Example #1
0
 public function testSpecialChars()
 {
     $inputOne = 'a+b-c';
     $expectedOne = 'a+b-c';
     $inputTwo = '+49-52 <br />';
     $expectedTwo = '+49-52 <br />';
     $safe = new HTML_Safe();
     $this->assertSame($expectedOne, $safe->parse($inputOne));
     $this->assertSame($expectedTwo, $safe->parse($inputTwo));
 }
Example #2
0
 /**
  * Parses the text
  *
  * @access  public
  * @param   string $string String to parse
  * @param   bool   $strict How strict we can be. True will be very strict (default), false
  *                         will allow some attributes (id) and tags (object, applet, embed)
  * @return  string The safe string
  */
 static function parse($string, $strict = null)
 {
     static $safe_xss;
     static $xss_parsing_level;
     if (!isset($safe_xss)) {
         $xss_parsing_level = $GLOBALS['app']->Registry->fetch('xss_parsing_level', 'Policy');
         //Create safe html object
         require_once PEAR_PATH . 'HTML/Safe.php';
         $safe_xss = new HTML_Safe();
     }
     if (is_null($strict)) {
         $strict = $xss_parsing_level == "paranoid";
     }
     $string = $safe_xss->parse($string, $strict);
     $safe_xss->clear();
     return $string;
 }
Example #3
0
 function wash($content)
 {
     $content = preg_replace('|<b></b>|', '', $content);
     $content = preg_replace('/\\s*\\n\\s*/', "\n", $content);
     $content = preg_replace('/\\b(\\w+=")\\n\\s*/', '$1', $content);
     $content = preg_replace('/\\s*\\n\\s*/', "\n", $content);
     $content = preg_replace('/\\s*\\n\\s*>/', '>', $content);
     $parser = new HTML_Safe();
     $parser->attributes = array();
     $parser->deleteTags[] = 'noscript';
     $parser->deleteTagsContent[] = 'noscript';
     $result = $parser->parse($content);
     $result = $parser->getXHTML();
     $content = '<html><body>' . $result . '</body></html>';
     // remove reblog lineages.
     $content = preg_replace('/<p><a href=".+?">\\w+<\\/a>:<\\/p>/', '', $content);
     $content = $this->removeEntities($content);
     return $content;
 }
Example #4
0
/**
 * @deprecated HTML Safe is not good enough (blacklist instead of whitelist based).
 */
function get_safer_html_html_safe($string)
{
    require_once 'HTML/Safe.php';
    $parser = new HTML_Safe();
    $parser->attributes = array('dynsrc');
    return $parser->parse($string);
}
Example #5
0
 function safe_html_string($string)
 {
     $htmlSafe = new HTML_Safe();
     array_push($htmlSafe->whiteProtocols, 'cid');
     return $htmlSafe->parse($string);
 }
Example #6
0
 function safe_html_string($string)
 {
     $htmlSafe = new HTML_Safe();
     return $htmlSafe->parse($string);
 }
Example #7
0
 protected static function sanitizeHtml($html)
 {
     static $parser;
     if (!isset($parser)) {
         $parser = new HTML_Safe();
         $parser->deleteTags[] = 'form';
     }
     return $parser->parse($html);
 }
Example #8
0
 /**
  * returns the HTML text part of a multi-part message
  *
  * @param int msgNo the relative message number for the monitored mailbox
  * @param string $type the type of text processed, either 'PLAIN' or 'HTML'
  * @return string UTF-8 encoded version of the requested message text
  */
 function getMessageText($msgNo, $type, $structure, $fullHeader)
 {
     $msgPart = '';
     $bc = $this->buildBreadCrumbs($structure->parts, $type);
     if (!empty($bc)) {
         // multi-part
         $msgPartRaw = imap_fetchbody($this->conn, $msgNo, $bc);
         $enc = $this->getEncodingFromBreadCrumb($bc, $structure->parts);
         $charset = $this->getCharsetFromBreadCrumb($bc, $structure->parts);
         $msgPart = $this->handleTranserEncoding($msgPartRaw, $enc);
         $msgPart = $this->handleCharsetTranslation($msgPart, $charset);
         /*
         _pp('bc: '.$bc);
         _pp("enc: ".$enc);
         _pp("charset: ".$charset);
         _pp("msgPart: ".$msgPart);
         _pp('xfer-encoding: '.$this->transfer_encoding);
         _ppd($structure->parts);
         */
         //return $msgPart;
     } else {
         // either PLAIN message type (flowed) or b0rk3d RFC
         // make sure we're working on valid data here.
         if ($structure->subtype != $type) {
             return '';
         }
         $decodedHeader = $this->decodeHeader($fullHeader);
         //_pp($fullHeader);
         //_ppd($decodedHeader);
         // now get actual body contents
         $text = imap_body($this->conn, $msgNo);
         // handle transfer encoding (usually mb-char for text portions)
         if (isset($decodedHeader['Content-Transfer-Encoding'])) {
             $flip = array_flip($this->transferEncoding);
             $text = $this->handleTranserEncoding($text, $flip[strtoupper($decodedHeader['Content-Transfer-Encoding'])]);
         }
         $msgPart = $text;
         if (isset($decodedHeader['Content-Type']['charset']) && !empty($decodedHeader['Content-Type']['charset'])) {
             $msgPart = $this->handleCharsetTranslation($text, $decodedHeader['Content-Type']['charset']);
         }
         //return $msgPart;
     }
     // end else clause
     /* cn: bug 9176 - htmlEntitites hide XSS attacks.
      * decode to pass refreshed HTML to HTML_Safe */
     $msgPart = from_html($msgPart);
     require_once 'include/Pear/HTML_Safe/Safe.php';
     $safe = new HTML_Safe();
     return $safe->parse($msgPart);
 }