list($pivotintro, $pivotbody) = explode($body_separator, strip_trailing_space(stripslashes($content)));
    $entry['introduction'] = $pivotintro;
    $entry['body'] = $pivotbody;
    $entry['introduction'] = tidy_html($entry['introduction'], TRUE);
    $entry['body'] = tidy_html($entry['body'], TRUE);
    if (empty($categories)) {
        $entry['category'] = $oldentry['category'];
    } else {
        $entry['category'] = $categories;
    }
    $entry['publish_date'] = $oldentry['publish_date'];
    $entry['edit_date'] = date("Y-m-d-H-i", get_current_date());
    $entry['title'] = strip_trailing_space(stripslashes($title));
    $entry['subtitle'] = $oldentry['subtitle'];
    $entry['user'] = $uid;
    $entry['convert_lb'] = $conversion_method;
    $entry['status'] = "publish";
    $entry['allow_comments'] = 1;
    $entry['keywords'] = $oldentry['keywords'];
    $entry['vialink'] = $oldentry['vialink'];
    $entry['viatitle'] = $oldentry['viatitle'];
    $db->set_entry($entry);
    $db->save_entry(TRUE);
    generate_pages($db->entry['code'], TRUE, TRUE, TRUE, FALSE);
}
Ejemplo n.º 4
0
<?php

// this will ensure all tags are closed, without any html/head/body/doctype tags
function tidy_html($html)
{
    $tidy_config = array('output-xhtml' => true, 'show-body-only' => true);
    $tidy = tidy_parse_string($html, $tidy_config, 'UTF8');
    $tidy->cleanRepair();
    return tidy_get_output($tidy);
}
echo tidy_html($argv[1]);
Ejemplo n.º 5
0
    $string = str_replace("\"", "\\\"", $string);
    return $string;
}
// this will ensure all tags are closed, without any html/head/body/doctype tags
function tidy_html($html)
{
    $tidy_config = array('output-xhtml' => true, 'show-body-only' => true);
    $tidy = tidy_parse_string($html, $tidy_config, 'UTF8');
    $tidy->cleanRepair();
    return tidy_get_output($tidy);
}
function force_string($str)
{
    return is_string($str) ? $str : '';
}
// get the required fields
$popclip_text = force_string(getenv('POPCLIP_TEXT'));
$popclip_html = force_string(getenv('POPCLIP_HTML'));
$popclip_browser_url = force_string(getenv('POPCLIP_BROSWER_URL'));
$popclip_browser_title = force_string(getenv('POPCLIP_BROWSER_TITLE'));
/* Tidy the html. We do this because evernote 5.6.0 is much stricter about
html errors than previous version. Seems to prefer a strict XHTML fragment, sans doctype. */
$popclip_html = tidy_html($popclip_html);
// Fill in applescript template fields.
$applescript = str_replace("{popclip text}", applescript_safe($popclip_text), $applescript);
$applescript = str_replace("{popclip html}", applescript_safe($popclip_html), $applescript);
$applescript = str_replace("{popclip browser url}", applescript_safe($popclip_browser_url), $applescript);
$applescript = str_replace("{popclip browser title}", applescript_safe($popclip_browser_title), $applescript);
// Call script
$escapedscript = escapeshellarg($applescript);
$result = `echo {$escapedscript} | osascript -`;
Ejemplo n.º 6
0
?>
				<!-- Menyn importerad från: <?php 
echo $menu_url;
?>
 -->
				<h2><?php 
echo $lang == "sv" ? 'Meny' : 'Menu';
?>
</h2>
				<?php 
echo wiki_format($menu);
?>
				<!-- S**t på import -->
			</div>
			<div id="footer">
				<p class="signed">
					<a href="/webmaster">Webmasters</a> @
					<a href="/">Stacken</a>
				</p>
			     <p class="dated"><?php 
echo $last_mod;
?>
</p>
			</div>
		</div>
	</body>
</html>
<?php 
$html = ob_get_clean();
echo tidy_html($html);
Ejemplo n.º 7
0
function get_attribute($tag, $attribute)
{
    #Use \" and not ' to denote fields //Added by SAH
    $cleaned_html = $tag;
    //str_replace("'", "\"", $tag);
    //Don't do this incase someone has an unescaped ' inside an attributedelimiated with \" \"
    # Use Tidy library to 'clean' input
    $cleaned_html = tidy_html($cleaned_html);
    # Remove all line feeds from the string
    $cleaned_html = str_replace("\r", "", $cleaned_html);
    $cleaned_html = str_replace("\n", "", $cleaned_html);
    //print "CLEANED: $cleaned_html \n";
    # Use return_between() to find the properly quoted value for the attribute
    $t = return_between($cleaned_html, strtoupper($attribute) . "=\"", "\"", EXCL);
    if (strlen($t) == 0) {
        $t = return_between($cleaned_html, strtoupper($attribute) . "='", "'", EXCL);
    }
    if (strlen($t) == 0) {
        $t = false;
    }
    //SAH explicitly return false if not found
    return $t;
}
Ejemplo n.º 8
0
/**
 * When an entry is created or edited, it's passed in $_POST ($Pivot_vars).
 * This function gets all the variables and returns it as an $entry array
 *
 * @return array
 */
function get_entry_from_post()
{
    global $Users, $Pivot_Vars, $useWysiwyg, $db, $Cfg;
    if (isset($Pivot_Vars['f_code']) && $Pivot_Vars['f_code'] != "") {
        $entry = $db->read_entry($Pivot_Vars['f_code']);
        $entry['oldstatus'] = $entry['status'];
    } else {
        $entry['code'] = ">";
    }
    if (strlen($Pivot_Vars['f_createdate_1']) > 7 && $Pivot_Vars['f_createdate_1'] != "00-00-0000") {
        // if the date is filled, we try to parse it..
        $entry['date'] = fix_date($Pivot_Vars['f_createdate_1'], $Pivot_Vars['f_createdate_2']);
    } else {
        // otherwise we'll just assume 'now'.
        $entry['date'] = date("Y-m-d-H-i", get_current_date());
    }
    if (isset($Pivot_Vars['f_introduction_text'])) {
        $entry['introduction'] = strip_trailing_space($Pivot_Vars['f_introduction_text']);
        $entry['body'] = strip_trailing_space($Pivot_Vars['f_body_text']);
    } else {
        $entry['introduction'] = strip_trailing_space($Pivot_Vars['f_introduction']);
        $entry['body'] = strip_trailing_space($Pivot_Vars['f_body']);
    }
    // If magic_quotes_gpc is set, we need to strip slashes..
    if (get_magic_quotes_gpc()) {
        $entry['introduction'] = stripslashes($entry['introduction']);
        $entry['body'] = stripslashes($entry['body']);
        $Pivot_Vars['f_title'] = stripslashes($Pivot_Vars['f_title']);
        $Pivot_Vars['f_subtitle'] = stripslashes($Pivot_Vars['f_subtitle']);
    }
    $entry['introduction'] = tidy_html($entry['introduction'], TRUE);
    $entry['body'] = tidy_html($entry['body'], TRUE);
    $entry['category'] = @$Pivot_Vars['f_catmult'];
    $entry['publish_date'] = fix_date($Pivot_Vars['f_publishdate_1'], $Pivot_Vars['f_publishdate_2']);
    $entry['edit_date'] = date("Y-m-d-H-i");
    $entry['title'] = strip_trailing_space($Pivot_Vars['f_title']);
    $entry['subtitle'] = strip_trailing_space($Pivot_Vars['f_subtitle']);
    $entry['user'] = $Pivot_Vars['f_user'];
    $entry['convert_lb'] = $Pivot_Vars['convert_lb'];
    $entry['status'] = $Pivot_Vars['f_status'];
    $entry['allow_comments'] = $Pivot_Vars['f_allowcomments'];
    $entry['vialink'] = strip_tags($Pivot_Vars['f_vialink']);
    $entry['viatitle'] = strip_tags($Pivot_Vars['f_viatitle']);
    // Only store the tb_url if we're not publishing. (because if we publish, we ping it, and forget it)
    if ($entry['status'] != "publish") {
        $entry['tb_url'] = strip_tags($Pivot_Vars['tb_url']);
    } else {
        if (isset($entry['tb_url'])) {
            unset($entry['tb_url']);
        }
    }
    // Gather all tags from introduction and body in keywords..
    $tags = getTags(false, $entry['introduction'] . $entry['body'], strip_tags($Pivot_Vars['f_keywords']));
    $entry['keywords'] = implode(", ", $tags);
    return $entry;
}
Ejemplo n.º 9
0
function clean_richtext($text)
{
    /*{{{*/
    $allowtags = '<a><b><i><u><blockquote><img><strong><em><font><p><ol><ul><li><h1><h2><h3><h4><h5><h6><strike><span><br><table><tbody><th><tr><td><caption><colgroup><div><embed>';
    $allowattributes = 'href,target,src,width,height,alt,title,size,face,color,align,style,name,rowspan,colspan,border,rev,class';
    $text = preg_replace("/<(script.*?)>(.*?)<(\\/script.*?)>/si", "", $text);
    // strip out any \r characters. all we need is \n
    //        $text = strtr($text, array("\r" => '', '&' => '&amp;'));
    //        $text = strtr($text, array("onmouseover" => '', 'onmouseout' => '', 'on'));
    $text = utf8_sanitize($text);
    $text = strip_tags_attributes($text, $allowtags, $allowattributes);
    $text = preg_replace('/mso-.*?:.*?(;|\\"|\'|>)/si', '$1', $text);
    //        $text = preg_replace('/(?<!href=")(?<!src=")((https?:\/\/)([-a-zA-Z0-9@:%_\+.~#?&\/=]+))/i', '<a href="$1" target="_blank">$3</a>', $text);
    // XSS protection: <a href="javascript: alert(...
    $text = preg_replace('/href=([\'"]).*?javascript:(.*)?\\1/i', 'href="#$2"', $text);
    $text = tidy_html($text);
    return $text;
}