/** * Callback function for strip_illegal_entities, do not use. * @access private * @param array $m matches */ public static function _validate_entity($m) { $is_valid = FALSE; // valid entity references have the form // /&named([;<\n\r])/ // for named entities, or // /&#(\d{1,5}|[xX][0-9a-fA-F]{1,4})([;<\n\r])/ // for numeric character references $e = trim($m[1]); $r = $m[2]; if ($r == ';') { $r = ''; } if ($e[0] == '#') { $e = strtolower($e); if ($e[1] == 'x') { $e = hexdec(substr($e, 2)); } else { $e = substr($e, 1); } // numeric character references may only have values in the range 0-65535 (16 bit) // we strip null, though, just for kicks $is_valid = intval($e) > 0 && intval($e) <= 65535; if ($is_valid) { // normalize to decimal form $e = '#' . intval($e) . ';'; } } else { if (self::$character_entities_re == '') { self::$character_entities_re = ';(' . implode('|', self::$character_entities) . ');'; } // named entities must be known $is_valid = preg_match(self::$character_entities_re, $e, $matches); // XXX should we map named entities to their numeric equivalents? if ($is_valid) { // normalize to name and nothing but the name... eh. $e = $matches[1] . ';'; } } return $is_valid ? '&' . $e . $r : ''; }