/** * Internal method to strip a tag of certain attributes * * @access protected * @param array $attrSet Array of attribute pairs to filter * @return array Filtered array of attribute pairs */ function _cleanAttributes($attrSet) { // Initialize variables $newSet = array(); // Iterate through attribute pairs for ($i = 0; $i < count($attrSet); $i++) { // Skip blank spaces if (!$attrSet[$i]) { continue; } // Split into name/value pairs $attrSubSet = explode('=', trim($attrSet[$i]), 2); list($attrSubSet[0]) = explode(' ', $attrSubSet[0]); /* * Remove all "non-regular" attribute names * AND blacklisted attributes */ if (!preg_match('/[a-z]*$/i', $attrSubSet[0]) || $this->xssAuto && (in_array(strtolower($attrSubSet[0]), $this->attrBlacklist) || substr($attrSubSet[0], 0, 2) == 'on')) { continue; } // XSS attribute value filtering if ($attrSubSet[1]) { // strips unicode, hex, etc $attrSubSet[1] = str_replace('&#', '', $attrSubSet[1]); // strip normal newline within attr value $attrSubSet[1] = preg_replace('/[\\n\\r]/', '', $attrSubSet[1]); // strip double quotes $attrSubSet[1] = str_replace('"', '', $attrSubSet[1]); // convert single quotes from either side to doubles (Single quotes shouldn't be used to pad attr value) if (substr($attrSubSet[1], 0, 1) == "'" && substr($attrSubSet[1], strlen($attrSubSet[1]) - 1, 1) == "'") { $attrSubSet[1] = substr($attrSubSet[1], 1, strlen($attrSubSet[1]) - 2); } // strip slashes $attrSubSet[1] = stripslashes($attrSubSet[1]); } // Autostrip script tags if (Xmf_Filter_Input::checkAttribute($attrSubSet)) { continue; } // Is our attribute in the user input array? $attrFound = in_array(strtolower($attrSubSet[0]), $this->attrArray); // If the tag is allowed lets keep it if (!$attrFound && $this->attrMethod || $attrFound && !$this->attrMethod) { // Does the attribute have a value? if ($attrSubSet[1]) { $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[1] . '"'; } elseif ($attrSubSet[1] == "0") { /* * Special Case * Is the value 0? */ $newSet[] = $attrSubSet[0] . '="0"'; } else { $newSet[] = $attrSubSet[0] . '="' . $attrSubSet[0] . '"'; } } } return $newSet; }
/** * Clean up an input variable. * * @param mixed The input variable. * @param int Filter bit mask. 1=no trim: If this flag is cleared and the * input is a string, the string will have leading and trailing whitespace * trimmed. 2=allow_raw: If set, no more filtering is performed, higher bits * are ignored. 4=allow_html: HTML is allowed, but passed through a safe * HTML filter first. If set, no more filtering is performed. If no bits * other than the 1 bit is set, a strict filter is applied. * @param string The variable type {@see JFilterInput::clean()}. */ function _cleanVar($var, $mask = 0, $type = null) { // Static input filters for specific settings static $noHtmlFilter = null; static $safeHtmlFilter = null; // If the no trim flag is not set, trim the variable if (!($mask & 1) && is_string($var)) { $var = trim($var); } // Now we handle input filtering if ($mask & 2) { // If the allow raw flag is set, do not modify the variable $var = $var; } else { if ($mask & 4) { // If the allow html flag is set, apply a safe html filter to the variable if (is_null($safeHtmlFilter)) { $safeHtmlFilter =& Xmf_Filter_Input::getInstance(null, null, 1, 1); } $var = $safeHtmlFilter->clean($var, $type); } else { // Since no allow flags were set, we will apply the most strict filter to the variable if (is_null($noHtmlFilter)) { $noHtmlFilter =& Xmf_Filter_Input::getInstance(); } $var = $noHtmlFilter->clean($var, $type); } } return $var; }