function acceptData($value)
{
foreach ($value as $key => $val) {
$data[$val] = $this->SV->input->post($val, TRUE);
if (!is_array($data[$val])) {
$data[$val] = strip_image_tags($data[$val]);
$data[$val] = quotes_to_entities($data[$val]);
$data[$val] = encode_php_tags($data[$val]);
$data[$val] = trim($data[$val]);
}
}
return $data;
}
/**
* Returns the comment description. You can pass it an array of formatting parameters which include:
<ul>
<li><strong>markdown:</strong> applies the <a href="[user_guide_url]helpers/markdown_helper">markdown</a> function </li>
<li><strong>short:</strong> filters just the first paragraphs of the description if multiple paragraphs </li>
<li><strong>long:</strong> returns the entire description</li>
<li><strong>one_line:</strong> filters the description to appear on one line by removing returns</li>
<li><strong>entities:</strong> converts html entities</li>
<li><strong>eval:</strong> evaluates php code</li>
<li><strong>periods:</strong> adds periods at the end of lines that don't have them</li>
<li><strong>ucfirst:</strong> uppercases the first word</li>
</ul>
*
* @access public
* @param int The index (order) of the parameter to retrieve
* @param string The part of the parameter to retrieve. Options are 'type' and 'comment'
* @return boolean
*/
public function description($format = FALSE)
{
if (!isset($this->_description)) {
preg_match('#/\\*\\*\\s*(.+ )(@|\\*\\/)#Ums', $this->_text, $matches);
if (isset($matches[1])) {
$this->_description = $matches[1];
// removing preceding * and tabs
$this->_description = preg_replace('#\\* *#m', "", $matches[1]);
$this->_description = preg_replace("#^ +#m", "", $this->_description);
// remove code examples since they are handled by the example method
$this->_description = preg_replace('#<code>.+</code>#ms', '', $this->_description);
$this->_description = trim($this->_description);
} else {
$this->_description = $this->_text;
}
}
$desc = $this->_description;
$desc = $this->filter($desc);
// apply different formats
if ($format) {
if (is_string($format)) {
$format = (array) $format;
}
foreach ($format as $f) {
switch (strtolower($f)) {
case 'markdown':
// must escape underscores to prevent <em> tags
$desc = str_replace('_', '\\_', $desc);
$desc = markdown($desc);
// the we replace back any that didn't get processed'(e.g. ones inside links)
$desc = str_replace('\\_', '_', $desc);
break;
case 'short':
$desc_lines = explode(PHP_EOL, $desc);
$first_line = TRUE;
foreach ($desc_lines as $d) {
if (!empty($d)) {
if ($first_line) {
$first_line = FALSE;
$desc = $d;
break;
}
}
}
break;
case 'long':
$desc_lines = explode(PHP_EOL, $desc);
$new_desc = '';
$first_line = TRUE;
foreach ($desc_lines as $d) {
if (!empty($d)) {
if ($first_line) {
$first_line = FALSE;
continue;
} else {
$new_desc .= $d . ' ';
}
} else {
if (!$first_line) {
$new_desc .= "\n\n";
}
}
}
$desc = $new_desc;
break;
case 'one_line':
$desc = str_replace(PHP_EOL, ' ', $desc);
break;
case 'entities':
$desc = htmlentities($desc);
break;
case 'eval':
$desc = eval_string($desc);
break;
case 'periods':
$desc_lines = explode(PHP_EOL, $desc);
$lines = '';
$past_first = FALSE;
foreach ($desc_lines as $d) {
$d = trim($d);
if (!empty($d)) {
if (!$past_first) {
$d = preg_replace('#(.+[^\\.|>]\\s*)$#', '$1. ', $d);
}
$lines .= $d . ' ';
$past_first = TRUE;
} else {
if ($past_first) {
$lines .= "\n\n";
}
}
}
$lines = preg_replace('#(.+[^\\.|>]\\s*)$#', '$1. ', trim($lines));
$desc = $lines;
case 'ucfirst':
$desc = ucfirst($desc);
break;
}
}
}
// auto link
$desc = auto_link($desc);
// trim white space
$desc = trim($desc);
// clean
$desc = xss_clean($desc);
$desc = strip_image_tags($desc);
return $desc;
}
/**
* Strip Image Tags (prep)
*
* Strips the HTML from image tags leaving the raw URL.
* This replaces the version in CI_Form_validation.
*
* @ignore
*/
protected function _strip_image_tags($field)
{
$this->{$field} = strip_image_tags($this->{$field});
}
function _filter_comment($comment)
{
$this->load->helper('security');
$comment_attrs = array('content', 'author_name', 'author_email', 'author_website');
foreach ($comment_attrs as $filter) {
$text = $comment->{$filter};
// first remove any nofollow attributes to clean up... not perfect but good enough
$text = preg_replace('/<a(.+)rel=["\'](.+)["\'](.+)>/Umi', '<a$1rel="nofollow"$3>', $text);
// $text = str_replace('<a ', '<a rel="nofollow"', $text);
$text = strip_image_tags($text);
$comment->{$filter} = $text;
}
return $comment;
}
function decode_format($content)
{
$STB =& get_instance();
$STB->load->helper('security');
$content = strip_url_tags(strip_image_tags($content));
return $content;
}
public function _parse_single($key, $val, $string)
{
$newval = $val;
$find = "/" . $this->l_delim . "" . $key . ".*" . $this->r_delim . "/U";
preg_match($find, $string, $matches);
if (!empty($matches)) {
$temp = trim($matches[0], "{}");
$res = explode(":", $temp);
// var_dump($res);
if (count($res) > 1) {
switch ($res[1]) {
case "allcaps":
$newval = strtoupper($val);
break;
case "money":
$newval = number_format((int) $val, 2, ".", ",");
break;
case "caps":
$newval = ucwords(strtolower($val));
break;
case "nocaps":
$newval = strtolower($val);
break;
case "ucfirst":
$newval = ucfirst($val);
break;
case "bool1":
$newval = $val == 1 ? "True" : "False";
break;
case "bool2":
$newval = $val == 1 ? "Yes" : "No";
break;
case "bool3":
$newval = $val == 1 ? "Active" : "Inactive";
break;
case "climit":
$int = count($res) < 3 ? 128 : $res[2];
$newval = character_limiter($val, $int);
break;
case "htmlchars":
$newval = quotes_to_entities($val);
break;
case "wlimit":
$int = count($res) < 3 ? 25 : $res[2];
$newval = word_limiter($val, $int);
break;
case "wrap":
$int = count($res) < 3 ? 76 : $res[2];
$newval = word_wrap($val, $int);
break;
case "hilite":
$str = count($res) < 3 ? "" : $res[2];
$color = count($res) < 4 ? "#990000" : $res[3];
$newval = highlight_phrase($val, $str, "<span style=\"color:{$color}\">", "</span>");
break;
case "safe_mailto":
$alt_text = count($res) < 3 ? "" : $res[2];
$newval = safe_mailto($val, $alt_text);
break;
case "url_title":
$sep = count($res) < 3 ? "dash" : $res[2];
$newval = url_title($val, $sep);
break;
case "remove_img":
$newval = strip_image_tags($val);
break;
case "hash":
$hash = count($res) < 3 ? "md5" : $res[2];
$newval = dohash($val, $hash);
break;
case "stripslashes":
$newval = stripslashes($val);
break;
case "strip_tags":
$allowed = count($res) < 3 ? "" : $res[2];
$newval = strip_tags($val, $allowed);
break;
/** other output string format options here **/
}
return str_replace($matches[0], $newval, $string);
}
}
return parent::_parse_single($key, $val, $string);
}
function test_strip_image_tags()
{
$this->assertEquals('http://example.com/spacer.gif', strip_image_tags('http://example.com/spacer.gif'));
$this->assertEquals('http://example.com/spacer.gif', strip_image_tags('<img src="http://example.com/spacer.gif" alt="Who needs CSS when you have a spacer.gif?" />'));
}
function get_content_formatted($strip_images = FALSE)
{
$this->_CI->load->module_helper(FUEL_FOLDER, 'fuel');
$content = $this->content;
if ($strip_images) {
$CI->load->helper('security');
$content = strip_image_tags($this->content);
}
$content = $this->_format($content);
$content = $this->_parse($content);
return $content;
}
public function security_clean($q)
{
$this->load->helper('security');
//$this->load->library('security');
$q = str_replace("", "", $q);
$q = str_replace('\\0', "", $q);
$q = xss_clean($q);
//$q = $this->security->xss_clean($q);
$q = strip_image_tags($q);
$q = encode_php_tags($q);
$q = preg_replace(array("/select/si", "/delete/si", "/update/si", "/insert/si", "/from/si", "/alert/si", "/\\[removed\\]/si", "/script/si", "/\\*/si"), "", $q);
return $q;
}
