/** * XSS 공격을 방어하기 위해서 위험 문자열을 제거한다. * @param string $data */ function kingkongboard_xssfilter($data) { global $kingkongboard_xssfilter_active; if (is_array($data)) { return array_map('kingkongboard_xssfilter', $data); } if ($kingkongboard_xssfilter_active) { if (!$GLOBALS['KINGKONGBOARD']['HTMLPurifier'] || !$GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config']) { $HTMLPurifier_Config = HTMLPurifier_Config::createDefault(); $HTMLPurifier_Config->set('HTML.SafeIframe', true); $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)'); $HTMLPurifier_Config->set('HTML.TidyLevel', 'light'); $HTMLPurifier_Config->set('HTML.SafeObject', true); $HTMLPurifier_Config->set('HTML.SafeEmbed', true); $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank')); $HTMLPurifier_Config->set('Output.FlashCompat', true); $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config; $GLOBALS['KINGKONGBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance(); unset($HTMLPurifier_Config); } $data = $GLOBALS['KINGKONGBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config']); } return kingkongboard_safeiframe($data); }
/** * XSS 공격을 방어하기 위해서 위험 문자열을 제거한다. * @param string $data */ function kingkongboard_xssfilter($data) { if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { if (is_array($data)) { return array_map('kingkongboard_xssfilter', $data); } $HTMLPurifier_Config = HTMLPurifier_Config::createDefault(); $HTMLPurifier_Config->set('HTML.SafeIframe', true); $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)'); $HTMLPurifier_Config->set('HTML.TidyLevel', 'light'); $HTMLPurifier_Config->set('HTML.SafeObject', true); $HTMLPurifier_Config->set('HTML.SafeEmbed', true); $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank')); $HTMLPurifier_Config->set('Output.FlashCompat', true); $HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads'); $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config; $GLOBALS['KINGKONGBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance(); unset($HTMLPurifier_Config); $data = $GLOBALS['KINGKONGBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config']); return kingkongboard_safeiframe($data); } else { return $data; } }