public static function render_page_finished() { if (self::$page_denied) { self::$page_denied = false; $null = ob_get_clean(); // remove page content. echo self::$page_denied_message; self::$page_denied_message = ''; } else { if (self::$process_editable_page) { module_debug::log(array('title' => 'Page Editable', 'file' => 'includes/plugin_security/security.php', 'data' => "User doesn't have edit permissions, time to remove all form elements.")); self::$process_editable_page = false; $editable_content = ob_get_clean(); //ob_clean(); //$editable_content = preg_replace('#</?form[^>]*>#imsU','',$editable_content); //$editable_content = preg_replace('#<input[^>]*type="submit"[^>]*>#imsU','',$editable_content); //$editable_content = preg_replace('#<input[^>]*type="button"[^>]*>#imsU','',$editable_content); //$editable_content = preg_replace('#<input[^>]*type="radio"[^>]*>#imsU','',$editable_content); //$editable_content = preg_replace('#<input[^>]*type="hidden"[^>]*>#imsU','',$editable_content); // check if this is bad: disabling script. eg: file edit screen. //$editable_content = preg_replace('#<script[^>]*>.*</script>#imsU','',$editable_content); $editable_content = preg_replace('#<a[^>]+ui-icon-help[^>]*>[^<]*</a>#imsU', '', $editable_content); $editable_content = preg_replace('#<span[^>]class="button"[^>]*>.*</span>#imsU', '', $editable_content); if (preg_match_all('#<input[^>]*type="text"[^>]*>#imsU', $editable_content, $matches)) { foreach ($matches[0] as $match) { if (strpos($match, 'no_permissions') === false) { $replace_with = ''; if (preg_match('#value="([^"]*)"#imsU', $match, $value)) { $replace_with = $value[1]; } $editable_content = preg_replace('#' . preg_quote($match, '#') . '#msU', $replace_with, $editable_content); } } } if (preg_match_all('#<input[^>]*type="checkbox"[^>]*>#imsU', $editable_content, $matches)) { foreach ($matches[0] as $match) { if (!strpos($match, 'disabled=')) { if (strpos($match, 'no_permissions') === false) { $replace_with = str_replace('type=', 'disabled="disabled" type=', $match); $editable_content = preg_replace('#' . preg_quote($match, '#') . '#msU', $replace_with, $editable_content); } } } } if (preg_match_all('#<textarea[^>]*>(.*)</textarea>#imsU', $editable_content, $matches)) { foreach ($matches[0] as $match_key => $match) { if (strpos($match, 'no_permissions') === false) { $replace_with = $matches[1][$match_key]; $editable_content = preg_replace('#' . preg_quote($match, '#') . '#msU', $replace_with, $editable_content); } } } if (preg_match_all('#<select[^>]*>.*</select>#imsU', $editable_content, $matches)) { foreach ($matches[0] as $match_key => $match) { if (strpos($match, 'no_permissions') === false) { // find out which <option> is selected. $replace_with = ''; if (preg_match('#<option[^>]*selected[^>]*>(.*)</option>#imsU', $match, $options)) { $replace_with = $options[1]; } $editable_content = str_replace($match, $replace_with, $editable_content); //$editable_content = preg_replace('#'.preg_quote($match,'#').'#msU',$replace_with,$editable_content); } } } // remove all input elements that do not have a class of "no_permissions" if (preg_match_all('#<input[^>]*>#imsU', $editable_content, $matches)) { foreach ($matches[0] as $match) { if (strpos($match, 'no_permissions') === false && strpos($match, 'type="text"') === false) { $editable_content = preg_replace('#' . preg_quote($match, '#') . '#imsU', '', $editable_content); } } } echo $editable_content; } } }