/** * * check xss or auto fixed * @param string $value * @param string $type * @param object $instance */ public function xss($token, $type, $instance = null) { if ($token === true) { $value = Fl_Static::fixPregReplaceQuote(trim($instance)); $type = Fl_Static::fixPregReplaceQuote($type); if (!$this->checkHasOutput($type, $this->xssTmp['instance']) || $this->isSafeVar($value)) { return $type; } $escapeType = $this->getXssType($value); $escapeLevels = $this->xssTmp['instance']->escapeLevel; $level = $escapeLevels[$escapeType]; foreach ($escapeLevels as $name => $l) { if ($l > $level) { $typeModifier = $this->xssTmp['instance']->options[$name]; if (strpos($value, $typeModifier) !== false) { return $type; } } } $typeModifier = $this->xssTmp['instance']->options[$escapeType]; if (strpos($value, $typeModifier) === 0) { return $type; } $token = $this->xssTmp['token']; $message = '`' . $type . '` must be use ' . $typeModifier . ' to escape at line:' . $token['line'] . ', col:' . $token['col']; $this->xssTmp['log'][] = $message; if ($value[0] === '{') { return $this->xssTmp['instance']->ld . '{' . $typeModifier . '(' . substr($value, 1) . ')' . $this->xssTmp['instance']->rd; } return $this->xssTmp['instance']->ld . $typeModifier . '(' . $value . ')' . $this->xssTmp['instance']->rd; } else { $this->xssTmp = array("token" => $token, "type" => $type, "instance" => $instance, 'log' => array()); $value = $token['value']; $tplPattern = "/(" . preg_quote($instance->ld, "/") . "(.*?)" . preg_quote($instance->rd, "/") . ")/e"; $value = preg_replace($tplPattern, "self::xss(true, '\\1', '\\2')", $value); $log = $this->xssTmp['log']; $this->xssTmp = array(); return array("value" => $value, "log" => $log); } }
public function xss($token, $type, $instance = null) { if ($token === true) { $value = Fl_Static::fixPregReplaceQuote(trim($instance)); $type = Fl_Static::fixPregReplaceQuote($type); $tokens = token_get_all($type); $result = array(); $tmp = array(); $flag = false; foreach ($tokens as $token) { $tokenName = ''; if (is_array($token)) { $tokenValue = $token[1]; } else { $tokenValue = $token; } if (is_array($token)) { $tokenName = $token[0]; } if ($tokenValue == ';' || $tokenName == T_CLOSE_TAG) { $string = trim(join(" ", $tmp)); if (empty($string)) { $result[] = $tokenValue; continue; } if ($this->isSafeVar($string)) { return $type; } $escapeType = $this->getXssType($value); $escapeLevels = $this->xssTmp['instance']->escapeLevel; $level = $escapeLevels[$escapeType]; foreach ($escapeLevels as $name => $l) { if ($l > $level) { $typeModifier = $this->xssTmp['instance']->options[$name]; if (strpos($value, $typeModifier) !== false) { return $type; } } } $typeModifier = $this->xssTmp['instance']->options[$escapeType]; if (strpos($value, $typeModifier) !== false) { return $type; } $tmpToken = $this->xssTmp['token']; $message = '`' . $type . '` must be use ' . $typeModifier . ' to escape at line:' . $tmpToken['line'] . ', col:' . $token['col']; $this->xssTmp['log'][] = $message; $string = $typeModifier . '(' . $string . ')'; $result[] = $string; $result[] = $tokenValue; $tmp = array(); $flag = false; continue; } if ($tokenName == T_ECHO) { $result[] = $tokenValue; $flag = true; continue; } if ($flag) { $tmp[] = $tokenValue; } else { $result[] = $tokenValue; } } return join(" ", $result); } else { $this->xssTmp = array("token" => $token, "type" => $type, "instance" => $instance, 'log' => array()); $value = $token['value']; $tplPattern = "/(" . preg_quote($instance->ld, "/") . "(.*?)" . preg_quote($instance->rd, "/") . ")/ise"; $value = preg_replace($tplPattern, "self::xss(true, '\\1', '\\2')", $value); $log = $this->xssTmp['log']; $this->xssTmp = array(); return array("value" => $value, "log" => $log); } }