Re: extgallery hook hack and xoops 2.3.1 [Module usage questions]

1

extgallery hook hack and xoops 2.3.1

2008/10/20 21:01
nmshah
Just can't stay away
Posts: 556
Since: 2007/7/2 8

How do we use the hook hack in XOOPS 2.3.1

The readme file says:

 INSTALLATION : 
 
1- Copy the 5 file in the "files" folder to the "include" folder of XOOPS (www.monsite.com/include/) 
    - lightbox.css 
    - lightbox.php 
    - prototype.js 
    - scriptaculous.js 
    - effects.js 
 
2- Copy the 5 images in the "images" folder to the "images" folder of XOOPS (www.monsite.com/images/) 
    - blank.gif 
    - closelabel.gif 
    - loading.gif 
    - nextlabel.gif 
    - prevlabel.gif 
 
3- You must hack the XOOPS textsanitizer (www.monsite.com/class/module.textsanitizer.php). 
    - Find the xoopsCodeDecode methode (around the line 146) 
    - Goes to the end of the methode and add the content of the "xoopsCodeDecode.txt" file just before : 
     
        $text = preg_replace($patterns, $replacements, $text); 
        return $text; 
 
4- You have to add script to your theme. 
    - Open your theme.html on your running theme 
    - Add these 4 lines on the head part of your theme 
         
        <link rel="stylesheet" href="<{$xoops_url}>/include/lightbox.css" type="text/css" media="screen" /> 
        <script type="text/javascript" src="<{$xoops_url}>/include/prototype.js">script> 
        <script type="text/javascript" src="<{$xoops_url}>/include/scriptaculous.js?load=effects">script> 
        <script type="text/javascript" src="<{$xoops_url}>/include/lightbox.php?dirname=<{$xoops_dirname}>">script> 
 
5- Finally, you must delete all files on the "template_c" folder EXCEPT the "index.html" file.

Of this there is no problems with 1 and 2.
3. is where the problem is coming in i guess. because after i do this the site shows blank page. Once i remove the newly added codes the site becomes operational again.
4. I m using zetagenesis theme so added the script to xoscript.html in the xotpl folder of the theme
5. Cleared the smarty_compile folder

Nitin Shah
Hypnosis is the fastest way to send messages to the mind

2

Re: extgallery hook hack and xoops 2.3.1

2008/10/20 21:05
nmshah
Just can't stay away
Posts: 556
Since: 2007/7/2 8

The content of my module.textsanitizer.php after making the after adding the xoopscodedecode.txt to code is

/*
You may not change or alter any portion of this comment or credits
of supporting developers from this source code or any supporting source code
which is considered copyrighted (c) material of the original comment or credit authors.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
* TextSanitizer extension
*
* @copyright The XOOPS project https://xoops.org/
* @license http://www.fsf.org/copyleft/gpl.html GNU public license
* @package class
* @since 2.3.0
* @author Kazumi Ono (http://www.myweb.ne.jp/, http://www.xoopscube.jp/)
* @author Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/)
* @author Taiwen Jiang
* @version $Id: module.textsanitizer.php 1993 2008-08-30 10:49:06Z phppp $
*/

/**
* Abstract class for extensions
*
* @author Taiwen Jiang
* @copyright The XOOPS Project
*/
class MyTextSanitizerExtension
{
var $instance;
var $ts;
var $config;
var $image_path;

function __construct(&$ts)
{
$this->ts = $ts;
$this->image_path = XOOPS_URL . '/images/form';
}

function MyTextSanitizerExtension(&$ts)
{
$this->__construct($ts);
}

/*
function &getInstance($myts)
{
if (!isset(self::$instance)) {
$class = __CLASS__;
self::$instance = new $class($myts);
}
return self::$instance;
}

function load($myts, $config = null)
{
$instance = self::getInstance($myts);
if ($config) {
$this->config = $instance->loadConfig($config);
}
}
*/

function loadConfig($path = null)
{
$ts =& MyTextSanitizer::getInstance();
$path = str_replace( DIRECTORY_SEPARATOR, "/", $path );
if (false === strpos($path, "/")) {
if (is_dir("{$ts->path_basic}/{$path}/")) {
$path = "{$ts->path_basic}/{$path}/";
} else {
$path = "{$ts->path_plugin}/{$path}/";
}
}
$config = @include "{$path}/config.php";
$config_custom = @include "{$path}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

function encode()
{
return array();
}

function decode()
{
return null;
}
}

/**
* Class to "clean up" text for various uses
*
* Singleton
*
* @package kernel
* @subpackage core
*
* @author Kazumi Ono
* @author Taiwen Jiang
* @author Goghs Cheng
* @copyright (c) 2000-2003 The XOOPS Project - http://www.xoops.org
*/
class MyTextSanitizer
{
/**
* @var array
*/
var $smileys = array();

/**
*
*/
var $censorConf;

/**
* @var holding reference to text
*/
var $text = "";
var $patterns = array();
var $replacements = array();

var $path_basic;
var $path_plugin;

var $config;

function __construct()
{
$this->path_basic = XOOPS_ROOT_PATH . "/class/textsanitizer";
$this->path_plugin = XOOPS_ROOT_PATH . "/Frameworks/textsanitizer";
$this->config = $this->loadConfig();
}

/*
* Constructor of this class
*
* Gets allowed html tags from admin config settings
*
should not be allowed since nl2br will be used
* when storing data.
*
* @access private
*
* @todo Sofar, this does nuttin'

*/
function MyTextSanitizer()
{
$this->__construct();
}

function loadConfig($name = null)
{
if (!empty($name)) {
return MyTextSanitizerExtension::loadConfig($name);
}

$config = include "{$this->path_basic}/config.php";
$config_custom = @include "{$this->path_basic}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

/**
* Access the only instance of this class
*
* @return object
*
* @static
* @staticvar object
*/
function &getInstance()
{
static $instance;
if (!isset($instance)) {
$instance = new MyTextSanitizer();
}
return $instance;
}

/**
* Get the smileys
*
* @param boole $isAll TRUE for all smileys, FALSE for smileys with display = 1
* @return array
*/
function getSmileys( $isAll = TRUE )
{
if (count($this->smileys) == 0) {
if ($getsmiles = $GLOBALS["xoopsDB"]->query("SELECT * FROM " . $GLOBALS["xoopsDB"]->prefix("smiles"))) {
while ($smiles = $GLOBALS["xoopsDB"]->fetchArray($getsmiles)) {
array_push($this->smileys, $smiles);
}
}
}
if ($isAll) {
return $this->smileys;
}

$smileys = array();
foreach ($this->smileys as $smile) {
if (empty($smile['display'])) continue;
$smileys[] = $smile;
}
return $smileys;
}

/**
* Replace emoticons in the message with smiley images
*
* @param string $message
*
* @return string
*/
function smiley($message)
{
$smileys = $this->getSmileys();
foreach ($smileys as $smile) {
$message = str_replace($smile['code'], '

', $message);
}
return $message;
}

/**
* Make links in the text clickable
*
* @param string $text
* @return string
**/
function makeClickable(&$text)
{
$valid_chars = "a-z0-9\/\-_+=.~!%@?#&;:$\|";
$patterns = array(
"/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([{$valid_chars}]+)/ei");
$replacements = array(
"'\\1\\2://'.MyTextSanitizer::truncate( '\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'www.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'ftp.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( '\\2@\\3' ).''");
return preg_replace($patterns, $replacements, $text);
}

function truncate($text)
{
$instance = MyTextSanitizer::getInstance();
if ( empty($text) || empty($instance->config['truncate_length']) || strlen($text) < $instance->config['truncate_length'] ) return $text;
$len = floor( $instance->config['truncate_length'] / 2 );
$ret = substr($text, 0, $len) . " ... ". substr($text, 5 - $len);
return $ret;
}

/**
* Replace XoopsCodes with their equivalent HTML formatting
*
* @param string $text
* @param bool $allowimage Allow images in the text?
* On FALSE, uses links to images.
* @return string
**/
function &xoopsCodeDecode(&$text, $allowimage = 1)
{
$patterns = array();
$replacements = array();
$patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/color\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[font=(['\"]?)([^;<>\*\"']*)\\1](.*)\[\/font\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[email]([^;<>\*\"']*)\[\/email\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\(.*)\[\/b\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[i](.*)\[\/i\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[u](.*)\[\/u\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[d](.*)\[\/d\]/sU";
$replacements[] = '~~\\1~~';
$patterns[] = "/\[center](.*)\[\/center\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[left](.*)\[\/left\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[right](.*)\[\/right\]/sU";
$replacements[] = '
\\1
';
$patterns[] = "/\[quote]/sU";
$replacements[] = _QUOTEC.'
';
$patterns[] = "/\[\/quote]/sU";
$replacements[] = '
';
$text = str_replace( "\x00", "", $text );
$c = "[\x01-\x1f]*";
$patterns[] = "/j{$c}a{$c}v{$c}a{$c}s{$c}c{$c}r{$c}i{$c}p{$c}t{$c}:/si";
$replacements[] = "(script removed)";
$patterns[] = "/a{$c}b{$c}o{$c}u{$c}t{$c}:/si";
$replacements[] = "about :";

$patterns[] = "/"/i";
$replacements[] = "\"";
$patterns[] = "/'/i";
$replacements[] = "'";

$this->text = $text;
$this->patterns = $patterns;
$this->replacements = $replacements;

$this->config['allowimage'] = $allowimage;
$this->executeExtensions();

$text = preg_replace($this->patterns, $this->replacements, $this->text);
return $text;
}

/**
* Convert linebreaks to
tags
*
* @param string $text
*
* @return string
*/
function nl2Br($text)
{
return preg_replace("/(\015\012)|(\015)|(\012)/", "
", $text);
}

/**
* Add slashes to the text if magic_quotes_gpc is turned off.
*
* @param string $text
* @return string
**/
function addSlashes($text)
{
if (!get_magic_quotes_gpc()) {
$text = addslashes($text);
}
return $text;
}

/*
* if magic_quotes_gpc is on, stirip back slashes
*
* @param string $text
*
* @return string
*/
function stripSlashesGPC($text)
{
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
return $text;
}

/**
* for displaying data in html textbox forms
*
* @param string $text
*
* @return string
*/
function htmlSpecialChars($text)
{
//return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES));
return preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($text, ENT_QUOTES));
}

/**
* Reverses {@link htmlSpecialChars()}
*
* @param string $text
* @return string
**/
function undoHtmlSpecialChars( $text )
{
return preg_replace(array("/>/i", "/", "<", "\"", "'", " "), $text);
}

/**
* Filters textarea form data in DB for display
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &displayTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
if ($html != 1) {
// html not allowed
$text = $this->htmlSpecialChars($text);
}
$text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
$text = $this->makeClickable($text);
if ($smiley != 0) {
// process smiley
$text = $this->smiley($text);
}
if ($xcode != 0) {
// decode xcode
if ($image != 0) {
// image allowed
$text = $this->xoopsCodeDecode($text);
} else {
// image not allowed
$text = $this->xoopsCodeDecode($text, 0);
}
}
if ($br != 0) {
$text = $this->nl2Br($text);
}
$text = $this->codeConv($text, $xcode);
return $text;
}

/**
* Filters textarea form data submitted for preview
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &previewTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
$text = $this->stripSlashesGPC($text);
$text = $this->displayTarea( $text, $html, $smiley, $xcode, $image, $br );
return $text;
}

/**
* Replaces banned words in a string with their replacements
*
* @param string $text
* @return string
*
* @deprecated
**/
function &censorString(&$text)
{
$ret = $this->executeExtension('censor', $text);
if ($ret === false) {
return $text;
}
return $ret;
}

/**#@+
* Sanitizing of
tag */ function codePreConv($text, $xcode = 1) { if ($xcode != 0) { $patterns = "/[code([^]]*?)](.*)[/code]/esU"; $replacements = "'[code\1]'.base64_encode('\2').'
'";
$text = preg_replace($patterns, $replacements, $text);
}
return $text;
}

function codeConv($text, $xcode = 1)
{
if (empty($xcode)) return $text;
$patterns = "/\[code([^\]]*?)\](.*)\[\/code\]/esU";
$replacements = "'
'.\$this->executeExtension('syntaxhighlight', \$this->htmlSpecialChars(str_replace('\\\"', '\"', base64_decode('$2'))), '$1').'
'";

[b]// eXtGallery Hack
$patterns[] = "/\[gallery]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = ' $\\2$ ';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1 title=(['\"]?)([ a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = ' $\\4$ ';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1 group=(['\"]?)([a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = ' $\\2$ ';
// End eXtGallery Hack

$text = preg_replace($patterns, $replacements, $text);
return $text;
}
/**#@-*/

function executeExtensions()
{
$extensions = array_filter($this->config['extensions']);
if (empty($extensions)) return true;
foreach (array_keys($extensions) as $extension) {
$this->executeExtension($extension);
}
}

function loadExtension($name)
{
if (! include_once "{$this->path_basic}/{$name}/{$name}.php" ) {
if (! include_once "{$this->path_plugin}/{$name}/{$name}.php" ) {
return false;
}
}
$class = "Myts" . ucfirst($name);
if (! class_exists($class) ) {
trigger_error("Extension {$name} not exist", E_USER_WARNING);
return false;
}
$extension =& new $class($this);
return $extension;
}

function executeExtension($name)
{
$extension = $this->loadExtension($name);
$args = array_slice(func_get_args(), 1);

return call_user_func_array(array($extension, 'load'), array_merge( array(&$this), $args));
}

/*
* Filter out possible malicious text
* kses project at SF could be a good solution to check
*
* @param string $text text to filter
* @param bool $force force filtering
* @return string filtered text
*/
function textFilter($text, $force = false)
{
$ret = $this->executeExtension('textfilter', $text, $force);
if ($ret === false) {
return $text;
}
return $ret;
}

##################### Deprecated Methods ######################

/**#@+
* @deprecated
*/

function codeSanitizer($str, $image = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$str = $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str)));
$str = $this->xoopsCodeDecode($str, $image);
return $str;
}

function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->oopsStripSlashesGPC($text);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function makeTboxData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//$text = $this->undoHtmlSpecialChars($text);
return $this->addSlashes($text);
}

function makeTboxData4Show($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function makeTboxData4Preview($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->displayTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->previewTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//if magic_quotes_gpc is on, do stipslashes
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4InsideQuotes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsStripSlashesGPC($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->stripSlashesGPC($text);
}

function oopsStripSlashesRT($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if (get_magic_quotes_runtime()) {
$text = stripslashes($text);
}
return $text;
}

function oopsAddSlashes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function oopsHtmlSpecialChars($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsNl2Br($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->nl2br($text);
}
/**#@-*/
}
?>

Nitin Shah
Hypnosis is the fastest way to send messages to the mind

3

Re: extgallery hook hack and xoops 2.3.1

2008/10/20 21:18
nmshah
Just can't stay away
Posts: 556
Since: 2007/7/2 8

xoops debug info:

Fatal error: [] operator not supported for strings in H:\xampp\htdocs\aol\class\module.textsanitizer.php on line 499

---------------Edited----------------------

Solved by removing [] from all the lines in the xoopscodedecode.txt before adding them to the moduletexesanitizer.php

Still i will like to know if i have added the code at the right place in the file.

Nitin Shah
Hypnosis is the fastest way to send messages to the mind

4

Re: extgallery hook hack and xoops 2.3.1

2008/10/21 7:20
stefan88
Community Support Member
Posts: 1086
Since: 2004/9/20

Quote:

Still i will like to know if i have added the code at the right place in the file.

Hi,

from what you posted you are adding the code at the wrong place - in function "codeConv" instead of function "xoopsCodeDecode" (it is before the codeConv).

..

5

Re: extgallery hook hack and xoops 2.3.1

2008/10/21 18:46
nmshah
Just can't stay away
Posts: 556
Since: 2007/7/2 8

Thanks a lot stefan88. Based on your post i have edited the moduletextsanitizer.php file again. Hopefully this time i have done it right. Pls let me know.

The contents of the file are:

/*
You may not change or alter any portion of this comment or credits
of supporting developers from this source code or any supporting source code
which is considered copyrighted (c) material of the original comment or credit authors.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
* TextSanitizer extension
*
* @copyright The XOOPS project https://xoops.org/
* @license http://www.fsf.org/copyleft/gpl.html GNU public license
* @package class
* @since 2.3.0
* @author Kazumi Ono (http://www.myweb.ne.jp/, http://www.xoopscube.jp/)
* @author Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/)
* @author Taiwen Jiang
* @version $Id: module.textsanitizer.php 1993 2008-08-30 10:49:06Z phppp $
*/

/**
* Abstract class for extensions
*
* @author Taiwen Jiang
* @copyright The XOOPS Project
*/
class MyTextSanitizerExtension
{
var $instance;
var $ts;
var $config;
var $image_path;

function __construct(&$ts)
{
$this->ts = $ts;
$this->image_path = XOOPS_URL . '/images/form';
}

function MyTextSanitizerExtension(&$ts)
{
$this->__construct($ts);
}

/*
function &getInstance($myts)
{
if (!isset(self::$instance)) {
$class = __CLASS__;
self::$instance = new $class($myts);
}
return self::$instance;
}

function load($myts, $config = null)
{
$instance = self::getInstance($myts);
if ($config) {
$this->config = $instance->loadConfig($config);
}
}
*/

function loadConfig($path = null)
{
$ts =& MyTextSanitizer::getInstance();
$path = str_replace( DIRECTORY_SEPARATOR, "/", $path );
if (false === strpos($path, "/")) {
if (is_dir("{$ts->path_basic}/{$path}/")) {
$path = "{$ts->path_basic}/{$path}/";
} else {
$path = "{$ts->path_plugin}/{$path}/";
}
}
$config = @include "{$path}/config.php";
$config_custom = @include "{$path}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

function encode()
{
return array();
}

function decode()
{
return null;
}
}

/**
* Class to "clean up" text for various uses
*
* Singleton
*
* @package kernel
* @subpackage core
*
* @author Kazumi Ono
* @author Taiwen Jiang
* @author Goghs Cheng
* @copyright (c) 2000-2003 The XOOPS Project - http://www.xoops.org
*/
class MyTextSanitizer
{
/**
* @var array
*/
var $smileys = array();

/**
*
*/
var $censorConf;

/**
* @var holding reference to text
*/
var $text = "";
var $patterns = array();
var $replacements = array();

var $path_basic;
var $path_plugin;

var $config;

function __construct()
{
$this->path_basic = XOOPS_ROOT_PATH . "/class/textsanitizer";
$this->path_plugin = XOOPS_ROOT_PATH . "/Frameworks/textsanitizer";
$this->config = $this->loadConfig();
}

/*
* Constructor of this class
*
* Gets allowed html tags from admin config settings
*
should not be allowed since nl2br will be used
* when storing data.
*
* @access private
*
* @todo Sofar, this does nuttin'

*/
function MyTextSanitizer()
{
$this->__construct();
}

function loadConfig($name = null)
{
if (!empty($name)) {
return MyTextSanitizerExtension::loadConfig($name);
}

$config = include "{$this->path_basic}/config.php";
$config_custom = @include "{$this->path_basic}/config.custom.php";
if (is_array($config_custom)) {
foreach ($config_custom as $key => $val) {
$config[$key] = $val;
}
}

return $config;
}

/**
* Access the only instance of this class
*
* @return object
*
* @static
* @staticvar object
*/
function &getInstance()
{
static $instance;
if (!isset($instance)) {
$instance = new MyTextSanitizer();
}
return $instance;
}

/**
* Get the smileys
*
* @param boole $isAll TRUE for all smileys, FALSE for smileys with display = 1
* @return array
*/
function getSmileys( $isAll = TRUE )
{
if (count($this->smileys) == 0) {
if ($getsmiles = $GLOBALS["xoopsDB"]->query("SELECT * FROM " . $GLOBALS["xoopsDB"]->prefix("smiles"))) {
while ($smiles = $GLOBALS["xoopsDB"]->fetchArray($getsmiles)) {
array_push($this->smileys, $smiles);
}
}
}
if ($isAll) {
return $this->smileys;
}

$smileys = array();
foreach ($this->smileys as $smile) {
if (empty($smile['display'])) continue;
$smileys[] = $smile;
}
return $smileys;
}

/**
* Replace emoticons in the message with smiley images
*
* @param string $message
*
* @return string
*/
function smiley($message)
{
$smileys = $this->getSmileys();
foreach ($smileys as $smile) {
$message = str_replace($smile['code'], '

', $message);
}
return $message;
}

/**
* Make links in the text clickable
*
* @param string $text
* @return string
**/
function makeClickable(&$text)
{
$valid_chars = "a-z0-9\/\-_+=.~!%@?#&;:$\|";
$patterns = array(
"/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([{$valid_chars}]+)/ei",
"/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([{$valid_chars}]+)/ei");
$replacements = array(
"'\\1\\2://'.MyTextSanitizer::truncate( '\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'www.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( 'ftp.\\2.\\3' ).''",
"'\\1'.MyTextSanitizer::truncate( '\\2@\\3' ).''");
return preg_replace($patterns, $replacements, $text);
}

function truncate($text)
{
$instance = MyTextSanitizer::getInstance();
if ( empty($text) || empty($instance->config['truncate_length']) || strlen($text) < $instance->config['truncate_length'] ) return $text;
$len = floor( $instance->config['truncate_length'] / 2 );
$ret = substr($text, 0, $len) . " ... ". substr($text, 5 - $len);
return $ret;
}

/**
* Replace XoopsCodes with their equivalent HTML formatting
*
* @param string $text
* @param bool $allowimage Allow images in the text?
* On FALSE, uses links to images.
* @return string
**/
function &xoopsCodeDecode(&$text, $allowimage = 1)
{
$patterns = array();
$replacements = array();
$patterns[] = "/\[siteurl=(['\"]?)([^\"'<>]*)\\1](.*)\[\/siteurl\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(http[s]?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)(ftp?:\/\/[^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[url=(['\"]?)([^\"'<>]*)\\1](.*)\[\/url\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[color=(['\"]?)([a-zA-Z0-9]*)\\1](.*)\[\/color\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[size=(['\"]?)([a-z0-9-]*)\\1](.*)\[\/size\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[font=(['\"]?)([^;<>\*\"']*)\\1](.*)\[\/font\]/sU";
$replacements[] = '\\3';
$patterns[] = "/\[email]([^;<>\*\"']*)\[\/email\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[b](.*)\[\/b\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[i](.*)\[\/i\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[u](.*)\[\/u\]/sU";
$replacements[] = '\\1';
$patterns[] = "/\[d](.*)\[\/d\]/sU";
$replacements[] = '~~\\1~~';
$patterns[] = "/\[center](.*)\[\/center\]/sU";
$replacements[] = '

\\1

';
$patterns[] = "/\[left](.*)\[\/left\]/sU";
$replacements[] = '

\\1

';
$patterns[] = "/\[right](.*)\[\/right\]/sU";
$replacements[] = '

\\1

';
$patterns[] = "/\[quote]/sU";
$replacements[] = _QUOTEC.'

';
$patterns[] = "/\[\/quote]/sU";
$replacements[] = '

';
$text = str_replace( "\x00", "", $text );
$c = "[\x01-\x1f]*";
$patterns[] = "/j{$c}a{$c}v{$c}a{$c}s{$c}c{$c}r{$c}i{$c}p{$c}t{$c}:/si";
$replacements[] = "(script removed)";
$patterns[] = "/a{$c}b{$c}o{$c}u{$c}t{$c}:/si";
$replacements[] = "about :";

$patterns[] = "/"/i";
$replacements[] = "\"";
$patterns[] = "/'/i";
$replacements[] = "'";

$this->text = $text;
$this->patterns = $patterns;
$this->replacements = $replacements;

$this->config['allowimage'] = $allowimage;
$this->executeExtensions();

// eXtGallery Hack
$patterns[] = "/\[gallery]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '

';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = ' $\\2$ ';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1]([0-9]*)\[\/gallery\]/sU";
$replacements[] = '

';

$patterns[] = "/\[gallery group=(['\"]?)([a-zA-Z0-9]*)\\1 title=(['\"]?)([ a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = ' $\\4$ ';

$patterns[] = "/\[gallery title=(['\"]?)([ a-zA-Z0-9]*)\\1 group=(['\"]?)([a-zA-Z0-9]*)\\3]([0-9]*)\[\/gallery\]/sU";
$replacements[] = ' $\\2$ ';
// End eXtGallery Hack

$text = preg_replace($this->patterns, $this->replacements, $this->text);
return $text;
}

/**
* Convert linebreaks to
tags
*
* @param string $text
*
* @return string
*/
function nl2Br($text)
{
return preg_replace("/(\015\012)|(\015)|(\012)/", "
", $text);
}

/**
* Add slashes to the text if magic_quotes_gpc is turned off.
*
* @param string $text
* @return string
**/
function addSlashes($text)
{
if (!get_magic_quotes_gpc()) {
$text = addslashes($text);
}
return $text;
}

/*
* if magic_quotes_gpc is on, stirip back slashes
*
* @param string $text
*
* @return string
*/
function stripSlashesGPC($text)
{
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
return $text;
}

/**
* for displaying data in html textbox forms
*
* @param string $text
*
* @return string
*/
function htmlSpecialChars($text)
{
//return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES));
return preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($text, ENT_QUOTES));
}

/**
* Reverses {@link htmlSpecialChars()}
*
* @param string $text
* @return string
**/
function undoHtmlSpecialChars( $text )
{
return preg_replace(array("/>/i", "/", "<", "\"", "'", " "), $text);
}

/**
* Filters textarea form data in DB for display
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &displayTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
if ($html != 1) {
// html not allowed
$text = $this->htmlSpecialChars($text);
}
$text = $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
$text = $this->makeClickable($text);
if ($smiley != 0) {
// process smiley
$text = $this->smiley($text);
}
if ($xcode != 0) {
// decode xcode
if ($image != 0) {
// image allowed
$text = $this->xoopsCodeDecode($text);
} else {
// image not allowed
$text = $this->xoopsCodeDecode($text, 0);
}
}
if ($br != 0) {
$text = $this->nl2Br($text);
}
$text = $this->codeConv($text, $xcode);
return $text;
}

/**
* Filters textarea form data submitted for preview
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &previewTarea( $text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
$text = $this->stripSlashesGPC($text);
$text = $this->displayTarea( $text, $html, $smiley, $xcode, $image, $br );
return $text;
}

/**
* Replaces banned words in a string with their replacements
*
* @param string $text
* @return string
*
* @deprecated
**/
function &censorString(&$text)
{
$ret = $this->executeExtension('censor', $text);
if ($ret === false) {
return $text;
}
return $ret;
}

/**#@+
* Sanitizing of

 tag 
     */ 
    function codePreConv($text, $xcode = 1) 
    { 
        if ($xcode != 0) { 
            $patterns = "/[code([^]]*?)](.*)[/code]/esU"; 
            $replacements = "'[code\1]'.base64_encode('\2').'

'";
$text = preg_replace($patterns, $replacements, $text);
}
return $text;
}

function codeConv($text, $xcode = 1)
{
if (empty($xcode)) return $text;
$patterns = "/\[code([^\]]*?)\](.*)\[\/code\]/esU";
$replacements = "'

'.\$this->executeExtension('syntaxhighlight', \$this->htmlSpecialChars(str_replace('\\\"', '\"', base64_decode('$2'))), '$1').'

'";
$text = preg_replace($patterns, $replacements, $text);
return $text;
}
/**#@-*/

function executeExtensions()
{
$extensions = array_filter($this->config['extensions']);
if (empty($extensions)) return true;
foreach (array_keys($extensions) as $extension) {
$this->executeExtension($extension);
}
}

function loadExtension($name)
{
if (! include_once "{$this->path_basic}/{$name}/{$name}.php" ) {
if (! include_once "{$this->path_plugin}/{$name}/{$name}.php" ) {
return false;
}
}
$class = "Myts" . ucfirst($name);
if (! class_exists($class) ) {
trigger_error("Extension {$name} not exist", E_USER_WARNING);
return false;
}
$extension =& new $class($this);
return $extension;
}

function executeExtension($name)
{
$extension = $this->loadExtension($name);
$args = array_slice(func_get_args(), 1);

return call_user_func_array(array($extension, 'load'), array_merge( array(&$this), $args));
}

/*
* Filter out possible malicious text
* kses project at SF could be a good solution to check
*
* @param string $text text to filter
* @param bool $force force filtering
* @return string filtered text
*/
function textFilter($text, $force = false)
{
$ret = $this->executeExtension('textfilter', $text, $force);
if ($ret === false) {
return $text;
}
return $ret;
}

##################### Deprecated Methods ######################

/**#@+
* @deprecated
*/

function codeSanitizer($str, $image = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$str = $this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str)));
$str = $this->xoopsCodeDecode($str, $image);
return $str;
}

function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->oopsStripSlashesGPC($text);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}

function makeTboxData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//$text = $this->undoHtmlSpecialChars($text);
return $this->addSlashes($text);
}

function makeTboxData4Show($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function makeTboxData4Preview($text, $smiley=0)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
$text = $this->htmlSpecialChars($text);
return $text;
}

function makeTboxData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4Save($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->displayTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4Edit($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
$text = $this->previewTarea($text, $html, $smiley, $xcode);
return $text;
}

function makeTareaData4PreviewInForm($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
//if magic_quotes_gpc is on, do stipslashes
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}

function makeTareaData4InsideQuotes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsStripSlashesGPC($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->stripSlashesGPC($text);
}

function oopsStripSlashesRT($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
if (get_magic_quotes_runtime()) {
$text = stripslashes($text);
}
return $text;
}

function oopsAddSlashes($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->addSlashes($text);
}

function oopsHtmlSpecialChars($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->htmlSpecialChars($text);
}

function oopsNl2Br($text)
{
trigger_error(__CLASS__."::".__FUNCTION__.' is deprecated', E_USER_WARNING);
return $this->nl2br($text);
}
/**#@-*/
}
?>

Nitin Shah
Hypnosis is the fastest way to send messages to the mind

6

Re: extgallery hook hack and xoops 2.3.1

2008/10/28 12:06
urbanspacema
Quite a regular
Posts: 275
Since: 2004/9/19

Hello, my module.textsanitizer.php this is
but does not work ...

can you help me?
Tnx

hhttp://www.ultrasonica.it
http://www.noisecollective.net

7

Re: extgallery hook hack and xoops 2.3.1

2008/11/12 19:28
btesec
Friend of XOOPS
Posts: 623
Since: 2007/2/20

Also the "Nb Albums" column does not show the number of albums. can anyone help?

8

Re: extgallery hook hack and xoops 2.3.1

2010/8/16 5:34
serial-weber
Just popping in
Posts: 53
Since: 2008/4/28

Hi,

Can I use the hook hack with Extgallery 1.08 ??
Is there frenche translation?

Thanks

Stats
Goal:	$100.00
Due Date:	Nov 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

extgallery hook hack and xoops 2.3.1

Re: extgallery hook hack and xoops 2.3.1

Re: extgallery hook hack and xoops 2.3.1

Re: extgallery hook hack and xoops 2.3.1

Re: extgallery hook hack and xoops 2.3.1

Re: extgallery hook hack and xoops 2.3.1

Re: extgallery hook hack and xoops 2.3.1

Re: extgallery hook hack and xoops 2.3.1

Login

Search

Recent Posts

XOOPS MyMenus 1.54.0 Beta 10

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Re: XOOPS MyMenus 1.54.0 Beta 7

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}