1
nmshah
extgallery hook hack and xoops 2.3.1
  • 2008/10/20 21:01

  • nmshah

  • Just can't stay away

  • Posts: 556

  • Since: 2007/7/2 8


How do we use the hook hack in XOOPS 2.3.1

The readme file says:

INSTALLATION :

1Copy the 5 file in the "files" folder to the "include" folder of XOOPS (www.monsite.com/include/)
    - 
lightbox.css
    
lightbox.php
    
prototype.js
    
scriptaculous.js
    
effects.js

2
Copy the 5 images in the "images" folder to the "images" folder of XOOPS (www.monsite.com/images/)
    - 
blank.gif
    
closelabel.gif
    
loading.gif
    
nextlabel.gif
    
prevlabel.gif

3
You must hack the XOOPS textsanitizer (www.monsite.com/class/module.textsanitizer.php).
    - 
Find the xoopsCodeDecode methode (around the line 146)
    - 
Goes to the end of the methode and add the content of the "xoopsCodeDecode.txt" file just before :
    
        
$text preg_replace($patterns$replacements$text);
        return 
$text;

4You have to add script to your theme.
    - 
Open your theme.html on your running theme
    
Add these 4 lines on the head part of your theme
        
        
<link rel="stylesheet" href="<{$xoops_url}>/include/lightbox.css" type="text/css" media="screen" />
        <
script type="text/javascript" src="<{$xoops_url}>/include/prototype.js">script>
        <
script type="text/javascript" src="<{$xoops_url}>/include/scriptaculous.js?load=effects">script>
        <
script type="text/javascript" src="<{$xoops_url}>/include/lightbox.php?dirname=<{$xoops_dirname}>">script>

5- Finally, you must delete all files on the "template_c" folder EXCEPT the "index.html" file.


Of this there is no problems with 1 and 2.
3. is where the problem is coming in i guess. because after i do this the site shows blank page. Once i remove the newly added codes the site becomes operational again.
4. I m using zetagenesis theme so added the script to xoscript.html in the xotpl folder of the theme
5. Cleared the smarty_compile folder

2
nmshah
Re: extgallery hook hack and xoops 2.3.1
  • 2008/10/20 21:05

  • nmshah

  • Just can't stay away

  • Posts: 556

  • Since: 2007/7/2 8


The content of my module.textsanitizer.php after making the after adding the xoopscodedecode.txt to code is



/*
You may not change or alter any portion of this comment or credits
of supporting developers from this source code or any supporting source code
which is considered copyrighted (c) material of the original comment or credit authors.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
* TextSanitizer extension
*
* @copyright The XOOPS project https://xoops.org/
* @license http://www.fsf.org/copyleft/gpl.html GNU public license
* @package class
* @since 2.3.0
* @author Kazumi Ono (http://www.myweb.ne.jp/, http://www.xoopscube.jp/)
* @author Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/)
* @author Taiwen Jiang
* @version $Id: module.textsanitizer.php 1993 2008-08-30 10:49:06Z phppp $
*/

/**
* Abstract class for extensions
*
* @author Taiwen Jiang
* @copyright The XOOPS Project
*/
class MyTextSanitizerExtension
{
var $instance;
var $ts;
var $config;
var $image_path;

function __construct(&$ts)
{
$this->ts = $ts;
$this->image_path = XOOPS_URL . '/images/form';
}

function MyTextSanitizerExtension(&$ts)
{
$this->__construct($ts);
}

/*
function &getInstance($myts)
{
if (!isset(self::$instance)) {
$class = __CLASS__;
self::$instance = new $class($myts);
}
return self::$instance;
}

function load($myts, $config = null)
{
$instance = self::getInstance($myts);
if ($config) {
$this->config = $instance->loadConfig($config);
}
}
*/

function loadConfig($path = null)
{
$ts =& MyTextSanitizer::getInstance();
$path = str_replace( DIRECTORY_SEPARATOR, "/", $path );
if (false === strpos($path, "/")) {
if (is_dir("{$ts->path_basic}/{$path}/")) {
$path = "{$ts->path_basic}/{$path}/";
} else {
$path = "{$ts->path_plugin}/{$path}/";
}
}
$config = @include "{$path}/config.php";
$config_custom = @include "{$path}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

function encode()
{
return array();
}

function decode()
{
return null;
}
}

/**
* Class to "clean up" text for various uses
*
* Singleton
*
* @package kernel
* @subpackage core
*
* @author Kazumi Ono
* @author Taiwen Jiang
* @author Goghs Cheng
* @copyright (c) 2000-2003 The XOOPS Project - http://www.xoops.org
*/
class MyTextSanitizer
{
/**
* @var array
*/
var $smileys = array();

/**
*
*/
var $censorConf;

/**
* @var holding reference to text
*/
var $text = "";
var $patterns = array();
var $replacements = array();

var $path_basic;
var $path_plugin;

var $config;


function __construct()
{
$this->path_basic = XOOPS_ROOT_PATH . "/class/textsanitizer";
$this->path_plugin = XOOPS_ROOT_PATH . "/Frameworks/textsanitizer";
$this->config = $this->loadConfig();
}

/*
* Constructor of this class
*
* Gets allowed html tags from admin config settings
*
should not be allowed since nl2br will be used
* when storing data.
*
* @access private
*
* @todo Sofar, this does nuttin'
*/
function MyTextSanitizer()
{
$this->__construct();
}

function loadConfig($name = null)
{
if (!empty($name)) {
return MyTextSanitizerExtension::loadConfig($name);
}

$config = include "{$this->path_basic}/config.php";
$config_custom = @include "{$this->path_basic}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

/**
* Access the only instance of this class
*
* @return object
*
* @static
* @staticvar object
*/
function &getInstance()
{
static $instance;
if (!isset($instance)) {
$instance = new MyTextSanitizer();
}
return $instance;
}

/**
* Get the smileys
*
* @param boole $isAll TRUE for all smileys, FALSE for smileys with display = 1
* @return array
*/
function getSmileys( $isAll = TRUE )
{
if (count($this->smileys) == 0) {
if ($getsmiles = $GLOBALS["xoopsDB"]->query("SELECT * FROM " . $GLOBALS["xoopsDB"]->prefix("smiles"))) {
while ($smiles = $GLOBALS["xoopsDB"]->fetchArray($getsmiles)) {
array_push($this->smileys, $smiles);
}
}
}
if ($isAll) {
return $this->smileys;
}

$smileys = array();
foreach ($this->smileys as $smile) {
if (empty($smile['display'])) continue;
$smileys[] = $smile;
}
return $smileys;
}

/**
* Replace emoticons in the message with smiley images
*
* @param string $message
*
* @return string
*/
function smiley($message)
{
$smileys = $this->getSmileys();
foreach ($smileys as $smile) {
$message = str_replace($smile['code'], '', $message);
}
return $message;
}

/**
* Make links in the text clickable
*
* @param string $text
* @return string
**/
function makeClickable(&$text)
{
$valid_chars = "a-z0-9\/\-_+=.~!%@?#&;:$\|";
$patterns = array(
"/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([{$valid_chars}]+)/ei");
$replacements = array(
"'\\1\\2://'.MyTextSanitizer::truncate( '\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'www.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'ftp.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( '\\2@\\3' ).''");
return preg_replace($patterns, $replacements, $text);
}

function truncate($text)
{
$instance = MyTextSanitizer::getInstance();
if ( empty($text) || empty($instance->config['truncate_length']) || strlen($text) < $instance->config['truncate_length'] ) return $text;
$len = floor( $instance->config['truncate_length'] / 2 );
$ret = substr($text, 0, $len) . " ... ". substr($text, 5 - $len);
return $ret;
}

/**
* Replace XoopsCodes with their equivalent HTML formatting
*
* @param string $text
* @param bool $allowimage Allow images in the text?
* On FALSE, uses links to images.
* @return string
**/
function &xoopsCodeDecode(&$text, $allowimage = 1)
{
$patterns = array();
$replacements = array();
$patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/color\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[font=(['\"]?)([^;<>\*\(\)\"']*)\\1](.*)\[\/font\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[email]([^;<>\*\(\)\"']*)\[\/email\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\(.*)\[\/b\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[i](.*)\[\/i\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[u](.*)\[\/u\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[d](.*)\[\/d\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[center](.*)\[\/center\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[left](.*)\[\/left\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[right](.*)\[\/right\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[quote]/sU";
$replacements[] = _QUOTEC.'
';
$patterns[] = "/\[\/quote]/sU";
$replacements[] = '
';
$text = str_replace( "\x00", "", $text );
$c = "[\x01-\x1f]*";
$patterns[] = "/j{$c}a{$c}v{$c}a{$c}s{$c}c{$c}r{$c}i{$c}p{$c}t{$c}:/si";
$replacements[] = "(script removed)";
$patterns[] = "/a{$c}b{$c}o{$c}u{$c}t{$c}:/si";
$replacements[] = "about :";

$patterns[] = "/"/i";
$replacements[] = "\"";
$patterns[] = "/'/i";
$replacements[] = "'";

$this->text = $text;
$this->patterns = $patterns;
$this->replacements = $replacements;

$this->config['allowimage'] = $allowimage;
$this->executeExtensions();

$text = preg_replace($this->patterns, $this->replacements, $this->text);
return $text;
}

/**
* Convert linebreaks to
tags
*
* @param string $text
*
* @return string
*/
function nl2Br($text)
{
return preg_replace("/(\015\012)|(\015)|(\012)/", "
", $text);
}

/**
* Add slashes to the text if magic_quotes_gpc is turned off.
*
* @param string $text
* @return string
**/
function addSlashes($text)
{
if (!get_magic_quotes_gpc()) {
$text = addslashes($text);
}
return $text;
}

/*
* if magic_quotes_gpc is on, stirip back slashes
*
* @param string $text
*
* @return string
*/
function stripSlashesGPC($text)
{
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
return $text;
}

/**
* for displaying data in html textbox forms
*
* @param string $text
*
* @return string
*/
function htmlSpecialChars($text)
{
//return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES));
return preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($text, ENT_QUOTES));
}

/**
* Reverses {@link htmlSpecialChars()}
*
* @param string $text
* @return string
**/
function undoHtmlSpecialChars( $text )
{
return preg_replace(array("/>/i", "/", "<", "\"", "'", " "), $text);
}

/**
* Filters textarea form data in DB for display
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &displayTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
if ($html != 1) {
// html not allowed
$text = $this->htmlSpecialChars($text);
}
$text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
$text = $this->makeClickable($text);
if ($smiley != 0) {
// process smiley
$text = $this->smiley($text);
}
if ($xcode != 0) {
// decode xcode
if ($image != 0) {
// image allowed
$text = $this->xoopsCodeDecode($text);
} else {
// image not allowed
$text = $this->xoopsCodeDecode($text, 0);
}
}
if ($br != 0) {
$text = $this->nl2Br($text);
}
$text = $this->codeConv($text, $xcode);
return $text;
}

/**
* Filters textarea form data submitted for preview
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &previewTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
$text = $this->stripSlashesGPC($text);
$text = $this->displayTarea( $text, $html, $smiley, $xcode, $image, $br );
return $text;
}

/**
* Replaces banned words in a string with their replacements
*
* @param string $text
* @return string
*
* @deprecated
**/
function &censorString(&$text)
{
$ret = $this->executeExtension('censor', $text);
if ($ret === false) {
return $text;
}
return $ret;
}

/**#@+
* Sanitizing of
tag
     
*/
    function 
codePreConv($text$xcode 1)
    {
        if (
$xcode != 0) {
            
$patterns "/[code([^]]*?)](.*)[/code]/esU";
            
$replacements "'[code\1]'.base64_encode('\2').'
'";
$text = preg_replace($patterns, $replacements, $text);
}
return $text;
}

function codeConv($text, $xcode = 1)
{
if (empty($xcode)) return $text;
$patterns = "/\[code([^\]]*?)\](.*)\[\/code\]/esU";
$replacements = "'
'.\$this->executeExtension('syntaxhighlight', \$this->htmlSpecialChars(str_replace('\\\"', '\"', base64_decode('$2'))), '$1').'
'";

[b]// eXtGallery Hack
$patterns[] = "/\[gallery]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '\\2';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1 title=(['\"]?)([ a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '\\4';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1 group=(['\"]?)([a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '\\2';
// End eXtGallery Hack

$text = preg_replace($patterns, $replacements, $text);
return $text;
}
/**#@-*/

function executeExtensions()
{
$extensions = array_filter($this->config['extensions']);
if (empty($extensions)) return true;
foreach (array_keys($extensions) as $extension) {
$this->executeExtension($extension);
}
}

function loadExtension($name)
{
if (! include_once "{$this->path_basic}/{$name}/{$name}.php" ) {
if (! include_once "{$this->path_plugin}/{$name}/{$name}.php" ) {
return false;
}
}
$class = "Myts" . ucfirst($name);
if (! class_exists($class) ) {
trigger_error("Extension {$name} not exist", E_USER_WARNING);
return false;
}
$extension =& new $class($this);
return $extension;
}

function executeExtension($name)
{
$extension = $this->loadExtension($name);
$args = array_slice(func_get_args(), 1);

return call_user_func_array(array($extension, 'load'), array_merge( array(&$this), $args));
}

/*
* Filter out possible malicious text
* kses project at SF could be a good solution to check
*
* @param string $text text to filter
* @param bool $force force filtering
* @return string filtered text
*/
function textFilter($text, $force = false)
{
$ret = $this->executeExtension('textfilter', $text, $force);
if ($ret === false) {
return $text;
}
return $ret;
}


##################### Deprecated Methods ######################

/**#@+
* @deprecated
*/

function codeSanitizer($str, $image = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$str = $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str)));
$str = $this->xoopsCodeDecode($str, $image);
return $str;
}

function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->oopsStripSlashesGPC($text);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function makeTboxData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//$text = $this->undoHtmlSpecialChars($text);
return $this->addSlashes($text);
}

function makeTboxData4Show($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function makeTboxData4Preview($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->displayTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->previewTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//if magic_quotes_gpc is on, do stipslashes
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4InsideQuotes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsStripSlashesGPC($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->stripSlashesGPC($text);
}

function oopsStripSlashesRT($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if (get_magic_quotes_runtime()) {
$text = stripslashes($text);
}
return $text;
}

function oopsAddSlashes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function oopsHtmlSpecialChars($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsNl2Br($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->nl2br($text);
}
/**#@-*/
}
?>

3
nmshah
Re: extgallery hook hack and xoops 2.3.1
  • 2008/10/20 21:18

  • nmshah

  • Just can't stay away

  • Posts: 556

  • Since: 2007/7/2 8


xoops debug info:

Fatal error: [] operator not supported for strings in H:\xampp\htdocs\aol\class\module.textsanitizer.php on line 499


---------------Edited----------------------

Solved by removing [] from all the lines in the xoopscodedecode.txt before adding them to the moduletexesanitizer.php

Still i will like to know if i have added the code at the right place in the file.

4
stefan88
Re: extgallery hook hack and xoops 2.3.1
  • 2008/10/21 7:20

  • stefan88

  • Community Support Member

  • Posts: 1086

  • Since: 2004/9/20


Quote:
Still i will like to know if i have added the code at the right place in the file.


Hi,

from what you posted you are adding the code at the wrong place - in function "codeConv" instead of function "xoopsCodeDecode" (it is before the codeConv).

..

5
nmshah
Re: extgallery hook hack and xoops 2.3.1
  • 2008/10/21 18:46

  • nmshah

  • Just can't stay away

  • Posts: 556

  • Since: 2007/7/2 8


Thanks a lot stefan88. Based on your post i have edited the moduletextsanitizer.php file again. Hopefully this time i have done it right. Pls let me know.

The contents of the file are:

/*
You may not change or alter any portion of this comment or credits
of supporting developers from this source code or any supporting source code
which is considered copyrighted (c) material of the original comment or credit authors.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
* TextSanitizer extension
*
* @copyright The XOOPS project https://xoops.org/
* @license http://www.fsf.org/copyleft/gpl.html GNU public license
* @package class
* @since 2.3.0
* @author Kazumi Ono (http://www.myweb.ne.jp/, http://www.xoopscube.jp/)
* @author Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/)
* @author Taiwen Jiang
* @version $Id: module.textsanitizer.php 1993 2008-08-30 10:49:06Z phppp $
*/

/**
* Abstract class for extensions
*
* @author Taiwen Jiang
* @copyright The XOOPS Project
*/
class MyTextSanitizerExtension
{
var $instance;
var $ts;
var $config;
var $image_path;

function __construct(&$ts)
{
$this->ts = $ts;
$this->image_path = XOOPS_URL . '/images/form';
}

function MyTextSanitizerExtension(&$ts)
{
$this->__construct($ts);
}

/*
function &getInstance($myts)
{
if (!isset(self::$instance)) {
$class = __CLASS__;
self::$instance = new $class($myts);
}
return self::$instance;
}

function load($myts, $config = null)
{
$instance = self::getInstance($myts);
if ($config) {
$this->config = $instance->loadConfig($config);
}
}
*/

function loadConfig($path = null)
{
$ts =& MyTextSanitizer::getInstance();
$path = str_replace( DIRECTORY_SEPARATOR, "/", $path );
if (false === strpos($path, "/")) {
if (is_dir("{$ts->path_basic}/{$path}/")) {
$path = "{$ts->path_basic}/{$path}/";
} else {
$path = "{$ts->path_plugin}/{$path}/";
}
}
$config = @include "{$path}/config.php";
$config_custom = @include "{$path}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

function encode()
{
return array();
}

function decode()
{
return null;
}
}

/**
* Class to "clean up" text for various uses
*
* Singleton
*
* @package kernel
* @subpackage core
*
* @author Kazumi Ono
* @author Taiwen Jiang
* @author Goghs Cheng
* @copyright (c) 2000-2003 The XOOPS Project - http://www.xoops.org
*/
class MyTextSanitizer
{
/**
* @var array
*/
var $smileys = array();

/**
*
*/
var $censorConf;

/**
* @var holding reference to text
*/
var $text = "";
var $patterns = array();
var $replacements = array();

var $path_basic;
var $path_plugin;

var $config;


function __construct()
{
$this->path_basic = XOOPS_ROOT_PATH . "/class/textsanitizer";
$this->path_plugin = XOOPS_ROOT_PATH . "/Frameworks/textsanitizer";
$this->config = $this->loadConfig();
}

/*
* Constructor of this class
*
* Gets allowed html tags from admin config settings
*
should not be allowed since nl2br will be used
* when storing data.
*
* @access private
*
* @todo Sofar, this does nuttin'
*/
function MyTextSanitizer()
{
$this->__construct();
}

function loadConfig($name = null)
{
if (!empty($name)) {
return MyTextSanitizerExtension::loadConfig($name);
}

$config = include "{$this->path_basic}/config.php";
$config_custom = @include "{$this->path_basic}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

/**
* Access the only instance of this class
*
* @return object
*
* @static
* @staticvar object
*/
function &getInstance()
{
static $instance;
if (!isset($instance)) {
$instance = new MyTextSanitizer();
}
return $instance;
}

/**
* Get the smileys
*
* @param boole $isAll TRUE for all smileys, FALSE for smileys with display = 1
* @return array
*/
function getSmileys( $isAll = TRUE )
{
if (count($this->smileys) == 0) {
if ($getsmiles = $GLOBALS["xoopsDB"]->query("SELECT * FROM " . $GLOBALS["xoopsDB"]->prefix("smiles"))) {
while ($smiles = $GLOBALS["xoopsDB"]->fetchArray($getsmiles)) {
array_push($this->smileys, $smiles);
}
}
}
if ($isAll) {
return $this->smileys;
}

$smileys = array();
foreach ($this->smileys as $smile) {
if (empty($smile['display'])) continue;
$smileys[] = $smile;
}
return $smileys;
}

/**
* Replace emoticons in the message with smiley images
*
* @param string $message
*
* @return string
*/
function smiley($message)
{
$smileys = $this->getSmileys();
foreach ($smileys as $smile) {
$message = str_replace($smile['code'], '', $message);
}
return $message;
}

/**
* Make links in the text clickable
*
* @param string $text
* @return string
**/
function makeClickable(&$text)
{
$valid_chars = "a-z0-9\/\-_+=.~!%@?#&;:$\|";
$patterns = array(
"/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([{$valid_chars}]+)/ei");
$replacements = array(
"'\\1\\2://'.MyTextSanitizer::truncate( '\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'www.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'ftp.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( '\\2@\\3' ).''");
return preg_replace($patterns, $replacements, $text);
}

function truncate($text)
{
$instance = MyTextSanitizer::getInstance();
if ( empty($text) || empty($instance->config['truncate_length']) || strlen($text) < $instance->config['truncate_length'] ) return $text;
$len = floor( $instance->config['truncate_length'] / 2 );
$ret = substr($text, 0, $len) . " ... ". substr($text, 5 - $len);
return $ret;
}

/**
* Replace XoopsCodes with their equivalent HTML formatting
*
* @param string $text
* @param bool $allowimage Allow images in the text?
* On FALSE, uses links to images.
* @return string
**/
function &xoopsCodeDecode(&$text, $allowimage = 1)
{
$patterns = array();
$replacements = array();
$patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/color\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[font=(['\"]?)([^;<>\*\(\)\"']*)\\1](.*)\[\/font\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[email]([^;<>\*\(\)\"']*)\[\/email\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[b](.*)\[\/b\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[i](.*)\[\/i\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[u](.*)\[\/u\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[d](.*)\[\/d\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[center](.*)\[\/center\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[left](.*)\[\/left\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[right](.*)\[\/right\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[quote]/sU";
$replacements[] = _QUOTEC.'
';
$patterns[] = "/\[\/quote]/sU";
$replacements[] = '
';
$text = str_replace( "\x00", "", $text );
$c = "[\x01-\x1f]*";
$patterns[] = "/j{$c}a{$c}v{$c}a{$c}s{$c}c{$c}r{$c}i{$c}p{$c}t{$c}:/si";
$replacements[] = "(script removed)";
$patterns[] = "/a{$c}b{$c}o{$c}u{$c}t{$c}:/si";
$replacements[] = "about :";

$patterns[] = "/"/i";
$replacements[] = "\"";
$patterns[] = "/'/i";
$replacements[] = "'";

$this->text = $text;
$this->patterns = $patterns;
$this->replacements = $replacements;

$this->config['allowimage'] = $allowimage;
$this->executeExtensions();

// eXtGallery Hack
$patterns[] = "/\[gallery]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '\\2';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1 title=(['\"]?)([ a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '\\4';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1 group=(['\"]?)([a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '\\2';
// End eXtGallery Hack

$text = preg_replace($this->patterns, $this->replacements, $this->text);
return $text;
}

/**
* Convert linebreaks to
tags
*
* @param string $text
*
* @return string
*/
function nl2Br($text)
{
return preg_replace("/(\015\012)|(\015)|(\012)/", "
", $text);
}

/**
* Add slashes to the text if magic_quotes_gpc is turned off.
*
* @param string $text
* @return string
**/
function addSlashes($text)
{
if (!get_magic_quotes_gpc()) {
$text = addslashes($text);
}
return $text;
}

/*
* if magic_quotes_gpc is on, stirip back slashes
*
* @param string $text
*
* @return string
*/
function stripSlashesGPC($text)
{
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
return $text;
}

/**
* for displaying data in html textbox forms
*
* @param string $text
*
* @return string
*/
function htmlSpecialChars($text)
{
//return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES));
return preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($text, ENT_QUOTES));
}

/**
* Reverses {@link htmlSpecialChars()}
*
* @param string $text
* @return string
**/
function undoHtmlSpecialChars( $text )
{
return preg_replace(array("/>/i", "/", "<", "\"", "'", " "), $text);
}

/**
* Filters textarea form data in DB for display
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &displayTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
if ($html != 1) {
// html not allowed
$text = $this->htmlSpecialChars($text);
}
$text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
$text = $this->makeClickable($text);
if ($smiley != 0) {
// process smiley
$text = $this->smiley($text);
}
if ($xcode != 0) {
// decode xcode
if ($image != 0) {
// image allowed
$text = $this->xoopsCodeDecode($text);
} else {
// image not allowed
$text = $this->xoopsCodeDecode($text, 0);
}
}
if ($br != 0) {
$text = $this->nl2Br($text);
}
$text = $this->codeConv($text, $xcode);
return $text;
}

/**
* Filters textarea form data submitted for preview
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &previewTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
$text = $this->stripSlashesGPC($text);
$text = $this->displayTarea( $text, $html, $smiley, $xcode, $image, $br );
return $text;
}

/**
* Replaces banned words in a string with their replacements
*
* @param string $text
* @return string
*
* @deprecated
**/
function &censorString(&$text)
{
$ret = $this->executeExtension('censor', $text);
if ($ret === false) {
return $text;
}
return $ret;
}

/**#@+
* Sanitizing of
tag
     
*/
    function 
codePreConv($text$xcode 1)
    {
        if (
$xcode != 0) {
            
$patterns "/[code([^]]*?)](.*)[/code]/esU";
            
$replacements "'[code\1]'.base64_encode('\2').'
'";
$text = preg_replace($patterns, $replacements, $text);
}
return $text;
}

function codeConv($text, $xcode = 1)
{
if (empty($xcode)) return $text;
$patterns = "/\[code([^\]]*?)\](.*)\[\/code\]/esU";
$replacements = "'
'.\$this->executeExtension('syntaxhighlight', \$this->htmlSpecialChars(str_replace('\\\"', '\"', base64_decode('$2'))), '$1').'
'";
$text = preg_replace($patterns, $replacements, $text);
return $text;
}
/**#@-*/

function executeExtensions()
{
$extensions = array_filter($this->config['extensions']);
if (empty($extensions)) return true;
foreach (array_keys($extensions) as $extension) {
$this->executeExtension($extension);
}
}

function loadExtension($name)
{
if (! include_once "{$this->path_basic}/{$name}/{$name}.php" ) {
if (! include_once "{$this->path_plugin}/{$name}/{$name}.php" ) {
return false;
}
}
$class = "Myts" . ucfirst($name);
if (! class_exists($class) ) {
trigger_error("Extension {$name} not exist", E_USER_WARNING);
return false;
}
$extension =& new $class($this);
return $extension;
}

function executeExtension($name)
{
$extension = $this->loadExtension($name);
$args = array_slice(func_get_args(), 1);

return call_user_func_array(array($extension, 'load'), array_merge( array(&$this), $args));
}

/*
* Filter out possible malicious text
* kses project at SF could be a good solution to check
*
* @param string $text text to filter
* @param bool $force force filtering
* @return string filtered text
*/
function textFilter($text, $force = false)
{
$ret = $this->executeExtension('textfilter', $text, $force);
if ($ret === false) {
return $text;
}
return $ret;
}


##################### Deprecated Methods ######################

/**#@+
* @deprecated
*/

function codeSanitizer($str, $image = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$str = $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str)));
$str = $this->xoopsCodeDecode($str, $image);
return $str;
}

function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->oopsStripSlashesGPC($text);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function makeTboxData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//$text = $this->undoHtmlSpecialChars($text);
return $this->addSlashes($text);
}

function makeTboxData4Show($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function makeTboxData4Preview($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->displayTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->previewTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//if magic_quotes_gpc is on, do stipslashes
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4InsideQuotes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsStripSlashesGPC($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->stripSlashesGPC($text);
}

function oopsStripSlashesRT($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if (get_magic_quotes_runtime()) {
$text = stripslashes($text);
}
return $text;
}

function oopsAddSlashes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function oopsHtmlSpecialChars($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsNl2Br($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->nl2br($text);
}
/**#@-*/
}
?>

6
urbanspacema
Re: extgallery hook hack and xoops 2.3.1

Hello, my module.textsanitizer.php this is
but does not work ...

can you help me?
Tnx

7
btesec
Re: extgallery hook hack and xoops 2.3.1
  • 2008/11/12 19:28

  • btesec

  • Friend of XOOPS

  • Posts: 623

  • Since: 2007/2/20


Also the "Nb Albums" column does not show the number of albums. can anyone help?

8
serial-weber
Re: extgallery hook hack and xoops 2.3.1

Hi,

Can I use the hook hack with Extgallery 1.08 ??
Is there frenche translation?

Thanks

Login

Who's Online

341 user(s) are online (265 user(s) are browsing Support Forums)


Members: 0


Guests: 341


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits