/**
* parses the allowed HTML tags for use by htmLawed
*
*@param string &$source by name, contains the string with the tag options
*@return array the allowed_tags array.
*@since 1.1.3
**/
function parseAllowedTags(&$source)
{
$source = trim($source);
if (substr($source, 0, 1) != "(") {
return false;
}
$source = substr($source, 1);
//strip off the open paren
$a = array();
while (strlen($source) > 1 && substr($source, 0, 1) != ")") {
$i = strpos($source, '=>');
if ($i === false) {
return false;
}
$tag = trim(substr($source, 0, $i));
$source = trim(substr($source, $i + 2));
if (substr($source, 0, 1) != "(") {
return false;
}
$x = parseAllowedTags($source);
if ($x === false) {
return false;
}
$a[$tag] = $x;
}
if (substr($source, 0, 1) != ')') {
return false;
}
$source = trim(substr($source, 1));
//strip the close paren
return $a;
}
/* handle posts */
if (isset($_GET['action'])) {
$action = sanitize($_GET['action']);
$themeswitch = false;
if ($action == 'saveoptions') {
XSRFdefender('saveoptions');
$table = NULL;
$notify = '';
$returntab = '';
$themealbum = $themename = NULL;
/* * * General options ** */
if (isset($_POST['savegeneraloptions'])) {
$returntab = "&tab=general";
$tags = strtolower(sanitize($_POST['allowed_tags'], 0));
$test = "(" . $tags . ")";
$a = parseAllowedTags($test);
if ($a) {
setOption('allowed_tags', $tags);
$notify = '';
} else {
$notify = '?tag_parse_error=' . $a;
}
$oldloc = SITE_LOCALE;
// get the option as stored in the database, not what might have been set by a cookie
$newloc = sanitize($_POST['locale'], 3);
$languages = generateLanguageList(true);
$languages[''] = '';
foreach ($languages as $text => $lang) {
if ($lang == $newloc || isset($_POST['language_allow_' . $lang])) {
setOption('disallow_' . $lang, 0);
} else {
/**
*
* Returns an array of html tags allowed
* @param string $which either 'allowed_tags' or 'style_tags' depending on which is wanted.
*/
function getAllowedTags($which)
{
global $_user_tags, $_style_tags, $_default_tags;
switch ($which) {
case 'allowed_tags':
if (is_null($_user_tags)) {
$user_tags = "(" . getOption('allowed_tags') . ")";
$allowed_tags = parseAllowedTags($user_tags);
if ($allowed_tags === false) {
// someone has screwed with the 'allowed_tags' option row in the database, but better safe than sorry
$allowed_tags = array();
}
$_user_tags = $allowed_tags;
}
return $_user_tags;
break;
case 'style_tags':
if (is_null($_style_tags)) {
$style_tags = "(" . getOption('style_tags') . ")";
$allowed_tags = parseAllowedTags($style_tags);
if ($allowed_tags === false) {
// someone has screwed with the 'style_tags' option row in the database, but better safe than sorry
$allowed_tags = array();
}
$_style_tags = $allowed_tags;
}
return $_style_tags;
break;
case 'allowed_tags_default':
if (is_null($_default_tags)) {
$default_tags = "(" . getOption('allowed_tags_default') . ")";
$allowed_tags = parseAllowedTags($default_tags);
if ($allowed_tags === false) {
// someone has screwed with the 'allowed_tags' option row in the database, but better safe than sorry
$allowed_tags = array();
}
$_default_tags = $allowed_tags;
}
return $_default_tags;
break;
}
return array();
}
function sanitize_string($input_string, $sanitize_level)
{
require_once dirname(__FILE__) . '/lib-htmlawed.php';
if (get_magic_quotes_gpc()) {
$input_string = stripslashes($input_string);
}
if ($sanitize_level === 0) {
$input_string = str_replace(chr(0), " ", $input_string);
} else {
if ($sanitize_level === 1) {
$allowed_tags = "(" . getOption('allowed_tags') . ")";
$allowed = parseAllowedTags($allowed_tags);
if ($allowed === false) {
$allowed = array();
}
$input_string = kses($input_string, $allowed);
} else {
if ($sanitize_level === 2) {
$allowed = array();
$input_string = kses($input_string, $allowed);
}
}
}
return $input_string;
}
function sanitize_string($input_string, $sanitize_level)
{
if (get_magic_quotes_gpc()) {
$input_string = stripslashes($input_string);
}
if ($sanitize_level === 0) {
$input_string = str_replace(chr(0), " ", $input_string);
} else {
if ($sanitize_level === 1) {
$allowed_tags = "(" . getOption('allowed_tags') . ")";
$allowed = parseAllowedTags($allowed_tags);
if ($allowed === false) {
$allowed = array();
}
$input_string = kses($input_string, $allowed);
} else {
if ($sanitize_level === 2) {
$allowed = array();
$input_string = kses($input_string, $allowed);
// Full sanitation. Strips all code.
} else {
if ($sanitize_level === 3) {
$allowed_tags = array();
$input_string = kses($input_string, $allowed_tags);
}
}
}
}
return $input_string;
}
/** returns a sanitized string for the sanitize function
* @param string $input_string
* @param string $sanitize_level
* @return string the sanitized string.
*/
function sanitize_string($input_string, $sanitize_level)
{
// Strip slashes if get_magic_quotes_gpc is enabled.
if (get_magic_quotes_gpc()) {
$input_string = stripslashes($input_string);
}
// Basic sanitation.
if ($sanitize_level === 0) {
return str_replace(chr(0), " ", $input_string);
}
// User specified sanititation.
require_once dirname(__FILE__) . '/lib-htmlawed.php';
if ($sanitize_level === 1) {
$user_tags = "(" . getOption('allowed_tags') . ")";
$allowed_tags = parseAllowedTags($user_tags);
if ($allowed_tags === false) {
$allowed_tags = array();
}
// someone has screwed with the 'allowed_tags' option row in the database, but better safe than sorry
$input_string = kses($input_string, $allowed_tags);
// Text formatting sanititation.
} else {
if ($sanitize_level === 2) {
$style_tags = "(" . getOption('style_tags') . ")";
$allowed_tags = parseAllowedTags($style_tags);
if ($allowed_tags === false) {
$allowed_tags = array();
}
// someone has screwed with the 'style_tags' option row in the database, but better safe than sorry
$input_string = kses($input_string, $allowed_tags);
// Full sanitation. Strips all code.
} else {
if ($sanitize_level === 3) {
$allowed_tags = array();
$input_string = kses($input_string, $allowed_tags);
}
}
}
return $input_string;
}
/**
*
* Returns an array of html tags allowed
* @param string $which either 'allowed_tags' or 'style_tags' depending on which is wanted.
*/
function getAllowedTags($which)
{
global $_user_tags, $_style_tags;
if ($which == 'allowed_tags') {
if (is_null($_user_tags)) {
$user_tags = "(" . getOption('allowed_tags') . ")";
$allowed_tags = parseAllowedTags($user_tags);
if ($allowed_tags === false) {
// someone has screwed with the 'allowed_tags' option row in the database, but better safe than sorry
$allowed_tags = array();
}
$_user_tags = $allowed_tags;
}
return $_user_tags;
} else {
if (is_null($_style_tags)) {
$style_tags = "(" . getOption('style_tags') . ")";
$allowed_tags = parseAllowedTags($style_tags);
if ($allowed_tags === false) {
// someone has screwed with the 'style_tags' option row in the database, but better safe than sorry
$allowed_tags = array();
}
$_style_tags = $allowed_tags;
}
return $_style_tags;
}
}