Exemplo n.º 1
0
/** returns a sanitized string for the sanitize function
 * @param string $input_string
 * @param string $sanitize_level See sanitize()
 * @return string the sanitized string.
 */
function sanitize_string($input, $sanitize_level)
{
    // Strip slashes if get_magic_quotes_gpc is enabled.
    if (is_string($input)) {
        if (get_magic_quotes_gpc()) {
            $input = stripslashes($input);
        }
        $input = str_replace(chr(0), " ", $input);
        switch ($sanitize_level) {
            case 0:
                return $input;
            case 2:
                // Strips non-style tags.
                $input = sanitize_script($input);
                return ksesProcess($input, getAllowedTags('style_tags'));
            case 3:
                // Full sanitation.  Strips all code.
                return ksesProcess($input, array());
            case 1:
                // Text formatting sanititation.
                $input = sanitize_script($input);
                return ksesProcess($input, getAllowedTags('allowed_tags'));
            case 4:
            default:
                // for internal use to eliminate security injections
                return sanitize_script($input);
        }
    }
    return $input;
}
Exemplo n.º 2
0
/** returns a sanitized string for the sanitize function
 * @param string $input_string
 * @param string $sanitize_level
 * @return string the sanitized string.
 */
function sanitize_string($input_string, $sanitize_level)
{
    global $_user_tags, $_style_tags;
    // Strip slashes if get_magic_quotes_gpc is enabled.
    if (get_magic_quotes_gpc()) {
        $input_string = stripslashes($input_string);
    }
    // Basic sanitation.
    if ($sanitize_level === 0) {
        return str_replace(chr(0), " ", $input_string);
    }
    // User specified sanititation.
    if (function_exists('kses')) {
        switch ($sanitize_level) {
            case 1:
                $allowed_tags = getAllowedTags('allowed_tags');
                $input_string = html_entity_decode(kses($input_string, $allowed_tags));
                break;
                // Text formatting sanititation.
            // Text formatting sanititation.
            case 2:
                $allowed_tags = getAllowedTags('style_tags');
                $input_string = html_entity_decode(kses($input_string, $allowed_tags));
                break;
                // Full sanitation.  Strips all code.
            // Full sanitation.  Strips all code.
            case 3:
                $allowed_tags = array();
                $input_string = html_entity_decode(kses($input_string, $allowed_tags));
                break;
        }
    } else {
        //	in a basic environment--allow NO HTML tags.
        $input_string = strip_tags($input_string);
    }
    return $input_string;
}
Exemplo n.º 3
0
/**
 * Returns truncated html formatted content
 *
 * @param string $articlecontent the source string
 * @param int $shorten new size
 * @param string $shortenindicator
 * @param bool $forceindicator set to true to include the indicator no matter what
 * @return string
 */
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false)
{
    global $_user_tags;
    if ($shorten && ($forceindicator || mb_strlen($articlecontent) > $shorten)) {
        $allowed_tags = getAllowedTags('allowed_tags');
        //remove script to be replaced later
        $articlecontent = preg_replace('~<script.*?/script>~is', '', $articlecontent);
        //remove HTML comments
        $articlecontent = preg_replace('~<!--.*?-->~is', '', $articlecontent);
        $short = mb_substr($articlecontent, 0, $shorten);
        $short2 = kses($short . '</p>', $allowed_tags);
        if (($l2 = mb_strlen($short2)) < $shorten) {
            $c = 0;
            $l1 = $shorten;
            $delta = $shorten - $l2;
            while ($l2 < $shorten && $c++ < 5) {
                $open = mb_strrpos($short, '<');
                if ($open > mb_strrpos($short, '>')) {
                    $l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta;
                } else {
                    $l1 = $l1 + $delta;
                }
                $short = mb_substr($articlecontent, 0, $l1);
                preg_match_all('/(<p>)/', $short, $open);
                preg_match_all('/(<\\/p>)/', $short, $close);
                if (count($open) > count($close)) {
                    $short .= '</p>';
                }
                $short2 = kses($short, $allowed_tags);
                $l2 = mb_strlen($short2);
            }
            $shorten = $l1;
        }
        $short = truncate_string($articlecontent, $shorten, '');
        if ($short != $articlecontent) {
            //	we actually did remove some stuff
            // drop open tag strings
            $open = mb_strrpos($short, '<');
            if ($open > mb_strrpos($short, '>')) {
                $short = mb_substr($short, 0, $open);
            }
            if (class_exists('tidy')) {
                $tidy = new tidy();
                $tidy->parseString($short . $shortenindicator, array('show-body-only' => true), 'utf8');
                $tidy->cleanRepair();
                $short = trim($tidy);
            } else {
                $short = trim(cleanHTML($short . $shortenindicator));
            }
        }
        $articlecontent = $short;
    }
    if (isset($matches)) {
        //replace the script text
        foreach ($matches[0] as $script) {
            $articlecontent = $script . $articlecontent;
        }
    }
    return $articlecontent;
}
/**
 * Returns truncated html formatted content
 *
 * @param string $articlecontent the source string
 * @param int $shorten new size
 * @param string $shortenindicator
 * @param bool $forceindicator set to true to include the indicator no matter what
 * @return string
 */
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false)
{
    global $_user_tags;
    if ($forceindicator || mb_strlen($articlecontent) > $shorten) {
        $allowed_tags = getAllowedTags('allowed_tags');
        $short = mb_substr($articlecontent, 0, $shorten);
        $short2 = kses($short . '</p>', $allowed_tags);
        if (($l2 = mb_strlen($short2)) < $shorten) {
            $c = 0;
            $l1 = $shorten;
            $delta = $shorten - $l2;
            while ($l2 < $shorten && $c++ < 5) {
                $open = mb_strrpos($short, '<');
                if ($open > mb_strrpos($short, '>')) {
                    $l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta;
                } else {
                    $l1 = $l1 + $delta;
                }
                $short = mb_substr($articlecontent, 0, $l1);
                $short2 = kses($short . '</p>', $allowed_tags);
                $l2 = mb_strlen($short2);
            }
            $shorten = $l1;
        }
        $short = truncate_string($articlecontent, $shorten, '');
        // drop open tag strings
        $open = mb_strrpos($short, '<');
        if ($open > mb_strrpos($short, '>')) {
            $short = mb_substr($short, 0, $open);
        }
        // drop unbalanced tags
        // insert the elipsis
        $i = strrpos($short, '</p>');
        if ($i !== false && $i == mb_strlen($short) - 4) {
            $short = mb_substr($short, 0, -4) . ' ' . $shortenindicator . '</p>';
        } else {
            $short .= ' ' . $shortenindicator;
        }
        $short = trim(kses($short . '</p>', $allowed_tags));
        return $short;
    }
    return $articlecontent;
}