function thumb(&$listing, $position = 0, $attributes = array()) { $image = null; $cat_image = ''; $img_title = htmlspecialchars($listing['Listing']['title'], ENT_QUOTES, 'utf-8'); $attributes = array_merge(array('border' => 0, 'alt' => $img_title, 'title' => $img_title), $attributes); // No JReviews uploaded images, so we search the summary for images if (!isset($listing['Listing']['images'][$position]) && isset($listing['Listing']['summary']) && strstr($listing['Listing']['summary'], "<img")) { $img = $this->grabImgFromText($listing['Listing']['summary']); $img and $listing['Listing']['images'][0] = $img and $listing['Listing']['summary'] = Sanitize::stripImages($listing['Listing']['summary']); } $listing_id = $listing['Listing']['listing_id']; if (isset($listing['Listing']['images'][$position])) { $image = $listing['Listing']['images'][$position]; } if ($this->cmsVersion == CMS_JOOMLA15) { $cat_image = isset($listing['Listing']['category_image']) ? $listing['Listing']['category_image'] : ''; } elseif (isset($listing['Category']['params'])) { $cat_params = !is_array($listing['Category']['params']) ? json_decode($listing['Category']['params'], true) : $listing['Category']['params']; $cat_image = isset($cat_params['image']) ? preg_replace('/' . str_replace('/', '\\/', _JR_WWW_IMAGES) . '/', '', $cat_params['image'], 1) : ''; } # Return the original image html tag instead of the thumb if (isset($attributes['return_orig'])) { $origimg_src = ''; unset($attributes['return_orig'], $attributes['tn_mode'], $attributes['location'], $attributes['dimensions']); if ($image) { $origimg_src = $this->www . $image['path']; $image_size = getimagesize($this->path . $image['path']); } elseif ($this->Config->list_category_image && $cat_image != '') { $origimg_src = $this->www . $cat_image; $image_size = getimagesize($this->path . $cat_image); } elseif ($this->Config->list_noimage_image) { if ($noImagePath = $this->locateThemeFile('theme_images', $this->Config->list_noimage_filename, '')) { $origimg_src = pathToUrl($noImagePath); $image_size = getimagesize($noImagePath); } } if ($origimg_src == '') { return false; } $attributes['style'] = 'width: ' . $image_size[0] . 'px; height: ' . $image_size[1] . 'px'; return $this->image($origimg_src, $attributes); } $output = $this->makeThumb($listing_id, $image, $cat_image, $attributes); if ($output) { if (isset($attributes['return_src'])) { return $output['thumbnail']; } if (isset($output['width'])) { if (isset($attributes['style'])) { $attributes['style'] .= 'width: ' . $output['width'] . 'px; height: ' . $output['height'] . 'px'; } else { $attributes['style'] = 'width: ' . $output['width'] . 'px; height: ' . $output['height'] . 'px'; } } unset($attributes['tn_mode'], $attributes['location'], $attributes['dimensions']); return $this->image($output['thumbnail'], $attributes); } return false; }
function thumb(&$listing, $position = 0, $action = 'scale', $location = '_', $dimensions = null, $attributes = array()) { $image = null; // No JReviews uploaded images, so we search the summary for images if (!isset($listing['Listing']['images'][$position]) && isset($listing['Listing']['summary']) && strstr($listing['Listing']['summary'], "<img")) { $img = $this->grabImgFromText($listing['Listing']['summary']); $img and $listing['Listing']['images'][0] = $img and $listing['Listing']['summary'] = Sanitize::stripImages($listing['Listing']['summary']); } if (!$dimensions) { $dimensions = array($this->Config->list_image_resize); } $listing_id = $listing['Listing']['listing_id']; if (isset($listing['Listing']['images'][$position])) { $image = $listing['Listing']['images'][$position]; } $cat_image = isset($listing['Listing']['category_image']) ? $listing['Listing']['category_image'] : ''; $output = $this->makeThumb($listing_id, $image, $action, $location, $dimensions, $cat_image, $attributes); if ($output) { if (isset($attributes['return_src'])) { return $output['thumbnail']; } return $this->image($output['thumbnail'], $attributes); } return false; }
/** * Parse method * Split the data across multiple pages * * @param string $string String to parse * @param array $options Valid keys are: * - highlight_code: whether or not the highlight_string() PHP function must be used for the code * It generates a messy markup adn can be disabled for users that want "classic" html <code> tags */ public function parse($string, $options = array()) { $_defaults = array('highlight_code' => true); $options = array_merge($_defaults, $options); $this->_phpHighlightEnabled = $options['highlight_code']; $data = explode(self::$pageSeparator, $string); foreach ($data as &$text) { $text = Sanitize::stripImages(Sanitize::stripScripts($text)); $text = preg_replace_callback('/<code>(.*?)<\\/code>/s', array($this, '_highlightCode'), $text); } return $data; }
/** * testStripImages method * * @return void */ public function testStripImages() { $string = '<img src="/img/test.jpg" alt="my image" />'; $expected = 'my image<br />'; $result = Sanitize::stripImages($string); $this->assertEquals($expected, $result); $string = '<img src="javascript:alert(\'XSS\');" />'; $expected = ''; $result = Sanitize::stripImages($string); $this->assertEquals($expected, $result); $string = '<a href="http://www.badsite.com/phising"><img src="/img/test.jpg" alt="test image alt" title="test image title" id="myImage" class="image-left"/></a>'; $expected = '<a href="http://www.badsite.com/phising">test image alt</a><br />'; $result = Sanitize::stripImages($string); $this->assertEquals($expected, $result); $string = '<a onclick="medium()" href="http://example.com"><img src="foobar.png" onclick="evilFunction(); return false;"/></a>'; $expected = '<a onclick="medium()" href="http://example.com"></a>'; $result = Sanitize::stripImages($string); $this->assertEquals($expected, $result); }
/** * Strips extra whitespace, images, scripts and stylesheets from output * * @param string $str String to sanitize * @return string sanitized string * @access public */ function stripAll($str) { $str = Sanitize::stripWhitespace($str); $str = Sanitize::stripImages($str); $str = Sanitize::stripScripts($str); return $str; }
/** * Strips extra whitespace, images, scripts and stylesheets from output * * @param string $str String to sanitize * @return string sanitized string */ public static function stripAll($str) { return Sanitize::stripScripts( Sanitize::stripImages( Sanitize::stripWhitespace($str) ) ); }
/** * Strips extra whitespace, images, scripts and stylesheets from output * * @param string $str String to sanitize * @access public */ function stripAll($var, $key, $default = null) { $str = Sanitize::getVar($var, $key, $default); if ($str) { // $str = Sanitize::stripWhitespace($str); // This one removes line breaks \n $str = Sanitize::stripImages($str); $str = Sanitize::stripScripts($str); $str = stripslashes($str); } return $str; }