/** * 参数过滤 * * @param array 参数内容 * @param array $ignore 被忽略过滤的元素 * @return array 数组形式的返回结果 * */ public static function getAddslashesForInput($array,$ignore=array()){ if (!function_exists('htmlawed')) require(BASE_CORE_PATH.'/framework/function/htmlawed.php'); if (!empty($array)){ while (list($k,$v) = each($array)) { if (is_string($v)) { if (get_magic_quotes_gpc()) { $v = stripslashes($v); } if($k != 'statistics_code') { if (!in_array($k,$ignore)){ //如果不是编辑器,则转义< > & " $v = self::fliterHtmlSpecialChars($v); } else { $v = htmlawed($v,array('safe'=>1)); } if($k == 'ref_url') { $v = str_replace('&','&',$v); } } $array[$k] = addslashes(trim($v)); } else if (is_array($v)) { if($k == 'statistics_code') { $array[$k] = $v; } else { $array[$k] = self::getAddslashesForInput($v); } } } return $array; }else { return false; } }
public static function getAddslashesForInput(&$array, $ignore = array()) { if (!function_exists("htmlawed")) { require BasePath . "/framework/libraries/htmlawed.php"; } //$_array = array(); //var_dump($array);exit; if (!empty($array)) { while (list($k, $v) = each($array)) { if (is_string($v)) { if ($k != "statistics_code") { //echo '原来的:'.$v.'<br>'; if (!in_array($k, $ignore)) { $v = self::fliterhtmlspecialchars($v); } else { if (get_magic_quotes_gpc()) { $v = stripslashes($v); } $v = htmlawed($v); } if ($k == "ref_url") { $v = str_replace("&", "&", $v); } //echo '过滤的'.$v.'<br>'; } if (!get_magic_quotes_gpc()) { $_array[$k] = addslashes(trim($v)); } else { $_array[$k] = trim($v); } // print_r($_array);break; } else { if (is_array($v)) { if ($k == "statistics_code") { $array[$k] = $v; } else { $array[$k] = self::getaddslashesforinput($v); } } } } //echo '1'; //var_dump($array); return $array; } return FALSE; }
public function codeblock($object, $lang = 'markup') { $langs = ['css' => 'css', 'php' => 'php', 'js' => 'js', 'scss' => 'sass', 'md' => 'markdown', 'mdown' => 'markdown']; try { if (is_a($object, 'Media')) { $code = $object->read(); $lang = a::get($langs, $object->extension(), 'markup'); } else { if (is_a($object, 'Kirby\\Patterns\\Pattern')) { $code = htmlawed($object->render(), ['tidy' => 1]); $lang = 'php'; } else { if (is_string($object)) { $code = $object; } else { $code = ''; } } } } catch (Exception $e) { return $this->error($e); } if (strlen($code) > 20000) { $lang = 'none'; } return '<pre><code class="language-' . $lang . '">' . htmlspecialchars(trim($code)) . '</code></pre>'; }
require '../core/header.php'; /** 1. Récupération des données **/ // Récupération de la charte $sql = 'SELECT valeur FROM setting WHERE alias = \'CHARTE\''; $res = $db->query($sql); $res_f = $res->fetch(); /** 2. Traitement des formulaires --> on enregistre la modification **/ if (isset($_POST) && count($_POST) > 0) { if (isset($_POST) && isset($_POST['charte'])) { $sql = 'UPDATE setting SET valeur = ? WHERE alias = \'CHARTE\' LIMIT 1'; $res = $db->prepare($sql); $res->execute(array(htmlawed($_POST['charte']))); header('Location: ' . ROOT . CURRENT_FILE); } } /** 3. Affichage des données **/ ?> <h1><?php echo LANG_ADMIN_CHART_TITLES; ?> </h1> <form method = "POST"> <textarea name = "charte"><?php echo $res_f[0];
/** * Delete HTMLPurifier Cache */ recursiveDelete(HTMLPURIFIER_CACHE . '/HTML'); recursiveDelete(HTMLPURIFIER_CACHE . '/CSS'); recursiveDelete(HTMLPURIFIER_CACHE . '/URI'); $timer->display(); echo PHP_EOL, PHP_EOL; /** * HtmLawed Pass #3 - Big File */ echo 'htmLawed Pass #3 - Big File:', PHP_EOL; $timer->start(); for ($i = 0; $i <= BENCHMARK_ITERATIONS; $i++) { $config = array('safe' => 1, 'deny_attribute' => '* -name', 'make_tag_strict' => 1, 'no_deprecated_attr' => 1, 'elements' => 'em'); htmlawed($bigInput, $config); } $timer->stop(); $timer->display(); echo PHP_EOL, PHP_EOL; /** * Wibble Pass #3 - Big File */ echo 'Wibble Pass #3 - Big File:', PHP_EOL; $timer->start(); for ($i = 0; $i <= BENCHMARK_ITERATIONS; $i++) { $fragment = new \Wibble\HTML\Fragment($bigInput); $fragment->filter(); } $timer->stop(); $timer->display();
public function xss_clean($data) { if (is_array($data)) { foreach ($data as $key => $val) { $data[$key] = $this->xss_clean($val); } return $data; } // It is a string $string = $data; // Do not clean empty strings if (trim($string) == '') { return $string; } switch ($this->tool) { case "none": // Only used for a god admin break; case 'htmlpurifier': // Run HTMLPurifier $string = $this->html_purifier->purify($string); break; case 'htmlawed': // Run htmLawed $string = htmlawed($string, array('safe' => 1)); break; case 'kses': default: // Run htmLawed $string = kses($string, $GLOBALS['allowed_html']); break; } return $string; }