PHP CBXSanitizer::ApplyHtmlSpecChars 예제들

예제 #1

파일: tasksync.php 프로젝트: DarneoStudio/bitrix

 public static function SyncModifyTaskItem($arModifyEventArray)
 {
     global $DB;
     $ID = $arModifyEventArray["ID"];
     // sanitize description here
     $Sanitizer = new CBXSanitizer();
     $Sanitizer->SetLevel(CBXSanitizer::SECURE_LEVEL_LOW);
     $Sanitizer->ApplyHtmlSpecChars(false);
     $Sanitizer->DeleteSanitizedTags(true);
     $arModifyEventArray['BODY'] = trim($Sanitizer->SanitizeHtml($arModifyEventArray['BODY']));
     $arFields = array("RESPONSIBLE_ID" => $arModifyEventArray["USER_ID"], "SITE_ID" => SITE_ID, "EXCHANGE_ID" => $arModifyEventArray["XML_ID"], "EXCHANGE_MODIFIED" => $arModifyEventArray["MODIFICATION_LABEL"], "TITLE" => $arModifyEventArray["SUBJECT"], "DESCRIPTION" => $arModifyEventArray["BODY"], "DESCRIPTION_IN_BBCODE" => 'N', "CREATED_DATE" => $arModifyEventArray["DATE_CREATE"], "PRIORITY" => self::$PriorityMapping[strtolower($arModifyEventArray["IMPORTANCE"])], "DURATION_FACT" => ceil($arModifyEventArray["ACTUAL_WORK"] / 60), "START_DATE_PLAN" => $arModifyEventArray["START_DATE"], "DEADLINE" => $arModifyEventArray["DUE_DATE"], "STATUS" => self::$StatusMapping[strtolower($arModifyEventArray["STATUS"])], "DURATION_PLAN" => ceil($arModifyEventArray["TOTAL_WORK"] / 60), "DURATION_TYPE" => "hours");
     $arExtraFields = array();
     if (isset($arModifyEventArray['ExtendedProperty']) && is_array($arModifyEventArray['ExtendedProperty'])) {
         foreach ($arModifyEventArray['ExtendedProperty'] as $arExtendedProperty) {
             $arExtraFields[$arExtendedProperty['Name']] = $arExtendedProperty['Value'];
         }
     }
     if ($ID == 0) {
         $arFields["STATUS_CHANGED_BY"] = $arFields["CHANGED_BY"] = $arFields["CREATED_BY"] = $arFields["RESPONSIBLE_ID"];
         $arFields["STATUS_CHANGED_DATE"] = $arFields["CHANGED_DATE"] = $arFields["CREATED_DATE"];
         $ID = $DB->Add("b_tasks", $arFields, array("DESCRIPTION"), "tasks");
         if ($ID) {
             $arFields["ID"] = $ID;
             CTaskNotifications::SendAddMessage($arFields);
             $arLogFields = array("TASK_ID" => $ID, "USER_ID" => $arFields["CREATED_BY"], "CREATED_DATE" => $arFields["CREATED_DATE"], "FIELD" => "NEW");
             $log = new CTaskLog();
             $log->Add($arLogFields);
         }
     } else {
         $strUpdate = $DB->PrepareUpdate("b_tasks", $arFields, "tasks");
         $strSql = "UPDATE b_tasks SET " . $strUpdate . " WHERE ID=" . $ID;
         $arBinds = array('DESCRIPTION' => $arFields['DESCRIPTION']);
         $result = $DB->QueryBind($strSql, $arBinds, false, "File: " . __FILE__ . "<br>Line: " . __LINE__);
         if ($result) {
             $rsTask = CTasks::GetByID($ID, false);
             if ($arTask = $rsTask->Fetch()) {
                 $arFields["CHANGED_BY"] = $arFields["RESPONSIBLE_ID"];
                 $arFields["CHANGED_DATE"] = date($DB->DateFormatToPHP(CSite::GetDateFormat("FULL")), time() + CTimeZone::GetOffset());
                 CTaskNotifications::SendUpdateMessage($arFields, $arTask);
                 $arChanges = CTaskLog::GetChanges($arTask, $arFields);
                 foreach ($arChanges as $key => $value) {
                     $arLogFields = array("TASK_ID" => $ID, "USER_ID" => $arFields["CHANGED_BY"], "CREATED_DATE" => $arFields["CHANGED_DATE"], "FIELD" => $key, "FROM_VALUE" => $value["FROM_VALUE"], "TO_VALUE" => $value["TO_VALUE"]);
                     $log = new CTaskLog();
                     $log->Add($arLogFields);
                 }
             }
         }
     }
 }

예제 #2

파일: iblock_edit_property.php 프로젝트: DarneoStudio/bitrix

     $arProperty['FILTER_HINT'] = $arDefPropInfo['FILTER_HINT'];
 }
 $arProperty['MULTIPLE'] = 'Y' == $arProperty['MULTIPLE'] ? 'Y' : 'N';
 $arProperty['IS_REQUIRED'] = 'Y' == $arProperty['IS_REQUIRED'] ? 'Y' : 'N';
 $arProperty['FILTRABLE'] = 'Y' == $arProperty['FILTRABLE'] ? 'Y' : 'N';
 $arProperty['SEARCHABLE'] = 'Y' == $arProperty['SEARCHABLE'] ? 'Y' : 'N';
 $arProperty['ACTIVE'] = 'Y' == $arProperty['ACTIVE'] ? 'Y' : 'N';
 $arProperty['SECTION_PROPERTY'] = 'N' == $arProperty['SECTION_PROPERTY'] ? 'N' : 'Y';
 $arProperty['SMART_FILTER'] = 'Y' == $arProperty['SMART_FILTER'] ? 'Y' : 'N';
 $arProperty['DISPLAY_TYPE'] = substr($arProperty['DISPLAY_TYPE'], 0, 1);
 $arProperty['DISPLAY_EXPANDED'] = 'Y' == $arProperty['DISPLAY_EXPANDED'] ? 'Y' : 'N';
 $arProperty['FILTER_HINT'] = trim($arProperty['FILTER_HINT']);
 if ($arProperty['FILTER_HINT']) {
     $TextParser = new CBXSanitizer();
     $TextParser->SetLevel(CBXSanitizer::SECURE_LEVEL_LOW);
     $TextParser->ApplyHtmlSpecChars(false);
     $arProperty['FILTER_HINT'] = $TextParser->SanitizeHtml($arProperty['FILTER_HINT']);
 }
 $arProperty['MULTIPLE_CNT'] = intval($arProperty['MULTIPLE_CNT']);
 if (0 >= $arProperty['MULTIPLE_CNT']) {
     $arProperty['MULTIPLE_CNT'] = DEF_LIST_VALUE_COUNT;
 }
 $arProperty['WITH_DESCRIPTION'] = 'Y' == $arProperty['WITH_DESCRIPTION'] ? 'Y' : 'N';
 if (!empty($arListValues)) {
     $arProperty["VALUES"] = $arListValues;
 }
 $arHidden = array();
 foreach ($arHiddenPropFields as &$strPropField) {
     if (isset($arProperty[$strPropField])) {
         $arHidden[$strPropField] = $arProperty[$strPropField];
         unset($arProperty[$strPropField]);

예제 #3

파일: iblock_edit.php 프로젝트: Satariall/izurit

function GetPropertyInfo($strPrefix, $ID, $boolUnpack = true, $arHiddenPropFields = array())
{
    global $arDefPropInfo;
    $boolUnpack = $boolUnpack === true;
    $arResult = false;
    if (!is_array($arHiddenPropFields)) {
        return $arResult;
    }
    if (isset($_POST[$strPrefix . $ID . '_NAME']) && 0 < strlen($_POST[$strPrefix . $ID . '_NAME']) && isset($_POST[$strPrefix . $ID . '_PROPINFO'])) {
        $strEncodePropInfo = $_POST[$strPrefix . $ID . '_PROPINFO'];
        $strPropInfo = base64_decode($strEncodePropInfo);
        if (CheckSerializedData($strPropInfo)) {
            $arResult = array('ID' => isset($_POST[$strPrefix . $ID . '_ID']) && 0 < intval($_POST[$strPrefix . $ID . '_ID']) ? intval($_POST[$strPrefix . $ID . '_ID']) : 0, 'NAME' => strval($_POST[$strPrefix . $ID . "_NAME"]), 'SORT' => 0 < intval($_POST[$strPrefix . $ID . "_SORT"]) ? intval($_POST[$strPrefix . $ID . "_SORT"]) : 500, 'CODE' => isset($_POST[$strPrefix . $ID . "_CODE"]) ? strval($_POST[$strPrefix . $ID . "_CODE"]) : '', 'MULTIPLE' => isset($_POST[$strPrefix . $ID . "_MULTIPLE"]) && 'Y' == $_POST[$strPrefix . $ID . "_MULTIPLE"] ? 'Y' : 'N', 'IS_REQUIRED' => isset($_POST[$strPrefix . $ID . "_IS_REQUIRED"]) && 'Y' == $_POST[$strPrefix . $ID . "_IS_REQUIRED"] ? 'Y' : 'N', 'ACTIVE' => isset($_POST[$strPrefix . $ID . "_ACTIVE"]) && 'Y' == $_POST[$strPrefix . $ID . "_ACTIVE"] ? 'Y' : 'N', 'USER_TYPE' => false);
            if (isset($_POST[$strPrefix . $ID . "_PROPERTY_TYPE"])) {
                if (false !== strpos($_POST[$strPrefix . $ID . "_PROPERTY_TYPE"], ":")) {
                    list($arResult["PROPERTY_TYPE"], $arResult["USER_TYPE"]) = explode(':', $_POST[$strPrefix . $ID . "_PROPERTY_TYPE"], 2);
                } else {
                    $arResult["PROPERTY_TYPE"] = $_POST[$strPrefix . $ID . "_PROPERTY_TYPE"];
                }
            }
            if ($boolUnpack) {
                $arPropInfo = unserialize($strPropInfo);
                foreach ($arHiddenPropFields as &$strFieldKey) {
                    $arResult[$strFieldKey] = isset($arPropInfo[$strFieldKey]) ? $arPropInfo[$strFieldKey] : $arDefPropInfo[$strFieldKey];
                }
                $arResult['ROW_COUNT'] = intval($arResult['ROW_COUNT']);
                if (0 >= $arResult['ROW_COUNT']) {
                    $arResult['ROW_COUNT'] = $arDefPropInfo['ROW_COUNT'];
                }
                $arResult['COL_COUNT'] = intval($arResult['COL_COUNT']);
                if (0 >= $arResult['COL_COUNT']) {
                    $arResult['COL_COUNT'] = $arDefPropInfo['COL_COUNT'];
                }
                $arResult['LINK_IBLOCK_ID'] = intval($arResult['LINK_IBLOCK_ID']);
                if (0 > $arResult['LINK_IBLOCK_ID']) {
                    $arResult['LINK_IBLOCK_ID'] = $arDefPropInfo['LINK_IBLOCK_ID'];
                }
                $arResult['WITH_DESCRIPTION'] = 'Y' == $arResult['WITH_DESCRIPTION'] ? 'Y' : 'N';
                $arResult['FILTRABLE'] = 'Y' == $arResult['FILTRABLE'] ? 'Y' : 'N';
                $arResult['SEARCHABLE'] = 'Y' == $arResult['SEARCHABLE'] ? 'Y' : 'N';
                $arResult['SECTION_PROPERTY'] = 'N' == $arResult['SECTION_PROPERTY'] ? 'N' : 'Y';
                $arResult['SMART_FILTER'] = 'Y' == $arResult['SMART_FILTER'] ? 'Y' : 'N';
                $arResult['DISPLAY_TYPE'] = substr($arResult['DISPLAY_TYPE'], 0, 1);
                $arResult['DISPLAY_EXPANDED'] = 'Y' == $arResult['DISPLAY_EXPANDED'] ? 'Y' : 'N';
                $arProperty['FILTER_HINT'] = trim($arProperty['FILTER_HINT']);
                if ($arProperty['FILTER_HINT']) {
                    $TextParser = new CBXSanitizer();
                    $TextParser->SetLevel(CBXSanitizer::SECURE_LEVEL_LOW);
                    $TextParser->ApplyHtmlSpecChars(false);
                    $arProperty['FILTER_HINT'] = $TextParser->SanitizeHtml($arProperty['FILTER_HINT']);
                }
                $arResult['MULTIPLE_CNT'] = intval($arResult['MULTIPLE_CNT']);
                if (0 >= $arResult['MULTIPLE_CNT']) {
                    $arResult['MULTIPLE_CNT'] = $arDefPropInfo['MULTIPLE_CNT'];
                }
                $arResult['LIST_TYPE'] = 'C' == $arResult['LIST_TYPE'] ? 'C' : 'L';
                if ('Y' != COption::GetOptionString("iblock", "show_xml_id", "N") && isset($arResult["XML_ID"])) {
                    unset($arResult["XML_ID"]);
                }
            } else {
                $arResult['PROPINFO'] = $strEncodePropInfo;
            }
            if (0 < intval($ID)) {
                $arResult['DEL'] = isset($_POST[$strPrefix . $ID . "_DEL"]) && 'Y' == $_POST[$strPrefix . $ID . "_DEL"] ? 'Y' : 'N';
            }
        }
    }
    return $arResult;
}

예제 #4

파일: htmldocument.php 프로젝트: DarneoStudio/bitrix

 /**
  * Sanitizes string and converts it to the site's charset.
  *
  * @param string $str Input string.
  * @return string
  */
 protected function filterString($str)
 {
     $sanitizer = new \CBXSanitizer();
     $sanitizer->SetLevel(\CBXSanitizer::SECURE_LEVEL_HIGH);
     $sanitizer->ApplyHtmlSpecChars(false);
     $str = html_entity_decode($str, ENT_QUOTES, $this->getEncoding());
     $str = Encoding::convertEncoding($str, $this->getEncoding(), Context::getCurrent()->getCulture()->getCharset());
     $str = trim($str);
     $str = $sanitizer->SanitizeHtml($str);
     return $str;
 }

예제 #5

파일: im_message_param.php 프로젝트: DarneoStudio/bitrix

 public function AddHtml($html)
 {
     if (!isset($html)) {
         return false;
     }
     $sanitizer = new CBXSanitizer();
     $sanitizer->SetLevel(CBXSanitizer::SECURE_LEVEL_MIDDLE);
     $sanitizer->ApplyHtmlSpecChars(false);
     $html = preg_replace('/<script\\b[^>]*>(.*?)<\\/script>/is', "", $html);
     $this->result['BLOCKS'][]['HTML'] = $sanitizer->SanitizeHtml($html);
     return true;
 }

예제 #6

파일: tasktools.php 프로젝트: DarneoStudio/bitrix

 /**
  * Sanitize tasks description if sanitizer enabled in task module options
  */
 public static function SanitizeHtmlDescriptionIfNeed($rawHtml)
 {
     static $bUseHtmlSanitizer = null;
     static $oSanitizer = null;
     // Init sanitizer (if we need it) only once at hit
     if ($bUseHtmlSanitizer === null) {
         $bSanitizeLevel = COption::GetOptionString('tasks', 'sanitize_level');
         if ($bSanitizeLevel >= 0) {
             $bUseHtmlSanitizer = true;
             if (!in_array($bSanitizeLevel, array(CBXSanitizer::SECURE_LEVEL_HIGH, CBXSanitizer::SECURE_LEVEL_MIDDLE, CBXSanitizer::SECURE_LEVEL_LOW))) {
                 $bSanitizeLevel = CBXSanitizer::SECURE_LEVEL_HIGH;
             }
             $oSanitizer = new CBXSanitizer();
             $oSanitizer->SetLevel($bSanitizeLevel);
             $oSanitizer->AddTags(array('blockquote' => array('style', 'class', 'id'), 'colgroup' => array('style', 'class', 'id'), 'col' => array('style', 'class', 'id', 'width', 'height', 'span', 'style')));
             $oSanitizer->ApplyHtmlSpecChars(true);
             // if we don't disable this, than text such as "df 1 < 2 dasfa and 5 > 4 will be partially lost"
             $oSanitizer->DeleteSanitizedTags(false);
         } else {
             $bUseHtmlSanitizer = false;
         }
     }
     if (!$bUseHtmlSanitizer) {
         return $rawHtml;
     }
     return $oSanitizer->SanitizeHtml(htmlspecialcharsback($rawHtml));
 }