function get_attribute($tag, $attribute)
{
# Use Tidy library to 'clean' input
$cleaned_html = tidy_html($tag);
# Remove all line feeds from the string
$cleaned_html = str_replace("\r", "", $cleaned_html);
$cleaned_html = str_replace("\n", "", $cleaned_html);
# Use return_between() to find the properly quoted value for the attribute
return return_between($cleaned_html, strtoupper($attribute) . "=\"", "\"", EXCL);
}
/**
* Parsing intro or body
*/
function parse_intro_or_body($text, $strip = "")
{
global $db, $Weblogs, $Current_weblog;
$output = $text;
if ($strip == "strip") {
$output = strip_tags($output, "<a><b><i><u><embed><strong><ol><li><ul>");
}
$output = parse_step4($output);
/* text processing: nl2br, Textile or Markdown/SmartyPants
We ensure that newlines aren't converted to br elements in script
blocks - currently handling PHP and JavaScript.
More exclusions will/can be added.
*/
// Use the ACK (006) ASCII symbol to replace all script elements temporarily
$output = str_replace("", "", $output);
$regexp = "#(<script[ >].*?</script>)|(<\\?php\\s.*?\\?>)#is";
preg_match_all($regexp, $output, $scripts);
$output = preg_replace($regexp, "", $output);
if ($db->entry['convert_lb'] == 1) {
$output = strip_trailing_space(nl2br($output));
} else {
if ($db->entry['convert_lb'] == 2) {
$output = pivot_textile($output);
} else {
if ($db->entry['convert_lb'] == 3 || $db->entry['convert_lb'] == 4) {
$output = pivot_markdown($output, $db->entry['convert_lb']);
}
}
}
// Put captured scripts back into the output
foreach ($scripts[0] as $script) {
$output = preg_replace("//", $script, $output, 1);
}
// targetblank
if ($Weblogs[$Current_weblog]['target_blank'] > 0) {
$output = targetblank($output);
}
// emoticons..
if ($Weblogs[$Current_weblog]['emoticons'] == 1) {
$output = emoticonize($output);
}
// There's a silly quirk in TinyMCE, that prevents transparent Flash. We
// need to fix this, to make Youtube videos work properly.
$output = str_replace("<param name=\"wmode\" value=\"\" />", "<param name=\"wmode\" value=\"transparent\" />", $output);
$output = str_replace(" wmode=\"\" ", " wmode=\"transparent\" ", $output);
return tidy_html($output);
}
/**
* Updates a post.
*
* @param string $uid
* @param string $postid
* @param string $title
* @param string $content
* @param array $categories
* @return void
*/
function pivot_update_post($uid, $postid, $title, $content, $categories = '')
{
global $db, $conversion_method, $body_separator;
$oldentry = $db->read_entry($postid);
$entry['code'] = $postid;
$entry['date'] = $oldentry['date'];
list($pivotintro, $pivotbody) = explode($body_separator, strip_trailing_space(stripslashes($content)));
$entry['introduction'] = $pivotintro;
$entry['body'] = $pivotbody;
$entry['introduction'] = tidy_html($entry['introduction'], TRUE);
$entry['body'] = tidy_html($entry['body'], TRUE);
if (empty($categories)) {
$entry['category'] = $oldentry['category'];
} else {
$entry['category'] = $categories;
}
$entry['publish_date'] = $oldentry['publish_date'];
$entry['edit_date'] = date("Y-m-d-H-i", get_current_date());
$entry['title'] = strip_trailing_space(stripslashes($title));
$entry['subtitle'] = $oldentry['subtitle'];
$entry['user'] = $uid;
$entry['convert_lb'] = $conversion_method;
$entry['status'] = "publish";
$entry['allow_comments'] = 1;
$entry['keywords'] = $oldentry['keywords'];
$entry['vialink'] = $oldentry['vialink'];
$entry['viatitle'] = $oldentry['viatitle'];
$db->set_entry($entry);
$db->save_entry(TRUE);
generate_pages($db->entry['code'], TRUE, TRUE, TRUE, FALSE);
}
<?php
// this will ensure all tags are closed, without any html/head/body/doctype tags
function tidy_html($html)
{
$tidy_config = array('output-xhtml' => true, 'show-body-only' => true);
$tidy = tidy_parse_string($html, $tidy_config, 'UTF8');
$tidy->cleanRepair();
return tidy_get_output($tidy);
}
echo tidy_html($argv[1]);
$string = str_replace("\"", "\\\"", $string);
return $string;
}
// this will ensure all tags are closed, without any html/head/body/doctype tags
function tidy_html($html)
{
$tidy_config = array('output-xhtml' => true, 'show-body-only' => true);
$tidy = tidy_parse_string($html, $tidy_config, 'UTF8');
$tidy->cleanRepair();
return tidy_get_output($tidy);
}
function force_string($str)
{
return is_string($str) ? $str : '';
}
// get the required fields
$popclip_text = force_string(getenv('POPCLIP_TEXT'));
$popclip_html = force_string(getenv('POPCLIP_HTML'));
$popclip_browser_url = force_string(getenv('POPCLIP_BROSWER_URL'));
$popclip_browser_title = force_string(getenv('POPCLIP_BROWSER_TITLE'));
/* Tidy the html. We do this because evernote 5.6.0 is much stricter about
html errors than previous version. Seems to prefer a strict XHTML fragment, sans doctype. */
$popclip_html = tidy_html($popclip_html);
// Fill in applescript template fields.
$applescript = str_replace("{popclip text}", applescript_safe($popclip_text), $applescript);
$applescript = str_replace("{popclip html}", applescript_safe($popclip_html), $applescript);
$applescript = str_replace("{popclip browser url}", applescript_safe($popclip_browser_url), $applescript);
$applescript = str_replace("{popclip browser title}", applescript_safe($popclip_browser_title), $applescript);
// Call script
$escapedscript = escapeshellarg($applescript);
$result = `echo {$escapedscript} | osascript -`;
?> <!-- Menyn importerad från: <?php echo $menu_url; ?> --> <h2><?php echo $lang == "sv" ? 'Meny' : 'Menu'; ?> </h2> <?php echo wiki_format($menu); ?> <!-- S**t på import --> </div> <div id="footer"> <p class="signed"> <a href="/webmaster">Webmasters</a> @ <a href="/">Stacken</a> </p> <p class="dated"><?php echo $last_mod; ?> </p> </div> </div> </body> </html> <?php $html = ob_get_clean(); echo tidy_html($html);
function get_attribute($tag, $attribute)
{
#Use \" and not ' to denote fields //Added by SAH
$cleaned_html = $tag;
//str_replace("'", "\"", $tag);
//Don't do this incase someone has an unescaped ' inside an attributedelimiated with \" \"
# Use Tidy library to 'clean' input
$cleaned_html = tidy_html($cleaned_html);
# Remove all line feeds from the string
$cleaned_html = str_replace("\r", "", $cleaned_html);
$cleaned_html = str_replace("\n", "", $cleaned_html);
//print "CLEANED: $cleaned_html \n";
# Use return_between() to find the properly quoted value for the attribute
$t = return_between($cleaned_html, strtoupper($attribute) . "=\"", "\"", EXCL);
if (strlen($t) == 0) {
$t = return_between($cleaned_html, strtoupper($attribute) . "='", "'", EXCL);
}
if (strlen($t) == 0) {
$t = false;
}
//SAH explicitly return false if not found
return $t;
}
/**
* When an entry is created or edited, it's passed in $_POST ($Pivot_vars).
* This function gets all the variables and returns it as an $entry array
*
* @return array
*/
function get_entry_from_post()
{
global $Users, $Pivot_Vars, $useWysiwyg, $db, $Cfg;
if (isset($Pivot_Vars['f_code']) && $Pivot_Vars['f_code'] != "") {
$entry = $db->read_entry($Pivot_Vars['f_code']);
$entry['oldstatus'] = $entry['status'];
} else {
$entry['code'] = ">";
}
if (strlen($Pivot_Vars['f_createdate_1']) > 7 && $Pivot_Vars['f_createdate_1'] != "00-00-0000") {
// if the date is filled, we try to parse it..
$entry['date'] = fix_date($Pivot_Vars['f_createdate_1'], $Pivot_Vars['f_createdate_2']);
} else {
// otherwise we'll just assume 'now'.
$entry['date'] = date("Y-m-d-H-i", get_current_date());
}
if (isset($Pivot_Vars['f_introduction_text'])) {
$entry['introduction'] = strip_trailing_space($Pivot_Vars['f_introduction_text']);
$entry['body'] = strip_trailing_space($Pivot_Vars['f_body_text']);
} else {
$entry['introduction'] = strip_trailing_space($Pivot_Vars['f_introduction']);
$entry['body'] = strip_trailing_space($Pivot_Vars['f_body']);
}
// If magic_quotes_gpc is set, we need to strip slashes..
if (get_magic_quotes_gpc()) {
$entry['introduction'] = stripslashes($entry['introduction']);
$entry['body'] = stripslashes($entry['body']);
$Pivot_Vars['f_title'] = stripslashes($Pivot_Vars['f_title']);
$Pivot_Vars['f_subtitle'] = stripslashes($Pivot_Vars['f_subtitle']);
}
$entry['introduction'] = tidy_html($entry['introduction'], TRUE);
$entry['body'] = tidy_html($entry['body'], TRUE);
$entry['category'] = @$Pivot_Vars['f_catmult'];
$entry['publish_date'] = fix_date($Pivot_Vars['f_publishdate_1'], $Pivot_Vars['f_publishdate_2']);
$entry['edit_date'] = date("Y-m-d-H-i");
$entry['title'] = strip_trailing_space($Pivot_Vars['f_title']);
$entry['subtitle'] = strip_trailing_space($Pivot_Vars['f_subtitle']);
$entry['user'] = $Pivot_Vars['f_user'];
$entry['convert_lb'] = $Pivot_Vars['convert_lb'];
$entry['status'] = $Pivot_Vars['f_status'];
$entry['allow_comments'] = $Pivot_Vars['f_allowcomments'];
$entry['vialink'] = strip_tags($Pivot_Vars['f_vialink']);
$entry['viatitle'] = strip_tags($Pivot_Vars['f_viatitle']);
// Only store the tb_url if we're not publishing. (because if we publish, we ping it, and forget it)
if ($entry['status'] != "publish") {
$entry['tb_url'] = strip_tags($Pivot_Vars['tb_url']);
} else {
if (isset($entry['tb_url'])) {
unset($entry['tb_url']);
}
}
// Gather all tags from introduction and body in keywords..
$tags = getTags(false, $entry['introduction'] . $entry['body'], strip_tags($Pivot_Vars['f_keywords']));
$entry['keywords'] = implode(", ", $tags);
return $entry;
}
function clean_richtext($text)
{
/*{{{*/
$allowtags = '<a><b><i><u><blockquote><img><strong><em><font><p><ol><ul><li><h1><h2><h3><h4><h5><h6><strike><span><br><table><tbody><th><tr><td><caption><colgroup><div><embed>';
$allowattributes = 'href,target,src,width,height,alt,title,size,face,color,align,style,name,rowspan,colspan,border,rev,class';
$text = preg_replace("/<(script.*?)>(.*?)<(\\/script.*?)>/si", "", $text);
// strip out any \r characters. all we need is \n
// $text = strtr($text, array("\r" => '', '&' => '&'));
// $text = strtr($text, array("onmouseover" => '', 'onmouseout' => '', 'on'));
$text = utf8_sanitize($text);
$text = strip_tags_attributes($text, $allowtags, $allowattributes);
$text = preg_replace('/mso-.*?:.*?(;|\\"|\'|>)/si', '$1', $text);
// $text = preg_replace('/(?<!href=")(?<!src=")((https?:\/\/)([-a-zA-Z0-9@:%_\+.~#?&\/=]+))/i', '<a href="$1" target="_blank">$3</a>', $text);
// XSS protection: <a href="javascript: alert(...
$text = preg_replace('/href=([\'"]).*?javascript:(.*)?\\1/i', 'href="#$2"', $text);
$text = tidy_html($text);
return $text;
}