/** * Callback pour les <math></math> * Gestion du TeX * * @param string $t * @return string */ function replace_math($t) { if (!function_exists('traiter_math')) { include_spip('inc/math'); } $t = traiter_math($t, ''); return $t; }
function echappe_html($letexte, $source, $no_transform = false) { global $flag_pcre; $les_echap = array(); if ($flag_pcre) { // beaucoup plus rapide si on a pcre $regexp_echap_html = "<html>((.*?))<\\/html>"; $regexp_echap_code = "<code>((.*?))<\\/code>"; $regexp_echap_cadre = "[\n\r]*<(cadre|frame)>((.*?))<\\/(cadre|frame)>[\n\r]*"; $regexp_echap_poesie = "[\n\r]*<(poesie|poetry)>((.*?))<\\/(poesie|poetry)>[\n\r]*"; $regexp_echap = "/({$regexp_echap_html})|({$regexp_echap_code})|({$regexp_echap_cadre})|({$regexp_echap_poesie})/si"; } else { //echo creer_echappe_sans_pcre("cadre"); $regexp_echap_html = "<html>(([^<]|<[^/]|</[^h]|</h[^t]|</ht[^m]|</htm[^l]|<\\/html[^>])*)<\\/html>"; $regexp_echap_code = "<code>(([^<]|<[^/]|</[^c]|</c[^o]|</co[^d]|</cod[^e]|<\\/code[^>])*)<\\/code>"; $regexp_echap_cadre = "(<[cf][ar][da][rm]e>(([^<]|<[^/]|</[^cf]|</[cf][^ar]|</[cf][ar][^da]|</[cf][ar][da][^rm]|</[cf][ar][da][rm][^e]|<\\/[cf][ar][da][rm]e[^>])*)<\\/[cf][ar][da][rm]e>)()"; // parentheses finales pour obtenir meme nombre de regs que pcre $regexp_echap_poesie = "(<poe[st][ir][ey]>(([^<]|<[^/]|</[^p]|</p[^o]|</po[^e]|</poe[^st]|</poe[st][^ir]|</poe[st][ir][^[ey]]|<\\/poe[st][ir][ey][^>])*)<\\/poe[st][ir][ey]>)()"; $regexp_echap = "({$regexp_echap_html})|({$regexp_echap_code})|({$regexp_echap_cadre})|({$regexp_echap_poesie})"; } while ($flag_pcre && preg_match($regexp_echap, $letexte, $regs) || !$flag_pcre && preg_match($regexp_echap, $letexte, $regs)) { $num_echap++; if ($no_transform) { // echappements bruts $les_echap[$num_echap] = $regs[0]; } else { if ($regs[1]) { // Echapper les <html>...</ html> $les_echap[$num_echap] = $regs[2]; } else { if ($regs[4]) { // Echapper les <code>...</ code> $lecode = entites_html($regs[5]); // supprimer les sauts de ligne debut/fin (mais pas les espaces => ascii art). $lecode = preg_replace("/^\n+|\n+\$/", "", $lecode); // ne pas mettre le <div...> s'il n'y a qu'une ligne if (is_int(strpos($lecode, "\n"))) { $lecode = nl2br("<div align='left' class='spip_code' dir='ltr'>" . $lecode . "</div>"); } else { $lecode = "<span class='spip_code' dir='ltr'>" . $lecode . "</span>"; } $lecode = preg_replace("/\t/", " ", $lecode); $lecode = preg_replace("/ /", " ", $lecode); $les_echap[$num_echap] = "<tt>" . $lecode . "</tt>"; } else { if ($regs[7]) { // Echapper les <cadre>...</cadre> $lecode = trim(entites_html($regs[9])); $total_lignes = count(explode("\n", $lecode)); $les_echap[$num_echap] = "</p><form action=\"/\" method=\"get\"><textarea readonly='readonly' cols='40' rows='{$total_lignes}' class='spip_cadre' dir='ltr'>" . $lecode . "</textarea></form><p class=\"spip\">"; } else { if ($regs[12]) { $lecode = $regs[14]; $lecode = preg_replace("/\n[[:space:]]*\n/", "\n \n", $lecode); $lecode = preg_replace("/\r/", "\n", $lecode); $lecode = "<div class=\"spip_poesie\"><div>" . preg_replace("/\n+/", "</div>\n<div>", $lecode) . "</div></div>"; $les_echap[$num_echap] = propre($lecode); } } } } } $pos = strpos($letexte, $regs[0]); $letexte = substr($letexte, 0, $pos) . "@@SPIP_{$source}{$num_echap}@@" . substr($letexte, $pos + strlen($regs[0])); } // Gestion du TeX // [ML] likely to be removed if (!(strpos($letexte, "<math>") === false)) { include_lcm('inc_math'); $letexte = traiter_math($letexte, $les_echap, $num_echap, $source); } // // Insertion d'images et de documents utilisateur // while (preg_match("/<(IMG|DOC|EMB)([0-9]+)(\\|([^\\>]*))?/i" . ">", $letexte, $match)) { include_ecrire("inc_documents.php3"); $num_echap++; $letout = quotemeta($match[0]); $letout = preg_replace("/\\|/", "\\|", $letout); $id_document = $match[2]; $align = $match[4]; if (preg_match("/emb/i", $match[1])) { $rempl = embed_document($id_document, $align); } else { $rempl = integre_image($id_document, $align, $match[1]); } $letexte = preg_replace($letout, "@@SPIP_{$source}{$num_echap}@@", $letexte); $les_echap[$num_echap] = $rempl; } // // Echapper les tags html contenant des caracteres sensibles a la typo // $regexp_echap = "<[a-zA-Z!][^<>!':;\\?]*[!':;\\?][^<>]*>"; if ($flag_pcre) { if (preg_match_all("/{$regexp_echap}/", $letexte, $regs, PREG_SET_ORDER)) { while (list(, $reg) = each($regs)) { $num_echap++; $les_echap[$num_echap] = $reg[0]; //echo htmlspecialchars($reg[0])."<p>"; $pos = strpos($letexte, $les_echap[$num_echap]); $letexte = substr($letexte, 0, $pos) . "@@SPIP_{$source}{$num_echap}@@" . substr($letexte, $pos + strlen($les_echap[$num_echap])); } } } else { while (preg_match($regexp_echap, $letexte, $reg)) { $num_echap++; $les_echap[$num_echap] = $reg[0]; $pos = strpos($letexte, $les_echap[$num_echap]); $letexte = substr($letexte, 0, $pos) . "@@SPIP_{$source}{$num_echap}@@" . substr($letexte, $pos + strlen($les_echap[$num_echap])); } } return array($letexte, $les_echap); }
function echappe_html($letexte, $source = '', $no_transform = false, $preg = '') { if (!is_string($letexte) or !strlen($letexte)) { return $letexte; } // si le texte recu est long PCRE risque d'exploser, on // fait donc un mic-mac pour augmenter pcre.backtrack_limit if (($len = strlen($letexte)) > 100000) { if (!($old = @ini_get('pcre.backtrack_limit'))) { $old = 100000; } if ($len > $old) { $a = @ini_set('pcre.backtrack_limit', $len); spip_log("ini_set pcre.backtrack_limit={$len} ({$old})"); } } if (($preg or strpos($letexte, "<") !== false) and preg_match_all($preg ? $preg : _PROTEGE_BLOCS, $letexte, $matches, PREG_SET_ORDER)) { foreach ($matches as $regs) { // echappements tels quels ? if ($no_transform) { $echap = $regs[0]; } else { if (function_exists($f = 'traiter_echap_' . strtolower($regs[1]))) { $echap = $f($regs); } else { if (function_exists($f = $f . '_dist')) { $echap = $f($regs); } } } $p = strpos($letexte, $regs[0]); $letexte = substr_replace($letexte, code_echappement($echap, $source, $no_transform), $p, strlen($regs[0])); } } if ($no_transform) { return $letexte; } // Gestion du TeX if (strpos($letexte, "<math>") !== false) { include_spip('inc/math'); $letexte = traiter_math($letexte, $source); } // Echapper le php pour faire joli (ici, c'est pas pour la securite) if (strpos($letexte, "<" . "?") !== false and preg_match_all(',<[?].*($|[?]>),UisS', $letexte, $matches, PREG_SET_ORDER)) { foreach ($matches as $regs) { $letexte = str_replace($regs[0], code_echappement(highlight_string($regs[0], true), $source), $letexte); } } return $letexte; }
function echappe_html($letexte, $source = '', $no_transform = false, $preg = '') { if (!is_string($letexte) or !strlen($letexte)) { return $letexte; } if (($preg or strpos($letexte, "<") !== false) and preg_match_all($preg ? $preg : _PROTEGE_BLOCS, $letexte, $matches, PREG_SET_ORDER)) { foreach ($matches as $regs) { // echappements tels quels ? if ($no_transform) { $echap = $regs[0]; } else { if (function_exists($f = 'traiter_echap_' . strtolower($regs[1]))) { $echap = $f($regs); } else { if (function_exists($f = $f . '_dist')) { $echap = $f($regs); } } } $letexte = str_replace($regs[0], code_echappement($echap, $source, $no_transform), $letexte); } } if ($no_transform) { return $letexte; } // Gestion du TeX if (strpos($letexte, "<math>") !== false) { include_spip('inc/math'); $letexte = traiter_math($letexte, $source); } // Echapper le php pour faire joli (ici, c'est pas pour la securite) if (strpos($letexte, "<" . "?") !== false and preg_match_all(',<[?].*($|[?]>),UisS', $letexte, $matches, PREG_SET_ORDER)) { foreach ($matches as $regs) { $letexte = str_replace($regs[0], code_echappement(highlight_string($regs[0], true), $source), $letexte); } } return $letexte; }
function echappe_html($letexte, $source = '', $no_transform = false, $preg = '') { if (!is_string($letexte) or !strlen($letexte)) { return $letexte; } // si le texte recu est long PCRE risque d'exploser, on // fait donc un mic-mac pour augmenter pcre.backtrack_limit if (($len = strlen($letexte)) > 100000) { if (!($old = @ini_get('pcre.backtrack_limit'))) { $old = 100000; } if ($len > $old) { $a = @ini_set('pcre.backtrack_limit', $len); spip_log("ini_set pcre.backtrack_limit={$len} ({$old})"); } } if (($preg or strpos($letexte, "<") !== false) and preg_match_all($preg ? $preg : _PROTEGE_BLOCS, $letexte, $matches, PREG_SET_ORDER)) { foreach ($matches as $regs) { // echappements tels quels ? if ($no_transform) { $echap = $regs[0]; } else { if (function_exists($f = 'traiter_echap_' . strtolower($regs[1]))) { $echap = $f($regs); } else { if (function_exists($f = $f . '_dist')) { $echap = $f($regs); } } } $p = strpos($letexte, $regs[0]); $letexte = substr_replace($letexte, code_echappement($echap, $source, $no_transform), $p, strlen($regs[0])); } } if ($no_transform) { return $letexte; } // Gestion du TeX // code mort sauf si on a personalise _PROTEGE_BLOCS sans y mettre <math> // eviter la rupture de compat en branche 3.0 // a supprimer en branche 3.1 if (strpos($preg ? $preg : _PROTEGE_BLOCS, 'code') !== false) { if (strpos($letexte, "<math>") !== false) { include_spip('inc/math'); $letexte = traiter_math($letexte, $source); } } // Echapper le php pour faire joli (ici, c'est pas pour la securite) // seulement si on a echappe les <script> // (derogatoire car on ne peut pas faire passer < ? ... ? > // dans une callback autonommee if (strpos($preg ? $preg : _PROTEGE_BLOCS, 'script') !== false) { if (strpos($letexte, "<" . "?") !== false and preg_match_all(',<[?].*($|[?]>),UisS', $letexte, $matches, PREG_SET_ORDER)) { foreach ($matches as $regs) { $letexte = str_replace($regs[0], code_echappement(highlight_string($regs[0], true), $source), $letexte); } } } return $letexte; }