function thumb(&$listing, $position = 0, $attributes = array())
{
$image = null;
$cat_image = '';
$img_title = htmlspecialchars($listing['Listing']['title'], ENT_QUOTES, 'utf-8');
$attributes = array_merge(array('border' => 0, 'alt' => $img_title, 'title' => $img_title), $attributes);
// No JReviews uploaded images, so we search the summary for images
if (!isset($listing['Listing']['images'][$position]) && isset($listing['Listing']['summary']) && strstr($listing['Listing']['summary'], "<img")) {
$img = $this->grabImgFromText($listing['Listing']['summary']);
$img and $listing['Listing']['images'][0] = $img and $listing['Listing']['summary'] = Sanitize::stripImages($listing['Listing']['summary']);
}
$listing_id = $listing['Listing']['listing_id'];
if (isset($listing['Listing']['images'][$position])) {
$image = $listing['Listing']['images'][$position];
}
if ($this->cmsVersion == CMS_JOOMLA15) {
$cat_image = isset($listing['Listing']['category_image']) ? $listing['Listing']['category_image'] : '';
} elseif (isset($listing['Category']['params'])) {
$cat_params = !is_array($listing['Category']['params']) ? json_decode($listing['Category']['params'], true) : $listing['Category']['params'];
$cat_image = isset($cat_params['image']) ? preg_replace('/' . str_replace('/', '\\/', _JR_WWW_IMAGES) . '/', '', $cat_params['image'], 1) : '';
}
# Return the original image html tag instead of the thumb
if (isset($attributes['return_orig'])) {
$origimg_src = '';
unset($attributes['return_orig'], $attributes['tn_mode'], $attributes['location'], $attributes['dimensions']);
if ($image) {
$origimg_src = $this->www . $image['path'];
$image_size = getimagesize($this->path . $image['path']);
} elseif ($this->Config->list_category_image && $cat_image != '') {
$origimg_src = $this->www . $cat_image;
$image_size = getimagesize($this->path . $cat_image);
} elseif ($this->Config->list_noimage_image) {
if ($noImagePath = $this->locateThemeFile('theme_images', $this->Config->list_noimage_filename, '')) {
$origimg_src = pathToUrl($noImagePath);
$image_size = getimagesize($noImagePath);
}
}
if ($origimg_src == '') {
return false;
}
$attributes['style'] = 'width: ' . $image_size[0] . 'px; height: ' . $image_size[1] . 'px';
return $this->image($origimg_src, $attributes);
}
$output = $this->makeThumb($listing_id, $image, $cat_image, $attributes);
if ($output) {
if (isset($attributes['return_src'])) {
return $output['thumbnail'];
}
if (isset($output['width'])) {
if (isset($attributes['style'])) {
$attributes['style'] .= 'width: ' . $output['width'] . 'px; height: ' . $output['height'] . 'px';
} else {
$attributes['style'] = 'width: ' . $output['width'] . 'px; height: ' . $output['height'] . 'px';
}
}
unset($attributes['tn_mode'], $attributes['location'], $attributes['dimensions']);
return $this->image($output['thumbnail'], $attributes);
}
return false;
}
function thumb(&$listing, $position = 0, $action = 'scale', $location = '_', $dimensions = null, $attributes = array())
{
$image = null;
// No JReviews uploaded images, so we search the summary for images
if (!isset($listing['Listing']['images'][$position]) && isset($listing['Listing']['summary']) && strstr($listing['Listing']['summary'], "<img")) {
$img = $this->grabImgFromText($listing['Listing']['summary']);
$img and $listing['Listing']['images'][0] = $img and $listing['Listing']['summary'] = Sanitize::stripImages($listing['Listing']['summary']);
}
if (!$dimensions) {
$dimensions = array($this->Config->list_image_resize);
}
$listing_id = $listing['Listing']['listing_id'];
if (isset($listing['Listing']['images'][$position])) {
$image = $listing['Listing']['images'][$position];
}
$cat_image = isset($listing['Listing']['category_image']) ? $listing['Listing']['category_image'] : '';
$output = $this->makeThumb($listing_id, $image, $action, $location, $dimensions, $cat_image, $attributes);
if ($output) {
if (isset($attributes['return_src'])) {
return $output['thumbnail'];
}
return $this->image($output['thumbnail'], $attributes);
}
return false;
}
/**
* Parse method
* Split the data across multiple pages
*
* @param string $string String to parse
* @param array $options Valid keys are:
* - highlight_code: whether or not the highlight_string() PHP function must be used for the code
* It generates a messy markup adn can be disabled for users that want "classic" html <code> tags
*/
public function parse($string, $options = array())
{
$_defaults = array('highlight_code' => true);
$options = array_merge($_defaults, $options);
$this->_phpHighlightEnabled = $options['highlight_code'];
$data = explode(self::$pageSeparator, $string);
foreach ($data as &$text) {
$text = Sanitize::stripImages(Sanitize::stripScripts($text));
$text = preg_replace_callback('/<code>(.*?)<\\/code>/s', array($this, '_highlightCode'), $text);
}
return $data;
}
/**
* testStripImages method
*
* @return void
*/
public function testStripImages()
{
$string = '<img src="/img/test.jpg" alt="my image" />';
$expected = 'my image<br />';
$result = Sanitize::stripImages($string);
$this->assertEquals($expected, $result);
$string = '<img src="javascript:alert(\'XSS\');" />';
$expected = '';
$result = Sanitize::stripImages($string);
$this->assertEquals($expected, $result);
$string = '<a href="http://www.badsite.com/phising"><img src="/img/test.jpg" alt="test image alt" title="test image title" id="myImage" class="image-left"/></a>';
$expected = '<a href="http://www.badsite.com/phising">test image alt</a><br />';
$result = Sanitize::stripImages($string);
$this->assertEquals($expected, $result);
$string = '<a onclick="medium()" href="http://example.com"><img src="foobar.png" onclick="evilFunction(); return false;"/></a>';
$expected = '<a onclick="medium()" href="http://example.com"></a>';
$result = Sanitize::stripImages($string);
$this->assertEquals($expected, $result);
}
/**
* Strips extra whitespace, images, scripts and stylesheets from output
*
* @param string $str String to sanitize
* @return string sanitized string
* @access public
*/
function stripAll($str)
{
$str = Sanitize::stripWhitespace($str);
$str = Sanitize::stripImages($str);
$str = Sanitize::stripScripts($str);
return $str;
}
/**
* Strips extra whitespace, images, scripts and stylesheets from output
*
* @param string $str String to sanitize
* @return string sanitized string
*/
public static function stripAll($str) {
return Sanitize::stripScripts(
Sanitize::stripImages(
Sanitize::stripWhitespace($str)
)
);
}
/**
* Strips extra whitespace, images, scripts and stylesheets from output
*
* @param string $str String to sanitize
* @access public
*/
function stripAll($var, $key, $default = null)
{
$str = Sanitize::getVar($var, $key, $default);
if ($str) {
// $str = Sanitize::stripWhitespace($str); // This one removes line breaks \n
$str = Sanitize::stripImages($str);
$str = Sanitize::stripScripts($str);
$str = stripslashes($str);
}
return $str;
}
