/**
* Prepare a user field for database update
*/
public function prepareFieldDataSave($fieldType, $fieldName, $value, &$post, $params)
{
// $post = JRequest::get('post');
if (!class_exists('vmFilter')) {
require JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmfilter.php';
}
switch (strtolower($fieldType)) {
case 'webaddress':
if (isset($post[$fieldName . "Text"]) && $post[$fieldName . "Text"]) {
$oValuesArr = array();
$oValuesArr[0] = str_replace(array('mailto:', 'http://', 'https://'), '', $value);
$oValuesArr[1] = str_replace(array('mailto:', 'http://', 'https://'), '', $post[$fieldName . "Text"]);
$value = implode("|*|", $oValuesArr);
} else {
if ($value = vmFilter::urlcheck($value)) {
$value = str_replace(array('mailto:', 'http://', 'https://'), '', $value);
}
}
break;
case 'email':
case 'emailaddress':
$value = vmFilter::mail($value);
$value = str_replace('mailto:', '', $value);
$value = str_replace(array('\'', '"', ',', '%', '*', '/', '\\', '?', '^', '`', '{', '}', '|', '~'), array(''), $value);
//vmdebug('mail',$value);
break;
// case 'phone':
// $value = vmFilter::phone( $value );
// break;
// case 'phone':
// $value = vmFilter::phone( $value );
// break;
case 'multiselect':
case 'multicheckbox':
case 'select':
if (is_array($value)) {
$value = implode("|*|", $value);
}
break;
case 'age_verification':
$value = JRequest::getInt('birthday_selector_year') . '-' . JRequest::getInt('birthday_selector_month') . '-' . JRequest::getInt('birthday_selector_day');
break;
case 'textarea':
$value = JRequest::getVar($fieldName, '', 'post', 'string', JREQUEST_ALLOWRAW);
$value = vmFilter::hl($value, 'text');
break;
default:
case 'editorta':
$value = JRequest::getVar($fieldName, '', 'post', 'string', JREQUEST_ALLOWRAW);
$value = vmFilter::hl($value, 'no_js_flash');
break;
default:
// //*** code for htmlpurifier ***
// //SEE http://htmlpurifier.org/
// // must only add all htmlpurifier in library/htmlpurifier/
// if (!$this->htmlpurifier) {
// require(JPATH_VM_ADMINISTRATOR.DS.'library'.DS.'htmlpurifier'.DS.'HTMLPurifier.auto.php');
// $config = HTMLPurifier_Config::createDefault();
// $this->htmlpurifier = new HTMLPurifier($config);
// }
// $value = $this->htmlpurifier->purify($value);
// vmdebug( "purified filter" , $value);
//$config->set('URI.HostBlacklist', array('google.com'));// set eg .add google.com in black list
if (strpos($fieldType, 'plugin') !== false) {
JPluginHelper::importPlugin('vmuserfield');
$dispatcher = JDispatcher::getInstance();
// vmdebug('params',$params);
$dispatcher->trigger('plgVmPrepareUserfieldDataSave', array($fieldType, $fieldName, &$post, &$value, $params));
return $value;
}
// no HTML TAGS but permit all alphabet
$value = vmFilter::hl($value, array('deny_attribute' => '*'));
$value = preg_replace('@<[\\/\\!]*?[^<>]*?>@si', '', $value);
//remove all html tags
$value = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $value);
//replace start of script onclick() onload()...
$value = trim(str_replace('"', ' ', $value), "'");
$value = (string) preg_replace('#^\'#si', '', $value);
//replace ' at start
break;
}
return $value;
}
private function filterCartInput($v)
{
$v = vmFilter::hl($v, array('deny_attribute' => '*'));
//to strong
/* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */
//lets use instead
$v = JComponentHelper::filterText($v);
$v = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $v);
//replace start of script onclick() onload()...
$v = str_replace(array('"', "\t", "\n", "\r", "", "\v"), ' ', trim($v));
return (string) preg_replace('#^\'#si', '', $v);
}
/**
* Add a product to the cart
*
* @author RolandD
* @author Max Milbers
* @access public
*/
public function add($virtuemart_product_ids = null, &$errorMsg = '')
{
$mainframe = JFactory::getApplication();
$success = false;
$post = JRequest::get('default');
if (empty($virtuemart_product_ids)) {
$virtuemart_product_ids = JRequest::getVar('virtuemart_product_id', array(), 'default', 'array');
//is sanitized then
}
if (empty($virtuemart_product_ids)) {
$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_ERROR_NO_PRODUCT_IDS', false));
return false;
}
//Iterate through the prod_id's and perform an add to cart for each one
foreach ($virtuemart_product_ids as $p_key => $virtuemart_product_id) {
$quantityPost = (int) $post['quantity'][$p_key];
if ($quantityPost === 0) {
continue;
}
$tmpProduct = $this->getProduct((int) $virtuemart_product_id, $quantityPost);
// dump($tmpProduct,'my product add to cart before');
// trying to save some space in the session table
$product = new stdClass();
$product->virtuemart_manufacturer_id = $tmpProduct->virtuemart_manufacturer_id;
// $product -> mf_name = $tmpProduct -> mf_name;
$product->slug = $tmpProduct->slug;
// $product -> mf_desc = $tmpProduct -> mf_desc;
// $product -> mf_url = $tmpProduct -> mf_url;
$product->published = $tmpProduct->published;
$product->virtuemart_product_price_id = $tmpProduct->virtuemart_product_price_id;
$product->virtuemart_product_id = $tmpProduct->virtuemart_product_id;
$product->virtuemart_shoppergroup_id = $tmpProduct->virtuemart_shoppergroup_id;
$product->product_price = $tmpProduct->product_price;
$product->override = $tmpProduct->override;
$product->product_override_price = $tmpProduct->product_override_price;
$product->product_tax_id = $tmpProduct->product_tax_id;
$product->product_discount_id = $tmpProduct->product_discount_id;
$product->product_currency = $tmpProduct->product_currency;
// $product -> product_price_vdate = $tmpProduct -> product_price_vdate;
// $product -> product_price_edate = $tmpProduct -> product_price_edate;
$product->virtuemart_vendor_id = $tmpProduct->virtuemart_vendor_id;
$product->product_parent_id = $tmpProduct->product_parent_id;
$product->product_sku = $tmpProduct->product_sku;
$product->product_name = $tmpProduct->product_name;
$product->product_s_desc = $tmpProduct->product_s_desc;
$product->product_weight = $tmpProduct->product_weight;
$product->product_weight_uom = $tmpProduct->product_weight_uom;
$product->product_length = $tmpProduct->product_length;
$product->product_width = $tmpProduct->product_width;
$product->product_height = $tmpProduct->product_height;
$product->product_lwh_uom = $tmpProduct->product_lwh_uom;
$product->product_in_stock = $tmpProduct->product_in_stock;
$product->product_ordered = $tmpProduct->product_ordered;
$product->product_sales = $tmpProduct->product_sales;
$product->product_unit = $tmpProduct->product_unit;
$product->product_packaging = $tmpProduct->product_packaging;
$product->min_order_level = $tmpProduct->min_order_level;
$product->max_order_level = $tmpProduct->max_order_level;
$product->virtuemart_media_id = $tmpProduct->virtuemart_media_id;
if (!empty($tmpProduct->images)) {
$product->image = $tmpProduct->images[0];
}
$product->categories = $tmpProduct->categories;
$product->virtuemart_category_id = $tmpProduct->virtuemart_category_id;
$product->category_name = $tmpProduct->category_name;
$product->link = $tmpProduct->link;
$product->packaging = $tmpProduct->packaging;
//$product -> customfields = empty($tmpProduct -> customfields)? array():$tmpProduct -> customfields ;
//$product -> customfieldsCart = empty($tmpProduct -> customfieldsCart)? array(): $tmpProduct -> customfieldsCart;
if (!empty($tmpProduct->customfieldsCart)) {
$product->customfieldsCart = true;
}
//$product -> customsChilds = empty($tmpProduct -> customsChilds)? array(): $tmpProduct -> customsChilds;
//Why reloading the product wiht same name $product ?
// passed all from $tmpProduct and relaoding it second time ????
// $tmpProduct = $this->getProduct((int) $virtuemart_product_id); seee before !!!
// $product = $this->getProduct((int) $virtuemart_product_id);
// Who ever noted that, yes that is exactly right that way, before we have a full object, with all functions
// of all its parents, we only need the data of the product, so we create a dummy class which contains only the data
// This is extremly important for performance reasons, else the sessions becomes too big.
// Check if we have a product
if ($product) {
if (!empty($post['virtuemart_category_id'][$p_key])) {
$virtuemart_category_idPost = (int) $post['virtuemart_category_id'][$p_key];
$product->virtuemart_category_id = $virtuemart_category_idPost;
}
$productKey = $product->virtuemart_product_id;
// INDEX NOT FOUND IN JSON HERE
// changed name field you know exactly was this is
if (isset($post['customPrice'])) {
$product->customPrices = $post['customPrice'];
if (isset($post['customPlugin'])) {
if (!class_exists('vmFilter')) {
require JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmfilter.php';
}
if (!is_array($post['customPlugin'])) {
$customPluginPost = (array) $post['customPlugin'];
} else {
$customPluginPost = $post['customPlugin'];
}
VmConfig::$echoDebug = TRUE;
foreach ($customPluginPost as &$customPlugin) {
if (is_array($customPlugin)) {
foreach ($customPlugin as &$customPlug) {
if (is_array($customPlug)) {
foreach ($customPlug as &$customPl) {
$value = vmFilter::hl($customPl, array('deny_attribute' => '*'));
$value = preg_replace('@<[\\/\\!]*?[^<>]*?>@si', '', $value);
//remove all html tags
$value = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $value);
//replace start of script onclick() onload()...
$value = trim(str_replace('"', ' ', $value), "'");
$customPl = (string) preg_replace('#^\'#si', '', $value);
}
}
}
}
}
$product->customPlugin = json_encode($customPluginPost);
}
$productKey .= '::';
foreach ($product->customPrices as $customPrice) {
foreach ($customPrice as $customId => $custom_fieldId) {
//MarkerVarMods
if (is_array($custom_fieldId)) {
foreach ($custom_fieldId as $userfieldId => $userfield) {
//$productKey .= (int)$customId . ':' . (int)$userfieldId . ';';
$productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';';
}
} else {
//TODO productCartId
$productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';';
}
}
}
}
// Add in the quantity in case the customfield plugins need it
$product->quantity = (int) $quantityPost;
if (!class_exists('vmCustomPlugin')) {
require JPATH_VM_PLUGINS . DS . 'vmcustomplugin.php';
}
JPluginHelper::importPlugin('vmcustom');
$dispatcher = JDispatcher::getInstance();
// on returning false the product have not to be added to cart
$addToCartReturnValues = $dispatcher->trigger('plgVmOnAddToCart', array(&$product));
foreach ($addToCartReturnValues as $returnValue) {
if ($returnValue === false) {
continue 2;
}
}
if (array_key_exists($productKey, $this->products) && empty($product->customPlugin)) {
$errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_UPDATED');
$totalQuantity = $this->products[$productKey]->quantity + $quantityPost;
if ($this->checkForQuantities($product, $totalQuantity, $errorMsg)) {
$this->products[$productKey]->quantity = $totalQuantity;
} else {
continue;
}
} else {
if (!empty($product->customPlugin)) {
$productKey .= count($this->products);
}
if ($this->checkForQuantities($product, $quantityPost, $errorMsg)) {
$this->products[$productKey] = $product;
$product->quantity = $quantityPost;
//$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_PRODUCT_ADDED'));
} else {
// $errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_OUT_OF_STOCK');
continue;
}
}
$success = true;
} else {
$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_PRODUCT_NOT_FOUND', false));
return false;
}
}
if ($success == false) {
return false;
}
// End Iteration through Prod id's
$this->setCartIntoSession();
return true;
}
function saveAddressInCart($data, $type, $putIntoSession = true,$prefix='') {
// VirtueMartModelUserfields::getUserFields() won't work
if(!class_exists('VirtueMartModelUserfields')) require(VMPATH_ADMIN.DS.'models'.DS.'userfields.php' );
$userFieldsModel = VmModel::getModel('userfields');
if ($type == 'STaddress' or $type == 'BTaddress'){
vmTrace('STaddress found, seek and destroy');
}
$prepareUserFields = $userFieldsModel->getUserFieldsFor('cart',$type);
if(!is_array($data)){
$data = get_object_vars($data);
}
if ($type =='ST') {
$this->STsameAsBT = 0;
} else { // BT
if(empty($data['email'])){
$jUser = JFactory::getUser();
$address['email'] = $jUser->email;
}
}
$address = array();
if(!class_exists('vmFilter'))require(VMPATH_ADMIN.DS.'helpers'.DS.'vmfilter.php');
foreach ($prepareUserFields as $fld) {
if(!empty($fld->name)){
$name = $fld->name;
if(!isset($data[$prefix.$name])){
$tmp = vRequest::getString($prefix.$name,false);
if($tmp){
$data[$prefix.$name] = $tmp;
}
else if($fld->required and isset($this->{$type}[$name])){ //Why we have this fallback to the already stored value?
$data[$prefix.$name] = $this->{$type}[$name];
}
/*if($fld->type=='text'){
} else {
vmdebug('my fld ',$fld);
}*/
}
if(isset($data[$prefix.$name])){
if(!empty($data[$prefix.$name])){
$value = vmFilter::hl( $data[$prefix.$name],array('deny_attribute'=>'*'));
//to strong
/* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */
//lets use instead
$value = JComponentHelper::filterText($value);
$value = (string)preg_replace('#on[a-z](.+?)\)#si','',$value);//replace start of script onclick() onload()...
$value = trim(str_replace('"', ' ', $value),"'") ;
$data[$prefix.$name] = (string)preg_replace('#^\'#si','',$value);
}
$address[$name] = $data[$prefix.$name];
} else {
vmdebug('Data not found for type '.$type.' and name '.$prefix.$name.' ');
}
}
}
//dont store passwords in the session
unset($address['password']);
unset($address['password2']);
$this->{$type} = $address;
if($putIntoSession){
$this->setCartIntoSession(true);
}
}
public static function hl_tag($t)
{
// tag/attribute handler
$C = vmFilter::$C;
$t = $t[0];
// invalid < >
if ($t == '< ') {
return '< ';
}
if ($t == '>') {
return '>';
}
if (!preg_match('`^<(/?)([a-zA-Z][a-zA-Z1-6]*)([^>]*?)\\s?>$`m', $t, $m)) {
return str_replace(array('<', '>'), array('<', '>'), $t);
} elseif (!isset($C['elements'][$e = strtolower($m[2])])) {
return $C['keep_bad'] % 2 ? str_replace(array('<', '>'), array('<', '>'), $t) : '';
}
// attr string
$a = str_replace(array("\n", "\r", "\t"), ' ', trim($m[3]));
// tag transform
static $eD = array('applet' => 1, 'center' => 1, 'dir' => 1, 'embed' => 1, 'font' => 1, 'isindex' => 1, 'menu' => 1, 's' => 1, 'strike' => 1, 'u' => 1);
// Deprecated
if ($C['make_tag_strict'] && isset($eD[$e])) {
$trt = vmFilter::hl_tag2($e, $a, $C['make_tag_strict']);
if (!$e) {
return $C['keep_bad'] % 2 ? str_replace(array('<', '>'), array('<', '>'), $t) : '';
}
}
// close tag
static $eE = array('area' => 1, 'br' => 1, 'col' => 1, 'embed' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'isindex' => 1, 'param' => 1);
// Empty ele
if (!empty($m[1])) {
return !isset($eE[$e]) ? "</{$e}>" : ($C['keep_bad'] % 2 ? str_replace(array('<', '>'), array('<', '>'), $t) : '');
}
// open tag & attr
static $aN = array('abbr' => array('td' => 1, 'th' => 1), 'accept-charset' => array('form' => 1), 'accept' => array('form' => 1, 'input' => 1), 'accesskey' => array('a' => 1, 'area' => 1, 'button' => 1, 'input' => 1, 'label' => 1, 'legend' => 1, 'textarea' => 1), 'action' => array('form' => 1), 'align' => array('caption' => 1, 'embed' => 1, 'applet' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'legend' => 1, 'table' => 1, 'hr' => 1, 'div' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'p' => 1, 'col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'alt' => array('applet' => 1, 'area' => 1, 'img' => 1, 'input' => 1), 'archive' => array('applet' => 1, 'object' => 1), 'axis' => array('td' => 1, 'th' => 1), 'bgcolor' => array('embed' => 1, 'table' => 1, 'tr' => 1, 'td' => 1, 'th' => 1), 'border' => array('table' => 1, 'img' => 1, 'object' => 1), 'bordercolor' => array('table' => 1, 'td' => 1, 'tr' => 1), 'cellpadding' => array('table' => 1), 'cellspacing' => array('table' => 1), 'char' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'charoff' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'charset' => array('a' => 1, 'script' => 1), 'checked' => array('input' => 1), 'cite' => array('blockquote' => 1, 'q' => 1, 'del' => 1, 'ins' => 1), 'classid' => array('object' => 1), 'clear' => array('br' => 1), 'code' => array('applet' => 1), 'codebase' => array('object' => 1, 'applet' => 1), 'codetype' => array('object' => 1), 'color' => array('font' => 1), 'cols' => array('textarea' => 1), 'colspan' => array('td' => 1, 'th' => 1), 'compact' => array('dir' => 1, 'dl' => 1, 'menu' => 1, 'ol' => 1, 'ul' => 1), 'coords' => array('area' => 1, 'a' => 1), 'data' => array('object' => 1), 'datetime' => array('del' => 1, 'ins' => 1), 'declare' => array('object' => 1), 'defer' => array('script' => 1), 'dir' => array('bdo' => 1), 'disabled' => array('button' => 1, 'input' => 1, 'optgroup' => 1, 'option' => 1, 'select' => 1, 'textarea' => 1), 'enctype' => array('form' => 1), 'face' => array('font' => 1), 'for' => array('label' => 1), 'frame' => array('table' => 1), 'frameborder' => array('iframe' => 1), 'headers' => array('td' => 1, 'th' => 1), 'height' => array('embed' => 1, 'iframe' => 1, 'td' => 1, 'th' => 1, 'img' => 1, 'object' => 1, 'applet' => 1), 'href' => array('a' => 1, 'area' => 1), 'hreflang' => array('a' => 1), 'hspace' => array('applet' => 1, 'img' => 1, 'object' => 1), 'ismap' => array('img' => 1, 'input' => 1), 'label' => array('option' => 1, 'optgroup' => 1), 'language' => array('script' => 1), 'longdesc' => array('img' => 1, 'iframe' => 1), 'marginheight' => array('iframe' => 1), 'marginwidth' => array('iframe' => 1), 'maxlength' => array('input' => 1), 'method' => array('form' => 1), 'model' => array('embed' => 1), 'multiple' => array('select' => 1), 'name' => array('button' => 1, 'embed' => 1, 'textarea' => 1, 'applet' => 1, 'select' => 1, 'form' => 1, 'iframe' => 1, 'img' => 1, 'a' => 1, 'input' => 1, 'object' => 1, 'map' => 1, 'param' => 1), 'nohref' => array('area' => 1), 'noshade' => array('hr' => 1), 'nowrap' => array('td' => 1, 'th' => 1), 'object' => array('applet' => 1), 'onblur' => array('a' => 1, 'area' => 1, 'button' => 1, 'input' => 1, 'label' => 1, 'select' => 1, 'textarea' => 1), 'onchange' => array('input' => 1, 'select' => 1, 'textarea' => 1), 'onfocus' => array('a' => 1, 'area' => 1, 'button' => 1, 'input' => 1, 'label' => 1, 'select' => 1, 'textarea' => 1), 'onreset' => array('form' => 1), 'onselect' => array('input' => 1, 'textarea' => 1), 'onsubmit' => array('form' => 1), 'pluginspage' => array('embed' => 1), 'pluginurl' => array('embed' => 1), 'prompt' => array('isindex' => 1), 'readonly' => array('textarea' => 1, 'input' => 1), 'rel' => array('a' => 1), 'rev' => array('a' => 1), 'rows' => array('textarea' => 1), 'rowspan' => array('td' => 1, 'th' => 1), 'rules' => array('table' => 1), 'scope' => array('td' => 1, 'th' => 1), 'scrolling' => array('iframe' => 1), 'selected' => array('option' => 1), 'shape' => array('area' => 1, 'a' => 1), 'size' => array('hr' => 1, 'font' => 1, 'input' => 1, 'select' => 1), 'span' => array('col' => 1, 'colgroup' => 1), 'src' => array('embed' => 1, 'script' => 1, 'input' => 1, 'iframe' => 1, 'img' => 1), 'standby' => array('object' => 1), 'start' => array('ol' => 1), 'summary' => array('table' => 1), 'tabindex' => array('a' => 1, 'area' => 1, 'button' => 1, 'input' => 1, 'object' => 1, 'select' => 1, 'textarea' => 1), 'target' => array('a' => 1, 'area' => 1, 'form' => 1), 'type' => array('a' => 1, 'embed' => 1, 'object' => 1, 'param' => 1, 'script' => 1, 'input' => 1, 'li' => 1, 'ol' => 1, 'ul' => 1, 'button' => 1), 'usemap' => array('img' => 1, 'input' => 1, 'object' => 1), 'valign' => array('col' => 1, 'colgroup' => 1, 'tbody' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1), 'value' => array('input' => 1, 'option' => 1, 'param' => 1, 'button' => 1, 'li' => 1), 'valuetype' => array('param' => 1), 'vspace' => array('applet' => 1, 'img' => 1, 'object' => 1), 'width' => array('embed' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'object' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'applet' => 1, 'col' => 1, 'colgroup' => 1, 'pre' => 1), 'wmode' => array('embed' => 1), 'xml:space' => array('pre' => 1, 'script' => 1, 'style' => 1));
// Ele-specific
static $aNE = array('checked' => 1, 'compact' => 1, 'declare' => 1, 'defer' => 1, 'disabled' => 1, 'ismap' => 1, 'multiple' => 1, 'nohref' => 1, 'noresize' => 1, 'noshade' => 1, 'nowrap' => 1, 'readonly' => 1, 'selected' => 1);
// Empty
static $aNP = array('action' => 1, 'cite' => 1, 'classid' => 1, 'codebase' => 1, 'data' => 1, 'href' => 1, 'longdesc' => 1, 'model' => 1, 'pluginspage' => 1, 'pluginurl' => 1, 'usemap' => 1);
// Need scheme check; excludes style, on* & src
static $aNU = array('class' => array('param' => 1, 'script' => 1), 'dir' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'iframe' => 1, 'param' => 1, 'script' => 1), 'id' => array('script' => 1), 'lang' => array('applet' => 1, 'br' => 1, 'iframe' => 1, 'param' => 1, 'script' => 1), 'xml:lang' => array('applet' => 1, 'br' => 1, 'iframe' => 1, 'param' => 1, 'script' => 1), 'onclick' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'ondblclick' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onkeydown' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onkeypress' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onkeyup' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onmousedown' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onmousemove' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onmouseout' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onmouseover' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'onmouseup' => array('applet' => 1, 'bdo' => 1, 'br' => 1, 'font' => 1, 'iframe' => 1, 'isindex' => 1, 'param' => 1, 'script' => 1), 'style' => array('param' => 1, 'script' => 1), 'title' => array('param' => 1, 'script' => 1));
// Univ & exceptions
if ($C['lc_std_val']) {
// predef attr vals for $eAL & $aNE ele
static $aNL = array('all' => 1, 'baseline' => 1, 'bottom' => 1, 'button' => 1, 'center' => 1, 'char' => 1, 'checkbox' => 1, 'circle' => 1, 'col' => 1, 'colgroup' => 1, 'cols' => 1, 'data' => 1, 'default' => 1, 'file' => 1, 'get' => 1, 'groups' => 1, 'hidden' => 1, 'image' => 1, 'justify' => 1, 'left' => 1, 'ltr' => 1, 'middle' => 1, 'none' => 1, 'object' => 1, 'password' => 1, 'poly' => 1, 'post' => 1, 'preserve' => 1, 'radio' => 1, 'rect' => 1, 'ref' => 1, 'reset' => 1, 'right' => 1, 'row' => 1, 'rowgroup' => 1, 'rows' => 1, 'rtl' => 1, 'submit' => 1, 'text' => 1, 'top' => 1);
static $eAL = array('a' => 1, 'area' => 1, 'bdo' => 1, 'button' => 1, 'col' => 1, 'form' => 1, 'img' => 1, 'input' => 1, 'object' => 1, 'optgroup' => 1, 'option' => 1, 'param' => 1, 'script' => 1, 'select' => 1, 'table' => 1, 'td' => 1, 'tfoot' => 1, 'th' => 1, 'thead' => 1, 'tr' => 1, 'xml:space' => 1);
$lcase = isset($eAL[$e]) ? 1 : 0;
}
$depTr = 0;
if ($C['no_deprecated_attr']) {
// dep attr:applicable ele
static $aND = array('align' => array('caption' => 1, 'div' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'object' => 1, 'p' => 1, 'table' => 1), 'bgcolor' => array('table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1), 'border' => array('img' => 1, 'object' => 1), 'bordercolor' => array('table' => 1, 'td' => 1, 'tr' => 1), 'clear' => array('br' => 1), 'compact' => array('dl' => 1, 'ol' => 1, 'ul' => 1), 'height' => array('td' => 1, 'th' => 1), 'hspace' => array('img' => 1, 'object' => 1), 'language' => array('script' => 1), 'name' => array('a' => 1, 'form' => 1, 'iframe' => 1, 'img' => 1, 'map' => 1), 'noshade' => array('hr' => 1), 'nowrap' => array('td' => 1, 'th' => 1), 'size' => array('hr' => 1), 'start' => array('ol' => 1), 'type' => array('li' => 1, 'ol' => 1, 'ul' => 1), 'value' => array('li' => 1), 'vspace' => array('img' => 1, 'object' => 1), 'width' => array('hr' => 1, 'pre' => 1, 'td' => 1, 'th' => 1));
static $eAD = array('a' => 1, 'br' => 1, 'caption' => 1, 'div' => 1, 'dl' => 1, 'form' => 1, 'h1' => 1, 'h2' => 1, 'h3' => 1, 'h4' => 1, 'h5' => 1, 'h6' => 1, 'hr' => 1, 'iframe' => 1, 'img' => 1, 'input' => 1, 'legend' => 1, 'li' => 1, 'map' => 1, 'object' => 1, 'ol' => 1, 'p' => 1, 'pre' => 1, 'script' => 1, 'table' => 1, 'td' => 1, 'th' => 1, 'tr' => 1, 'ul' => 1);
$depTr = isset($eAD[$e]) ? 1 : 0;
}
// attr name-vals
if (strpos($a, "") !== false) {
$a = preg_replace('`\\x01[^\\x01]*\\x01`', '', $a);
}
// No comment/CDATA sec
$mode = 0;
$a = trim($a, ' /');
$aA = array();
while (strlen($a)) {
$w = 0;
switch ($mode) {
case 0:
// Name
if (preg_match('`^[a-zA-Z][\\-a-zA-Z:]+`', $a, $m)) {
$nm = strtolower($m[0]);
$w = $mode = 1;
$a = ltrim(substr_replace($a, '', 0, strlen($m[0])));
}
break;
case 1:
if ($a[0] == '=') {
// =
$w = 1;
$mode = 2;
$a = ltrim($a, '= ');
} else {
// No val
$w = 1;
$mode = 0;
$a = ltrim($a);
$aA[$nm] = '';
}
break;
case 2:
// Val
if (preg_match('`^"[^"]*"`', $a, $m) or preg_match("`^'[^']*'`", $a, $m) or preg_match("`^\\s*[^\\s\"']+`", $a, $m)) {
$m = $m[0];
$w = 1;
$mode = 0;
$a = ltrim(substr_replace($a, '', 0, strlen($m)));
$aA[$nm] = trim(($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m);
}
break;
}
if ($w == 0) {
// Parse errs, deal with space, " & '
$a = preg_replace('`^(?:"[^"]*("|$)|\'[^\']*(\'|$)|\\S)*\\s*`', '', $a);
$mode = 0;
}
}
if ($mode == 1) {
$aA[$nm] = '';
}
// clean attrs
$S = vmFilter::$S;
$rl = isset($S[$e]) ? $S[$e] : array();
$a = array();
$nfr = 0;
foreach ($aA as $k => $v) {
if ((isset($C['deny_attribute']['*']) ? isset($C['deny_attribute'][$k]) : !isset($C['deny_attribute'][$k]) or isset($rl[$k])) && (!isset($rl['n'][$k]) && !isset($rl['n']['*']) or isset($rl[$k])) && (isset($aN[$k][$e]) or isset($aNU[$k]) && !isset($aNU[$k][$e]))) {
if (isset($aNE[$k])) {
$v = $k;
} elseif (!empty($lcase) && ($e != 'button' or $e != 'input' or $k == 'type')) {
// Rather loose but ?not cause issues
$v = isset($aNL[$v2 = strtolower($v)]) ? $v2 : $v;
}
if ($k == 'style' && !$C['style_pass']) {
if (false !== strpos($v, '&#')) {
static $sC = array(' ' => ' ', ' ' => ' ', 'E' => 'e', 'E' => 'e', 'e' => 'e', 'e' => 'e', 'X' => 'x', 'X' => 'x', 'x' => 'x', 'x' => 'x', 'P' => 'p', 'P' => 'p', 'p' => 'p', 'p' => 'p', 'S' => 's', 'S' => 's', 's' => 's', 's' => 's', 'I' => 'i', 'I' => 'i', 'i' => 'i', 'i' => 'i', 'O' => 'o', 'O' => 'o', 'o' => 'o', 'o' => 'o', 'N' => 'n', 'N' => 'n', 'n' => 'n', 'n' => 'n', 'U' => 'u', 'U' => 'u', 'u' => 'u', 'u' => 'u', 'R' => 'r', 'R' => 'r', 'r' => 'r', 'r' => 'r', 'L' => 'l', 'L' => 'l', 'l' => 'l', 'l' => 'l', '(' => '(', '(' => '(', ')' => ')', ')' => ')', ' ' => ':', ' ' => ':', '"' => '"', '"' => '"', ''' => "'", ''' => "'", '/' => '/', '/' => '/', '*' => '*', '*' => '*', '\' => '\\', '\' => '\\');
$v = strtr($v, $sC);
}
$v = preg_replace_callback('`(url(?:\\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+?)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\\)))`iS', 'vmFilter::hl_prot', $v);
$v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\\S|(/|(%2f))(\\*|(%2a))`i', ' ', $v)) : $v;
} elseif (isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o') {
$v = str_replace("�", ' ', strpos($v, '&') !== false ? str_replace(array('­', '­', '­'), ' ', $v) : $v);
$v = vmFilter::hl_prot($v, $k);
if ($k == 'href') {
// X-spam
if ($C['anti_mail_spam'] && strpos($v, 'mailto:') === 0) {
$v = str_replace('@', htmlspecialchars($C['anti_mail_spam']), $v);
} elseif ($C['anti_link_spam']) {
$r1 = $C['anti_link_spam'][1];
if (!empty($r1) && preg_match($r1, $v)) {
continue;
}
$r0 = $C['anti_link_spam'][0];
if (!empty($r0) && preg_match($r0, $v)) {
if (isset($a['rel'])) {
if (!preg_match('`\\bnofollow\\b`i', $a['rel'])) {
$a['rel'] .= ' nofollow';
}
} elseif (isset($aA['rel'])) {
if (!preg_match('`\\bnofollow\\b`i', $aA['rel'])) {
$nfr = 1;
}
} else {
$a['rel'] = 'nofollow';
}
}
}
}
}
if (isset($rl[$k]) && is_array($rl[$k]) && ($v = vmFilter::hl_attrval($v, $rl[$k])) === 0) {
continue;
}
$a[$k] = str_replace('"', '"', $v);
}
}
if ($nfr) {
$a['rel'] = isset($a['rel']) ? $a['rel'] . ' nofollow' : 'nofollow';
}
// rqd attr
static $eAR = array('area' => array('alt' => 'area'), 'bdo' => array('dir' => 'ltr'), 'form' => array('action' => ''), 'img' => array('src' => '', 'alt' => 'image'), 'map' => array('name' => ''), 'optgroup' => array('label' => ''), 'param' => array('name' => ''), 'script' => array('type' => 'text/javascript'), 'textarea' => array('rows' => '10', 'cols' => '50'));
if (isset($eAR[$e])) {
foreach ($eAR[$e] as $k => $v) {
if (!isset($a[$k])) {
$a[$k] = isset($v[0]) ? $v : $k;
}
}
}
// depr attrs
if ($depTr) {
$c = array();
foreach ($a as $k => $v) {
if ($k == 'style' or !isset($aND[$k][$e])) {
continue;
}
if ($k == 'align') {
unset($a['align']);
if ($e == 'img' && ($v == 'left' or $v == 'right')) {
$c[] = 'float: ' . $v;
} elseif (($e == 'div' or $e == 'table') && $v == 'center') {
$c[] = 'margin: auto';
} else {
$c[] = 'text-align: ' . $v;
}
} elseif ($k == 'bgcolor') {
unset($a['bgcolor']);
$c[] = 'background-color: ' . $v;
} elseif ($k == 'border') {
unset($a['border']);
$c[] = "border: {$v}px";
} elseif ($k == 'bordercolor') {
unset($a['bordercolor']);
$c[] = 'border-color: ' . $v;
} elseif ($k == 'clear') {
unset($a['clear']);
$c[] = 'clear: ' . ($v != 'all' ? $v : 'both');
} elseif ($k == 'compact') {
unset($a['compact']);
$c[] = 'font-size: 85%';
} elseif ($k == 'height' or $k == 'width') {
unset($a[$k]);
$c[] = $k . ': ' . ($v[0] != '*' ? $v . (ctype_digit($v) ? 'px' : '') : 'auto');
} elseif ($k == 'hspace') {
unset($a['hspace']);
$c[] = "margin-left: {$v}px; margin-right: {$v}px";
} elseif ($k == 'language' && !isset($a['type'])) {
unset($a['language']);
$a['type'] = 'text/' . strtolower($v);
} elseif ($k == 'name') {
if ($C['no_deprecated_attr'] == 2 or $e != 'a' && $e != 'map') {
unset($a['name']);
}
if (!isset($a['id']) && preg_match('`[a-zA-Z][a-zA-Z\\d.:_\\-]*`', $v)) {
$a['id'] = $v;
}
} elseif ($k == 'noshade') {
unset($a['noshade']);
$c[] = 'border-style: none; border: 0; background-color: gray; color: gray';
} elseif ($k == 'nowrap') {
unset($a['nowrap']);
$c[] = 'white-space: nowrap';
} elseif ($k == 'size') {
unset($a['size']);
$c[] = 'size: ' . $v . 'px';
} elseif ($k == 'start' or $k == 'value') {
unset($a[$k]);
} elseif ($k == 'type') {
unset($a['type']);
static $ol_type = array('i' => 'lower-roman', 'I' => 'upper-roman', 'a' => 'lower-latin', 'A' => 'upper-latin', '1' => 'decimal');
$c[] = 'list-style-type: ' . (isset($ol_type[$v]) ? $ol_type[$v] : 'decimal');
} elseif ($k == 'vspace') {
unset($a['vspace']);
$c[] = "margin-top: {$v}px; margin-bottom: {$v}px";
}
}
if (count($c)) {
$c = implode('; ', $c);
$a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;') . '; ' . $c . ';' : $c . ';';
}
}
// unique ID
if ($C['unique_ids'] && isset($a['id'])) {
if (!preg_match('`^[A-Za-z][A-Za-z0-9_\\-.:]*$`', $id = $a['id']) or !is_null(vmFilter::$hl_Ids[$id]) && $C['unique_ids'] == 1) {
unset($a['id']);
} else {
while (!is_null(vmFilter::$hl_Ids[$id])) {
$id = $C['unique_ids'] . $id;
}
vmFilter::$hl_Ids[$a['id'] = $id] = 1;
}
}
// xml:lang
if ($C['xml:lang'] && isset($a['lang'])) {
$a['xml:lang'] = isset($a['xml:lang']) ? $a['xml:lang'] : $a['lang'];
if ($C['xml:lang'] == 2) {
unset($a['lang']);
}
}
// for transformed tag
if (!empty($trt)) {
$a['style'] = isset($a['style']) ? rtrim($a['style'], ' ;') . '; ' . $trt : $trt;
}
// return with empty ele /
if (empty($C['hook_tag'])) {
$aA = '';
foreach ($a as $k => $v) {
$aA .= " {$k}=\"{$v}\"";
}
return "<{$e}{$aA}" . (isset($eE[$e]) ? ' /' : '') . '>';
} else {
return $C['hook_tag']($e, $a);
}
// eof
}
