1
beduino
xoops 2.0.14 and module.sanitizer
  • 2006/8/3 15:38

  • beduino

  • Friend of XOOPS

  • Posts: 35

  • Since: 2005/2/26


Hello,
I change the module.sanitizer.php [as recommended in 'comments'] and the follow warnings appears
Quote:

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/xxxxxxx/public_html/vx/class/module.textsanitizer.php:576) in file /include/common.php line 248

Warning: Cannot modify header information - headers already sent by (output started at /home/xxxxxxx/public_html/vx/class/module.textsanitizer.php:576) in file /include/common.php line 257


something to do?
cheers
Barroca


note:
commom - line 247/248
session_set_save_handler(array(&$sess_handler'open'), array(&$sess_handler'close'), array(&$sess_handler'read'), array(&$sess_handler'write'), array(&$sess_handler'destroy'), array(&$sess_handler'gc'));
    
session_start();


line 257
{
            if (
$xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {
                
setcookie($xoopsConfig['session_name'], session_id(), time()+(60*$xoopsConfig['session_expire']), '/',  ''0);
            }

2
leostotch
Re: xoops 2.0.14 and module.sanitizer
  • 2006/8/3 16:22

  • leostotch

  • Just popping in

  • Posts: 76

  • Since: 2006/4/1 1


There are additional space characters at the end of your file.

Open textsanitizer.php, and ensure there is nothing after the final "?>" at the end of the file (IMO there is an empty line in yours)

3
beduino
Re: xoops 2.0.14 and module.sanitizer
  • 2006/8/4 14:35

  • beduino

  • Friend of XOOPS

  • Posts: 35

  • Since: 2005/2/26


Hello,
maybe I don't explain clearly.
My modified module.textsanitizer.php
// $Id$
//  ------------------------------------------------------------------------ //
//                XOOPS - PHP Content Management System                      //
//                    Copyright (c) 2000 XOOPS.org                           //
//                                                    //
//  ------------------------------------------------------------------------ //
//  This program is free software; you can redistribute it and/or modify     //
//  it under the terms of the GNU General Public License as published by     //
//  the Free Software Foundation; either version 2 of the License, or        //
//  (at your option) any later version.                                      //
//                                                                           //
//  You may not change or alter any portion of this comment or credits       //
//  of supporting developers from this source code or any supporting         //
//  source code which is considered copyrighted (c) material of the          //
//  original comment or credit authors.                                      //
//                                                                           //
//  This program is distributed in the hope that it will be useful,          //
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
//  GNU General Public License for more details.                             //
//                                                                           //
//  You should have received a copy of the GNU General Public License        //
//  along with this program; if not, write to the Free Software              //
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
//  ------------------------------------------------------------------------ //
// Author: Kazumi Ono (http://www.myweb.ne.jp/, http://www.xoopscube.jp/)        //
//         Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/)       //
// Project: The XOOPS Project (https://xoops.org/)                        //
// ------------------------------------------------------------------------- //

/**
 * Class to "clean up" text for various uses
 *
 * Singleton
 *
 * @package        kernel
 * @subpackage    core
 *
 * @author        Kazumi Ono     
 * @author      Goghs Cheng
 * @copyright    (c) 2000-2003 The XOOPS Project - www.xoops.org
 */
class MyTextSanitizer
{
    
/**
     * @var    array
     */
    
var $smileys = array();

    
/**
     *
     */
    
var $censorConf;

    
/*
    * Constructor of this class
    *
    * Gets allowed html tags from admin config settings
    * 
 should not be allowed since nl2br will be used
    * when storing data.
    *
    * @access    private
    *
    * @todo Sofar, this does nuttin' ;-)
    */
    
function MyTextSanitizer()
    {

    }

    
/**
     * Access the only instance of this class
     *
     * @return    object
     *
     * @static
     * @staticvar   object
     */
    
function &getInstance()
    {
        static 
$instance;
        if (!isset(
$instance)) {
            
$instance = new MyTextSanitizer();
        }
        return 
$instance;
    }

    
/**
     * Get the smileys
     *
     * @return    array
     */
    
function getSmileys()
    {
        return 
$this->smileys;
    }

    
/**
     * Replace emoticons in the message with smiley images
     *
     * @param    string  $message
     *
     * @return    string
     */
    
function smiley($message)
    {
        
$db =& Database::getInstance();
        if (
count($this->smileys) == 0) {
            if (
$getsmiles $db->query("SELECT * FROM ".$db->prefix("smiles"))){
                while (
$smiles $db->fetchArray($getsmiles)) {
                    
$message str_replace($smiles['code'], '.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smiles['smile_url']).'" alt="" />'$message);
                    
array_push($this->smileys$smiles);
                }
            }
        }
        elseif (
is_array($this->smileys)) {
            foreach (
$this->smileys as $smile) {
                
$message str_replace($smile['code'], '.XOOPS_UPLOAD_URL.'/'.htmlspecialchars($smile['smile_url']).'" alt="" />'$message);
            }
        }
        return 
$message;
    }

    
/**
     * Make links in the text clickable
     *
     * @param   string  $text
     * @return  string
     **/
    
function makeClickable(&$text)
    {
        
$patterns = array("/(^|[^]_a-z0-9-="'/])([a-z]+?)://([^, rn"()'<>]+)/i", "/(^|[^]_a-z0-9-="'/])www.([a-z0-9-]+).([^, rn"()'<>]+)/i", "/(^|[^]_a-z0-9-="'/])ftp.([a-z0-9-]+).([^, rn"()'<>]+)/i""/(^|[^]_a-z0-9-="'/:.])([a-z0-9-_.]+?)@([^, rn"()'<>[]]+)/i");
        
$replacements = array("\1<a href="\2://\3" target="_blank">\2://\3", "\1http://www.\2.\3", "\1ftp.\2.\3", "\1\2@\3");
        
return preg_replace($patterns$replacements$text);
    }

    
/**
     * Replace XoopsCodes with their equivalent HTML formatting
     *
     * @param   string  $text
     * @param   bool    $allowimage Allow images in the text?
     *                              On FALSE, uses links to images.
     * @return  string
     **/
    
function &xoopsCodeDecode(&$text$allowimage 1)
    {
        
$patterns = array();
        
$replacements = array();
        
//$patterns[] = "/[code](.*)[/code]/esU";
        //$replacements[] = "'
'.wordwrap(MyTextSanitizer::htmlSpecialChars('\1'), 100).'
'";
        // RMV: added new markup for intrasite url (allows easier site moves)
        // TODO: automatically convert other URLs to this format if XOOPS_URL matches??
        $patterns[] = "/[siteurl=(['"]?)([^"'<>]*)\1](.*)[/siteurl]/sU";
        
$replacements[] = '.XOOPS_URL.'/\2">\3';
        
$patterns[] = "/[url=(['"]?)(http[s]?://[^"'<>]*)\1](.*)[/url]/sU";
        
$replacements[] = '\3';
        
$patterns[] = "/[url=(['"]?)(ftp?://[^"'<>]*)\1](.*)[/url]/sU";
        
$replacements[] = '\3';
        
$patterns[] = "/[url=(['"]?)([^"'<>]*)\1](.*)[/url]/sU";
        
$replacements[] = '\3';
        
$patterns[] = "/[color=(['"]?)([a-zA-Z0-9]*)\1](.*)[/color]/sU";
        
$replacements[] = 'color#\2;">\3';
        
$patterns[] = "/[size=(['"]?)([a-z0-9-]*)\1](.*)[/size]/sU";
        
$replacements[] = 'font-size\2;">\3';
        
$patterns[] = "/[font=(['"]?)([^;<>*()"']*)\1](.*)[/font]/sU";
        
$replacements[] = 'font-family\2;">\3';
        
$patterns[] = "/[email]([^;<>*()"']*)[/email]/sU";
        
$replacements[] = '\1';
        
$patterns[] = "/[b](.*)[/b]/sU";
        
$replacements[] = '\1';
        
$patterns[] = "/[i](.*)[/i]/sU";
        
$replacements[] = '\1';
        
$patterns[] = "/[u](.*)[/u]/sU";
        
$replacements[] = '\1';
        
$patterns[] = "/[d](.*)[/d]/sU";
        
$replacements[] = '\1';
        
//$patterns[] = "/[li](.*)[/li]/sU";
        //$replacements[] = '
  • \1
  • ';
            
    $patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()?&'<>]*)[/img]/sU";
            
    $patterns[] = "/[img]([^"()?&'<>]*)[/img]/sU";
            $patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"
    ]?)([0-9]*)\3]([^"()?&'<>]*)[/img]/sU";
            
    $patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()?&'<>]*)[/img]/sU";
            if (
    $allowimage != 1) {
                
    $replacements[] = '\3';
                
    $replacements[] = '\1';
                
    $replacements[] = '.XOOPS_URL.'/image.php?id=\4" target="_blank">\4';
                
    $replacements[] = '.XOOPS_URL.'/image.php?id=\2" target="_blank">\3';
            } else {
                
    $replacements[] = '';
                
    $replacements[] = '';
                
    $replacements[] = '.XOOPS_URL.'/image.php?id=\4" align="\2" alt="\4" />';
                
    $replacements[] = '.XOOPS_URL.'/image.php?id=\2" alt="\3" />';
            }
            
    $patterns[] = "/[quote]/sU";
            
    $replacements[] = _QUOTEC.'
    ';
            
    //$replacements[] = 'Quote: 
    ';
            $patterns[] = "/[/quote]/sU";
            
    $replacements[] = '
    ';
            
    $text str_replace"x00"""$text );
            
    $c "[x01-x1f]*";
            
    $patterns[] = "/j{$c}a{$c}v{$c}a{$c}s{$c}c{$c}r{$c}i{$c}p{$c}t{$c}:/si";
            
    $replacements[] = "(script removed)";
            
    $patterns[] = "/a{$c}b{$c}o{$c}u{$c}t{$c}:/si";
            
    $replacements[] = "about :";
            
    $text preg_replace($patterns$replacements$text);
            return 
    $text;
        }

        
    /**
         * Convert linebreaks to  tags
         *
         * @param    string  $text
         *
         * @return    string
         */
        
    function nl2Br($text)
        {
            return 
    preg_replace("/(1512)|(15)|(12)/","",$text);
        }

        
    /**
         * Add slashes to the text if magic_quotes_gpc is turned off.
         *
         * @param   string  $text
         * @return  string
         **/
        
    function addSlashes($text)
        {
            if (!
    get_magic_quotes_gpc()) {
                
    $text addslashes($text);
            }
            return 
    $text;
        }
        
    /*
        * if magic_quotes_gpc is on, stirip back slashes
        *
        * @param    string  $text
        *
        * @return    string
        */
        
    function stripSlashesGPC($text)
        {
            if (
    get_magic_quotes_gpc()) {
                
    $text stripslashes($text);
            }
            return 
    $text;
        }

        
    /*
        *  for displaying data in html textbox forms
        *
        * @param    string  $text
        *
        * @return    string
        */
        
    function htmlSpecialChars($text)
        {
            
    //return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES));
            
    return preg_replace(array("/&/i""/ /i"), array('&'' '), htmlspecialchars($textENT_QUOTES));
        }

        
    /**
         * Reverses {@link htmlSpecialChars()}
         *
         * @param   string  $text
         * @return  string
         **/
        
    function undoHtmlSpecialChars$text )
        {
            return 
    preg_replace(array("/>/i""/"/"/i", "/'/i"), array(">", "<", """, "'"), $text);
        }

        /**
         * Filters textarea form data in DB for display
         *
         * @param   string  
    $text
         * @param   bool    
    $html   allow html?
         * @param   bool    
    $smiley allow smileys?
         * @param   bool    
    $xcode  allow xoopscode?
         * @param   bool    
    $image  allow inline images?
         * @param   bool    
    $br     convert linebreaks?
         * @return  string
         **/
        function &displayTarea( 
    $text$html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
        {
            if (
    $html != 1) {
                // html not allowed
                
    $text = $this->htmlSpecialChars($text);
            }
            
    $text = $this->codePreConv($text$xcode); // Ryuji_edit(2003-11-18)
            
    $text = $this->makeClickable($text);
            if (
    $smiley != 0) {
                // process smiley
                
    $text = $this->smiley($text);
            }
            if (
    $xcode != 0) {
                // decode xcode
                if (
    $image != 0) {
                    // image allowed
                    
    $text = $this->xoopsCodeDecode($text);
                } else {
                    // image not allowed
                    
    $text = $this->xoopsCodeDecode($text, 0);
                }
            }
            if (
    $br != 0) {
                
    $text = $this->nl2Br($text);
            }
            
    $text = $this->codeConv($text$xcode$image);    // Ryuji_edit(2003-11-18)
            return 
    $text;
        }

        /**
         * Filters textarea form data submitted for preview
         *
         * @param   string  
    $text
         * @param   bool    
    $html   allow html?
         * @param   bool    
    $smiley allow smileys?
         * @param   bool    
    $xcode  allow xoopscode?
         * @param   bool    
    $image  allow inline images?
         * @param   bool    
    $br     convert linebreaks?
         * @return  string
         **/
        function &previewTarea( 
    $text$html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
        {
            
    $text = $this->stripSlashesGPC($text);
            if (
    $html != 1) {
                // html not allowed
                
    $text = $this->htmlSpecialChars($text);
            }
            
    $text = $this->codePreConv($text$xcode); // Ryuji_edit(2003-11-18)
            
    $text = $this->makeClickable($text);
            if (
    $smiley != 0) {
                // process smiley
                
    $text = $this->smiley($text);
            }
            if (
    $xcode != 0) {
                // decode xcode
                if (
    $image != 0) {
                    // image allowed
                    
    $text = $this->xoopsCodeDecode($text);
                } else {
                    // image not allowed
                    
    $text = $this->xoopsCodeDecode($text, 0);
                }
            }
            if (
    $br != 0) {
                
    $text = $this->nl2Br($text);
            }
            
    $text = $this->codeConv($text$xcode$image);    // Ryuji_edit(2003-11-18)
            return 
    $text;
        }

        /**
         * Replaces banned words in a string with their replacements
         *
         * @param   string 
    $text
         * @return  string
         *
         * @deprecated
         **/
        function &censorString(&
    $text)
        {
            if (!isset(
    $this->censorConf)) {
                
    $config_handler =& xoops_gethandler('config');
                
    $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR);
            }
            if (
    $this->censorConf['censor_enable'] == 1) {
                
    $replacement = $this->censorConf['censor_replace'];
                foreach (
    $this->censorConf['censor_words'] as $bad) {
                    if ( !empty(
    $bad) ) {
                         
    $bad = quotemeta($bad);
                        
    $patterns[] = "/(s)".$bad."/siU";
                        
    $replacements[] = "\1".$replacement;
                        
    $patterns[] = "/^".$bad."/siU";
                        
    $replacements[] = $replacement;
                        
    $patterns[] = "/(n)".$bad."/siU";
                        
    $replacements[] = "\1".$replacement;
                        
    $patterns[] = "/]".$bad."/siU";
                        
    $replacements[] = "]".$replacement;
                        
    $text = preg_replace($patterns$replacements$text);
                    }
                   }
            }
               return 
    $text;
        }


        /**#@+
         * Sanitizing of [code] tag
         */
        function codePreConv(
    $text$xcode = 1) {
            if(
    $xcode != 0){
                
    $patterns = "/[code](.*)[/code]/esU";
                
    $replacements = "'[ code]'.base64_encode('$1').'[ /code]'";
                
    $text =  preg_replace($patterns$replacements$text);
            }
            return 
    $text;
        }

        function codeConv(
    $text$xcode = 1, $image = 1){
            if(
    $xcode != 0){
                
    $patterns = "/[code](.*)[/code]/esU";
                if (
    $image != 0) {
                    // image allowed
                    
    $replacements = "'
    '.MyTextSanitizer::codeSanitizer('$1').'
    '";
                    //$text =& $this->xoopsCodeDecode($text);
                } else {
                    // image not allowed
                    
    $replacements = "'
    '.MyTextSanitizer::codeSanitizer('$1'0).'
    '";
                    //$text =& $this->xoopsCodeDecode($text, 0);
                }
                
    $text =  preg_replace($patterns$replacements$text);
            }
            return 
    $text;
        }

        function codeSanitizer(
    $str$image = 1){
            if(
    $image != 0){
                
    $str = $this->xoopsCodeDecode(
                    
    $this->htmlSpecialChars(str_replace('"', '"', base64_decode($str)))
                    );
            }else{
                
    $str = $this->xoopsCodeDecode(
                    
    $this->htmlSpecialChars(str_replace('"', '"', base64_decode($str))),0
                    );
            }
            return 
    $str;
        }


        /**#@-*/


    ##################### Deprecated Methods ######################

        /**#@+
         * @deprecated
         */
        function sanitizeForDisplay(
    $text$allowhtml = 0, $smiley = 1, $bbcode = 1)
        {
            if ( 
    $allowhtml == 0 ) {
                
    $text = $this->htmlSpecialChars($text);
            } else {
                //
    $config =& $GLOBALS['xoopsConfig'];
                //
    $allowed = $config['allowed_html'];
                //
    $text = strip_tags($text$allowed);
                
    $text = $this->makeClickable($text);
            }
            if ( 
    $smiley == 1 ) {
                
    $text = $this->smiley($text);
            }
            if ( 
    $bbcode == 1 ) {
                
    $text = $this->xoopsCodeDecode($text);
            }
            
    $text = $this->nl2Br($text);
            return 
    $text;
        }

        function sanitizeForPreview(
    $text$allowhtml = 0, $smiley = 1, $bbcode = 1)
        {
            
    $text = $this->oopsStripSlashesGPC($text);
            if ( 
    $allowhtml == 0 ) {
                
    $text = $this->htmlSpecialChars($text);
            } else {
                //
    $config =& $GLOBALS['xoopsConfig'];
                //
    $allowed = $config['allowed_html'];
                //
    $text = strip_tags($text$allowed);
                
    $text = $this->makeClickable($text);
            }
            if ( 
    $smiley == 1 ) {
                
    $text = $this->smiley($text);
            }
            if ( 
    $bbcode == 1 ) {
                
    $text = $this->xoopsCodeDecode($text);
            }
            
    $text = $this->nl2Br($text);
            return 
    $text;
        }

        function makeTboxData4Save(
    $text)
        {
            //
    $text = $this->undoHtmlSpecialChars($text);
            return 
    $this->addSlashes($text);
        }

        function makeTboxData4Show(
    $text$smiley=0)
        {
            
    $text = $this->htmlSpecialChars($text);
            return 
    $text;
        }

        function makeTboxData4Edit(
    $text)
        {
            return 
    $this->htmlSpecialChars($text);
        }

        function makeTboxData4Preview(
    $text$smiley=0)
        {
            
    $text = $this->stripSlashesGPC($text);
            
    $text = $this->htmlSpecialChars($text);
            return 
    $text;
        }

        function makeTboxData4PreviewInForm(
    $text)
        {
            
    $text = $this->stripSlashesGPC($text);
            return 
    $this->htmlSpecialChars($text);
        }

        function makeTareaData4Save(
    $text)
        {
            return 
    $this->addSlashes($text);
        }

        function &makeTareaData4Show(&
    $text$html=1, $smiley=1, $xcode=1)
        {
            return 
    $this->displayTarea($text$html$smiley$xcode);
        }

        function makeTareaData4Edit(
    $text)
        {
            return 
    $this->htmlSpecialChars($text);
        }

        function &makeTareaData4Preview(&
    $text$html=1, $smiley=1, $xcode=1)
        {
            
    $text = $this->previewTarea($text$html$smiley$xcode);
            return 
    $text;
        }

        function makeTareaData4PreviewInForm(
    $text)
        {
            //if magic_quotes_gpc is on, do stipslashes
            
    $text = $this->stripSlashesGPC($text);
            return 
    $this->htmlSpecialChars($text);
        }

        function makeTareaData4InsideQuotes(
    $text)
        {
            return 
    $this->htmlSpecialChars($text);
        }

        function oopsStripSlashesGPC(
    $text)
        {
            return 
    $this->stripSlashesGPC($text);
        }

        function oopsStripSlashesRT(
    $text)
        {
            if (get_magic_quotes_runtime()) {
                
    $text = stripslashes($text);
            }
            return 
    $text;
        }

        function oopsAddSlashes(
    $text)
        {
            return 
    $this->addSlashes($text);
        }

        function oopsHtmlSpecialChars(
    $text)
        {
            return 
    $this->htmlSpecialChars($text);
        }

        function oopsNl2Br(
    $text)
        {
            return 
    $this->nl2br($text);
        }
        /**#@-*/
    }
    ?>

    Anything wrong?
    Barroca
    note: only [for show it here] I leave a space in [ code] [ /code].

    Login

    Who's Online

    380 user(s) are online (328 user(s) are browsing Support Forums)


    Members: 0


    Guests: 380


    more...

    Donat-O-Meter

    Stats
    Goal: $100.00
    Due Date: Nov 30
    Gross Amount: $0.00
    Net Balance: $0.00
    Left to go: $100.00
    Make donations with PayPal!

    Latest GitHub Commits