Exemplo n.º 1
0
/**
 * XSS 공격을 방어하기 위해서 위험 문자열을 제거한다.
 * @param string $data
 */
function kingkongboard_xssfilter($data)
{
    global $kingkongboard_xssfilter_active;
    if (is_array($data)) {
        return array_map('kingkongboard_xssfilter', $data);
    }
    if ($kingkongboard_xssfilter_active) {
        if (!$GLOBALS['KINGKONGBOARD']['HTMLPurifier'] || !$GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config']) {
            $HTMLPurifier_Config = HTMLPurifier_Config::createDefault();
            $HTMLPurifier_Config->set('HTML.SafeIframe', true);
            $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)');
            $HTMLPurifier_Config->set('HTML.TidyLevel', 'light');
            $HTMLPurifier_Config->set('HTML.SafeObject', true);
            $HTMLPurifier_Config->set('HTML.SafeEmbed', true);
            $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank'));
            $HTMLPurifier_Config->set('Output.FlashCompat', true);
            $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config;
            $GLOBALS['KINGKONGBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance();
            unset($HTMLPurifier_Config);
        }
        $data = $GLOBALS['KINGKONGBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config']);
    }
    return kingkongboard_safeiframe($data);
}
Exemplo n.º 2
0
/**
 * XSS 공격을 방어하기 위해서 위험 문자열을 제거한다.
 * @param string $data
 */
function kingkongboard_xssfilter($data)
{
    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
        if (is_array($data)) {
            return array_map('kingkongboard_xssfilter', $data);
        }
        $HTMLPurifier_Config = HTMLPurifier_Config::createDefault();
        $HTMLPurifier_Config->set('HTML.SafeIframe', true);
        $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)');
        $HTMLPurifier_Config->set('HTML.TidyLevel', 'light');
        $HTMLPurifier_Config->set('HTML.SafeObject', true);
        $HTMLPurifier_Config->set('HTML.SafeEmbed', true);
        $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank'));
        $HTMLPurifier_Config->set('Output.FlashCompat', true);
        $HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads');
        $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config;
        $GLOBALS['KINGKONGBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance();
        unset($HTMLPurifier_Config);
        $data = $GLOBALS['KINGKONGBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config']);
        return kingkongboard_safeiframe($data);
    } else {
        return $data;
    }
}