/** returns a sanitized string for the sanitize function * @param string $input_string * @param string $sanitize_level See sanitize() * @return string the sanitized string. */ function sanitize_string($input, $sanitize_level) { // Strip slashes if get_magic_quotes_gpc is enabled. if (is_string($input)) { if (get_magic_quotes_gpc()) { $input = stripslashes($input); } $input = str_replace(chr(0), " ", $input); switch ($sanitize_level) { case 0: return $input; case 2: // Strips non-style tags. $input = sanitize_script($input); return ksesProcess($input, getAllowedTags('style_tags')); case 3: // Full sanitation. Strips all code. return ksesProcess($input, array()); case 1: // Text formatting sanititation. $input = sanitize_script($input); return ksesProcess($input, getAllowedTags('allowed_tags')); case 4: default: // for internal use to eliminate security injections return sanitize_script($input); } } return $input; }
/** returns a sanitized string for the sanitize function * @param string $input_string * @param string $sanitize_level * @return string the sanitized string. */ function sanitize_string($input_string, $sanitize_level) { global $_user_tags, $_style_tags; // Strip slashes if get_magic_quotes_gpc is enabled. if (get_magic_quotes_gpc()) { $input_string = stripslashes($input_string); } // Basic sanitation. if ($sanitize_level === 0) { return str_replace(chr(0), " ", $input_string); } // User specified sanititation. if (function_exists('kses')) { switch ($sanitize_level) { case 1: $allowed_tags = getAllowedTags('allowed_tags'); $input_string = html_entity_decode(kses($input_string, $allowed_tags)); break; // Text formatting sanititation. // Text formatting sanititation. case 2: $allowed_tags = getAllowedTags('style_tags'); $input_string = html_entity_decode(kses($input_string, $allowed_tags)); break; // Full sanitation. Strips all code. // Full sanitation. Strips all code. case 3: $allowed_tags = array(); $input_string = html_entity_decode(kses($input_string, $allowed_tags)); break; } } else { // in a basic environment--allow NO HTML tags. $input_string = strip_tags($input_string); } return $input_string; }
/** * Returns truncated html formatted content * * @param string $articlecontent the source string * @param int $shorten new size * @param string $shortenindicator * @param bool $forceindicator set to true to include the indicator no matter what * @return string */ function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false) { global $_user_tags; if ($shorten && ($forceindicator || mb_strlen($articlecontent) > $shorten)) { $allowed_tags = getAllowedTags('allowed_tags'); //remove script to be replaced later $articlecontent = preg_replace('~<script.*?/script>~is', '', $articlecontent); //remove HTML comments $articlecontent = preg_replace('~<!--.*?-->~is', '', $articlecontent); $short = mb_substr($articlecontent, 0, $shorten); $short2 = kses($short . '</p>', $allowed_tags); if (($l2 = mb_strlen($short2)) < $shorten) { $c = 0; $l1 = $shorten; $delta = $shorten - $l2; while ($l2 < $shorten && $c++ < 5) { $open = mb_strrpos($short, '<'); if ($open > mb_strrpos($short, '>')) { $l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta; } else { $l1 = $l1 + $delta; } $short = mb_substr($articlecontent, 0, $l1); preg_match_all('/(<p>)/', $short, $open); preg_match_all('/(<\\/p>)/', $short, $close); if (count($open) > count($close)) { $short .= '</p>'; } $short2 = kses($short, $allowed_tags); $l2 = mb_strlen($short2); } $shorten = $l1; } $short = truncate_string($articlecontent, $shorten, ''); if ($short != $articlecontent) { // we actually did remove some stuff // drop open tag strings $open = mb_strrpos($short, '<'); if ($open > mb_strrpos($short, '>')) { $short = mb_substr($short, 0, $open); } if (class_exists('tidy')) { $tidy = new tidy(); $tidy->parseString($short . $shortenindicator, array('show-body-only' => true), 'utf8'); $tidy->cleanRepair(); $short = trim($tidy); } else { $short = trim(cleanHTML($short . $shortenindicator)); } } $articlecontent = $short; } if (isset($matches)) { //replace the script text foreach ($matches[0] as $script) { $articlecontent = $script . $articlecontent; } } return $articlecontent; }
/** * Returns truncated html formatted content * * @param string $articlecontent the source string * @param int $shorten new size * @param string $shortenindicator * @param bool $forceindicator set to true to include the indicator no matter what * @return string */ function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false) { global $_user_tags; if ($forceindicator || mb_strlen($articlecontent) > $shorten) { $allowed_tags = getAllowedTags('allowed_tags'); $short = mb_substr($articlecontent, 0, $shorten); $short2 = kses($short . '</p>', $allowed_tags); if (($l2 = mb_strlen($short2)) < $shorten) { $c = 0; $l1 = $shorten; $delta = $shorten - $l2; while ($l2 < $shorten && $c++ < 5) { $open = mb_strrpos($short, '<'); if ($open > mb_strrpos($short, '>')) { $l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta; } else { $l1 = $l1 + $delta; } $short = mb_substr($articlecontent, 0, $l1); $short2 = kses($short . '</p>', $allowed_tags); $l2 = mb_strlen($short2); } $shorten = $l1; } $short = truncate_string($articlecontent, $shorten, ''); // drop open tag strings $open = mb_strrpos($short, '<'); if ($open > mb_strrpos($short, '>')) { $short = mb_substr($short, 0, $open); } // drop unbalanced tags // insert the elipsis $i = strrpos($short, '</p>'); if ($i !== false && $i == mb_strlen($short) - 4) { $short = mb_substr($short, 0, -4) . ' ' . $shortenindicator . '</p>'; } else { $short .= ' ' . $shortenindicator; } $short = trim(kses($short . '</p>', $allowed_tags)); return $short; } return $articlecontent; }