function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false)
{
if (!$owner) {
$owner = $_SESSION["uid"];
}
$res = trim($str);
if (!$res) {
return '';
}
$config = array('safe' => 1, 'deny_attribute' => 'style, width, height, class, id', 'comment' => 1, 'cdata' => 1, 'balance' => 0);
$res = htmLawed($res, $config);
if (get_pref($link, "STRIP_IMAGES", $owner)) {
$res = preg_replace('/<img[^>]+>/is', '', $res);
}
if (strpos($res, "href=") === false) {
$res = rewrite_urls($res);
}
$charset_hack = '<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>';
$res = trim($res);
if (!$res) {
return '';
}
libxml_use_internal_errors(true);
$doc = new DOMDocument();
$doc->loadHTML($charset_hack . $res);
$xpath = new DOMXPath($doc);
$entries = $xpath->query('(//a[@href]|//img[@src])');
$br_inserted = 0;
foreach ($entries as $entry) {
if ($site_url) {
if ($entry->hasAttribute('href')) {
$entry->setAttribute('href', rewrite_relative_url($site_url, $entry->getAttribute('href')));
}
if ($entry->hasAttribute('src')) {
if (preg_match('/^image.php\\?i=[a-z0-9]+$/', $entry->getAttribute('src')) == 0) {
$entry->setAttribute('src', rewrite_relative_url($site_url, $entry->getAttribute('src')));
}
}
}
if (strtolower($entry->nodeName) == "a") {
$entry->setAttribute("target", "_blank");
}
if (strtolower($entry->nodeName) == "img" && !$br_inserted) {
$br = $doc->createElement("br");
if ($entry->parentNode->nextSibling) {
$entry->parentNode->insertBefore($br, $entry->nextSibling);
$br_inserted = 1;
}
}
}
$node = $doc->getElementsByTagName('body')->item(0);
// http://tt-rss.org/redmine/issues/357
return $doc->saveXML($node, LIBXML_NOEMPTYTAG);
}
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false)
{
if (!$owner) {
$owner = $_SESSION["uid"];
}
$res = trim($str);
if (!$res) {
return '';
}
if (strpos($res, "href=") === false) {
$res = rewrite_urls($res);
}
$charset_hack = '<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>';
$res = trim($res);
if (!$res) {
return '';
}
libxml_use_internal_errors(true);
$doc = new DOMDocument();
$doc->loadHTML($charset_hack . $res);
$xpath = new DOMXPath($doc);
$entries = $xpath->query('(//a[@href]|//img[@src])');
foreach ($entries as $entry) {
if ($site_url) {
if ($entry->hasAttribute('href')) {
$entry->setAttribute('href', rewrite_relative_url($site_url, $entry->getAttribute('href')));
}
if ($entry->hasAttribute('src')) {
$src = rewrite_relative_url($site_url, $entry->getAttribute('src'));
$cached_filename = CACHE_DIR . '/images/' . sha1($src) . '.png';
if (file_exists($cached_filename)) {
$src = SELF_URL_PATH . '/image.php?hash=' . sha1($src);
}
$entry->setAttribute('src', $src);
}
if ($entry->nodeName == 'img') {
if ($owner && get_pref("STRIP_IMAGES", $owner) || $force_remove_images || $_SESSION["bw_limit"]) {
$p = $doc->createElement('p');
$a = $doc->createElement('a');
$a->setAttribute('href', $entry->getAttribute('src'));
$a->appendChild(new DOMText($entry->getAttribute('src')));
$a->setAttribute('target', '_blank');
$p->appendChild($a);
$entry->parentNode->replaceChild($p, $entry);
}
}
}
if (strtolower($entry->nodeName) == "a") {
$entry->setAttribute("target", "_blank");
}
}
$entries = $xpath->query('//iframe');
foreach ($entries as $entry) {
$entry->setAttribute('sandbox', 'allow-scripts');
}
$allowed_elements = array('a', 'address', 'audio', 'article', 'aside', 'b', 'bdi', 'bdo', 'big', 'blockquote', 'body', 'br', 'caption', 'cite', 'center', 'code', 'col', 'colgroup', 'data', 'dd', 'del', 'details', 'div', 'dl', 'font', 'dt', 'em', 'footer', 'figure', 'figcaption', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'header', 'html', 'i', 'img', 'ins', 'kbd', 'li', 'main', 'mark', 'nav', 'noscript', 'ol', 'p', 'pre', 'q', 'ruby', 'rp', 'rt', 's', 'samp', 'section', 'small', 'source', 'span', 'strike', 'strong', 'sub', 'summary', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'wbr', 'video');
if ($_SESSION['hasSandbox']) {
$allowed_elements[] = 'iframe';
}
$disallowed_attributes = array('id', 'style', 'class');
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SANITIZE) as $plugin) {
$retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes);
if (is_array($retval)) {
$doc = $retval[0];
$allowed_elements = $retval[1];
$disallowed_attributes = $retval[2];
} else {
$doc = $retval;
}
}
$doc->removeChild($doc->firstChild);
//remove doctype
$doc = strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes);
$res = $doc->saveHTML();
return $res;
}
function sanitize_rss($link, $str, $force_strip_tags = false, $owner = false, $site_url = false)
{
global $purifier;
if (!$owner) {
$owner = $_SESSION["uid"];
}
$res = trim($str);
if (!$res) {
return '';
}
// if (get_pref($link, "STRIP_UNSAFE_TAGS", $owner) || $force_strip_tags) {
$res = $purifier->purify($res);
// }
if (get_pref($link, "STRIP_IMAGES", $owner)) {
$res = preg_replace('/<img[^>]+>/is', '', $res);
}
if (strpos($res, "href=") === false) {
$res = rewrite_urls($res);
}
$charset_hack = '<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>';
$res = trim($res);
if (!$res) {
return '';
}
libxml_use_internal_errors(true);
$doc = new DOMDocument();
$doc->loadHTML($charset_hack . $res);
$xpath = new DOMXPath($doc);
$entries = $xpath->query('(//a[@href]|//img[@src])');
$br_inserted = 0;
foreach ($entries as $entry) {
if ($site_url) {
if ($entry->hasAttribute('href')) {
$entry->setAttribute('href', rewrite_relative_url($site_url, $entry->getAttribute('href')));
}
if ($entry->hasAttribute('src')) {
if (preg_match('/^image.php\\?i=[a-z0-9]+$/', $entry->getAttribute('src')) == 0) {
$entry->setAttribute('src', rewrite_relative_url($site_url, $entry->getAttribute('src')));
}
}
}
if (strtolower($entry->nodeName) == "a") {
$entry->setAttribute("target", "_blank");
}
if (strtolower($entry->nodeName) == "img" && !$br_inserted) {
$br = $doc->createElement("br");
if ($entry->parentNode->nextSibling) {
$entry->parentNode->insertBefore($br, $entry->nextSibling);
$br_inserted = 1;
}
}
}
$node = $doc->getElementsByTagName('body')->item(0);
return $doc->saveXML($node);
}
function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false)
{
global $purifier;
if (!$owner) {
$owner = $_SESSION["uid"];
}
$res = trim($str);
if (!$res) {
return '';
}
// create global Purifier object if needed
if (!$purifier) {
require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]";
$config->set('HTML.SafeObject', true);
@$config->set('HTML', 'Allowed', $allowed);
$config->set('Output.FlashCompat', true);
$config->set('Attr.EnableID', true);
if (!defined('MOBILE_VERSION')) {
@$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier");
} else {
@$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier");
}
$config->set('Filter.YouTube', true);
$purifier = new HTMLPurifier($config);
}
$res = $purifier->purify($res);
if (get_pref($link, "STRIP_IMAGES", $owner)) {
$res = preg_replace('/<img[^>]+>/is', '', $res);
}
if (strpos($res, "href=") === false) {
$res = rewrite_urls($res);
}
$charset_hack = '<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>';
$res = trim($res);
if (!$res) {
return '';
}
libxml_use_internal_errors(true);
$doc = new DOMDocument();
$doc->loadHTML($charset_hack . $res);
$xpath = new DOMXPath($doc);
$entries = $xpath->query('(//a[@href]|//img[@src])');
$br_inserted = 0;
foreach ($entries as $entry) {
if ($site_url) {
if ($entry->hasAttribute('href')) {
$entry->setAttribute('href', rewrite_relative_url($site_url, $entry->getAttribute('href')));
}
if ($entry->hasAttribute('src')) {
if (preg_match('/^image.php\\?i=[a-z0-9]+$/', $entry->getAttribute('src')) == 0) {
$entry->setAttribute('src', rewrite_relative_url($site_url, $entry->getAttribute('src')));
}
}
}
if (strtolower($entry->nodeName) == "a") {
$entry->setAttribute("target", "_blank");
}
if (strtolower($entry->nodeName) == "img" && !$br_inserted) {
$br = $doc->createElement("br");
if ($entry->parentNode->nextSibling) {
$entry->parentNode->insertBefore($br, $entry->nextSibling);
$br_inserted = 1;
}
}
}
$node = $doc->getElementsByTagName('body')->item(0);
return $doc->saveXML($node, LIBXML_NOEMPTYTAG);
}
function get_new_lines($link, $last_id)
{
$result = db_query($link, "SELECT ttirc_messages.id,\n\t\t\tmessage_type, sender, channel, connection_id, incoming,\n\t\t\tmessage, " . SUBSTRING_FOR_DATE . "(ts,12,8) AS ts\n\t\t\tFROM ttirc_messages, ttirc_connections WHERE\n\t\t\tconnection_id = ttirc_connections.id AND\n\t\t\tmessage_type != " . MSGT_COMMAND . " AND\n\t\t\t((ts > NOW() - INTERVAL '15 minutes' AND \n\t\t\t\tmessage_type != " . MSGT_PRIVATE_PRIVMSG . ") OR\n\t\t\t(ts > NOW() - INTERVAL '5 hours' AND \n\t\t\t\tmessage_type = " . MSGT_PRIVATE_PRIVMSG . ")) AND\n\t\t\tttirc_messages.id > '{$last_id}' AND \n\t\t\towner_uid = " . $_SESSION["uid"] . " ORDER BY ttirc_messages.id LIMIT 50");
$lines = array();
while ($line = db_fetch_assoc($result)) {
$line["message"] = rewrite_urls(htmlspecialchars($line["message"]));
$line["sender_color"] = color_of($line["sender"]);
$line["incoming"] = sql_bool_to_bool($line["incoming"]);
array_push($lines, $line);
}
return $lines;
}
/**
* Handler for exit calls in phpBB.
*
* Note: This function is called after the template has been outputted.
*/
function exit_handler()
{
global $phpbb_hook, $config;
if (!empty($phpbb_hook) && $phpbb_hook->call_hook(__FUNCTION__)) {
if ($phpbb_hook->hook_return(__FUNCTION__)) {
return $phpbb_hook->hook_return_result(__FUNCTION__);
}
}
// URL Rewrite - BEGIN
// Compress buffered output if required and send to browser
if (!empty($config['url_rw_runtime'])) {
$contents = rewrite_urls(ob_get_contents());
ob_end_clean();
@extension_loaded('zlib') && !empty($config['gzip_compress_runtime']) ? ob_start('ob_gzhandler') : ob_start();
echo $contents;
}
// URL Rewrite - END
// As a pre-caution... some setups display a blank page if the flush() is not there.
empty($config['gzip_compress_runtime']) && empty($config['url_rw_runtime']) ? @flush() : @ob_flush();
exit;
}
