/** returns a sanitized string for the sanitize function
* @param string $input_string
* @param string $sanitize_level See sanitize()
* @return string the sanitized string.
*/
function sanitize_string($input, $sanitize_level)
{
// Strip slashes if get_magic_quotes_gpc is enabled.
if (is_string($input)) {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
$input = str_replace(chr(0), " ", $input);
switch ($sanitize_level) {
case 0:
return $input;
case 2:
// Strips non-style tags.
$input = sanitize_script($input);
return ksesProcess($input, getAllowedTags('style_tags'));
case 3:
// Full sanitation. Strips all code.
return ksesProcess($input, array());
case 1:
// Text formatting sanititation.
$input = sanitize_script($input);
return ksesProcess($input, getAllowedTags('allowed_tags'));
case 4:
default:
// for internal use to eliminate security injections
return sanitize_script($input);
}
}
return $input;
}
/** returns a sanitized string for the sanitize function
* @param string $input_string
* @param string $sanitize_level
* @return string the sanitized string.
*/
function sanitize_string($input_string, $sanitize_level)
{
global $_user_tags, $_style_tags;
// Strip slashes if get_magic_quotes_gpc is enabled.
if (get_magic_quotes_gpc()) {
$input_string = stripslashes($input_string);
}
// Basic sanitation.
if ($sanitize_level === 0) {
return str_replace(chr(0), " ", $input_string);
}
// User specified sanititation.
if (function_exists('kses')) {
switch ($sanitize_level) {
case 1:
$allowed_tags = getAllowedTags('allowed_tags');
$input_string = html_entity_decode(kses($input_string, $allowed_tags));
break;
// Text formatting sanititation.
// Text formatting sanititation.
case 2:
$allowed_tags = getAllowedTags('style_tags');
$input_string = html_entity_decode(kses($input_string, $allowed_tags));
break;
// Full sanitation. Strips all code.
// Full sanitation. Strips all code.
case 3:
$allowed_tags = array();
$input_string = html_entity_decode(kses($input_string, $allowed_tags));
break;
}
} else {
// in a basic environment--allow NO HTML tags.
$input_string = strip_tags($input_string);
}
return $input_string;
}
/**
* Returns truncated html formatted content
*
* @param string $articlecontent the source string
* @param int $shorten new size
* @param string $shortenindicator
* @param bool $forceindicator set to true to include the indicator no matter what
* @return string
*/
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false)
{
global $_user_tags;
if ($shorten && ($forceindicator || mb_strlen($articlecontent) > $shorten)) {
$allowed_tags = getAllowedTags('allowed_tags');
//remove script to be replaced later
$articlecontent = preg_replace('~<script.*?/script>~is', '', $articlecontent);
//remove HTML comments
$articlecontent = preg_replace('~<!--.*?-->~is', '', $articlecontent);
$short = mb_substr($articlecontent, 0, $shorten);
$short2 = kses($short . '</p>', $allowed_tags);
if (($l2 = mb_strlen($short2)) < $shorten) {
$c = 0;
$l1 = $shorten;
$delta = $shorten - $l2;
while ($l2 < $shorten && $c++ < 5) {
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta;
} else {
$l1 = $l1 + $delta;
}
$short = mb_substr($articlecontent, 0, $l1);
preg_match_all('/(<p>)/', $short, $open);
preg_match_all('/(<\\/p>)/', $short, $close);
if (count($open) > count($close)) {
$short .= '</p>';
}
$short2 = kses($short, $allowed_tags);
$l2 = mb_strlen($short2);
}
$shorten = $l1;
}
$short = truncate_string($articlecontent, $shorten, '');
if ($short != $articlecontent) {
// we actually did remove some stuff
// drop open tag strings
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$short = mb_substr($short, 0, $open);
}
if (class_exists('tidy')) {
$tidy = new tidy();
$tidy->parseString($short . $shortenindicator, array('show-body-only' => true), 'utf8');
$tidy->cleanRepair();
$short = trim($tidy);
} else {
$short = trim(cleanHTML($short . $shortenindicator));
}
}
$articlecontent = $short;
}
if (isset($matches)) {
//replace the script text
foreach ($matches[0] as $script) {
$articlecontent = $script . $articlecontent;
}
}
return $articlecontent;
}
/**
* Returns truncated html formatted content
*
* @param string $articlecontent the source string
* @param int $shorten new size
* @param string $shortenindicator
* @param bool $forceindicator set to true to include the indicator no matter what
* @return string
*/
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false)
{
global $_user_tags;
if ($forceindicator || mb_strlen($articlecontent) > $shorten) {
$allowed_tags = getAllowedTags('allowed_tags');
$short = mb_substr($articlecontent, 0, $shorten);
$short2 = kses($short . '</p>', $allowed_tags);
if (($l2 = mb_strlen($short2)) < $shorten) {
$c = 0;
$l1 = $shorten;
$delta = $shorten - $l2;
while ($l2 < $shorten && $c++ < 5) {
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta;
} else {
$l1 = $l1 + $delta;
}
$short = mb_substr($articlecontent, 0, $l1);
$short2 = kses($short . '</p>', $allowed_tags);
$l2 = mb_strlen($short2);
}
$shorten = $l1;
}
$short = truncate_string($articlecontent, $shorten, '');
// drop open tag strings
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$short = mb_substr($short, 0, $open);
}
// drop unbalanced tags
// insert the elipsis
$i = strrpos($short, '</p>');
if ($i !== false && $i == mb_strlen($short) - 4) {
$short = mb_substr($short, 0, -4) . ' ' . $shortenindicator . '</p>';
} else {
$short .= ' ' . $shortenindicator;
}
$short = trim(kses($short . '</p>', $allowed_tags));
return $short;
}
return $articlecontent;
}