3
Thank you so much, but still nothing
I copy the whole lot for you
// $Id: module.textsanitizer.php,v 1.25 2004/06/14 14:22:11 skalpa Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
// <
https://xoops.org/> //
// ------------------------------------------------------------------------ //
// This program is free software; you can redistribute it and/or modify //
// it under the terms of the GNU General Public License as published by //
// the Free Software Foundation; either version 2 of the License, or //
// (at your option) any later version. //
// //
// You may not change or alter any portion of this comment or credits //
// of supporting developers from this source code or any supporting //
// source code which is considered copyrighted (c) material of the //
// original comment or credit authors. //
// //
// This program is distributed in the hope that it will be useful, //
// but WITHOUT ANY WARRANTY; without even the implied warranty of //
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
// GNU General Public License for more details. //
// //
// You should have received a copy of the GNU General Public License //
// along with this program; if not, write to the Free Software //
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
// ------------------------------------------------------------------------ //
// Author: Kazumi Ono (
http://www.myweb.ne.jp/,
http://www.xoopscube.jp/) //
// Goghs Cheng (
http://www.eqiao.com,
http://www.devbeez.com/) //
// Project: The XOOPS Project (
https://xoops.org/) //
// ------------------------------------------------------------------------- //
/**
* Class to "clean up" text for various uses
*
*
Singleton *
* @package kernel
* @subpackage core
*
* @author Kazumi Ono
* @author Goghs Cheng
* @copyright (c) 2000-2003 The XOOPS Project - http://www.xoops.org
*/
class MyTextSanitizer
{
/**
* @var array
*/
var $smileys = array();
/**
*
*/
var $censorConf;
/*
* Constructor of this class
*
* Gets allowed html tags from admin config settings
*
should not be allowed since nl2br will be used
* when storing data.
*
* @access private
*
* @todo Sofar, this does nuttin' 
*/
function MyTextSanitizer()
{
}
/**
* Access the only instance of this class
*
* @return object
*
* @static
* @staticvar object
*/
function &getInstance()
{
static $instance;
if (!isset($instance)) {
$instance = new MyTextSanitizer();
}
return $instance;
}
/**
* Get the smileys
*
* @return array
*/
function getSmileys()
{
return $this->smileys;
}
/**
* Replace emoticons in the message with smiley images
*
* @param string $message
*
* @return string
*/
function &smiley($message)
{
$db =& Database::getInstance();
if (empty($this->smileys)) {
if ($getsmiles = $db->query("SELECT * FROM ".$db->prefix("smiles"))){
while ($smiles = $db->fetchArray($getsmiles)) {
$message =& str_replace($smiles['code'], '.')
', $message);
array_push($this->smileys, $smiles);
}
}
} else {
foreach ($this->smileys as $smile) {
$message =& str_replace($smile['code'], '.')
', $message);
}
}
return $message;
}
/**
* Make links in the text clickable
*
* @param string $text
* @return string
**/
function &makeClickable(&$text)
{
$patterns = array("/(^|[^]_a-z0-9-=\"'\/])([a-z]+?):\/\/([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/])ftp\.([a-z0-9\-]+)\.([^, \r\n\"\(\)'<>]+)/i", "/(^|[^]_a-z0-9-=\"'\/:\.])([a-z0-9\-_\.]+?)@([^, \r\n\"\(\)'<>\[\]]+)/i");
$replacements = array("\\1\\2://\\3", "\\1http://www.\\2.\\3", "\\1ftp.\\2.\\3", "\\1\\2@\\3");
return preg_replace($patterns, $replacements, $text);
}
/**
* Multilanguage Hack by marcan, hsalazar, chad and many other Xoopsers ;)
*
* Return only the portion of text related to the selected language
*
* @param string $text
* @return string
**/
function &formatForML(&$text)
{
$patterns = array();
$replacements = array();
global $xoopsConfig;
// LANGUAGE DEFINITION TAGS BEGINS HERE
/**
* Language : japanese
* Tags : [jp]...[/jp]
**/
$patterns[] = "/\[jp](.*)\[\/jp\]/sU";
if ($xoopsConfig['language'] == "japanese") {
$replacements[] = '\\1';
} else {
$replacements[] = "";
}
/** End of japanese language tags definition **/
/**
* Language : english
* Tags : [en]...[/en]
**/
$patterns[] = "/\[en](.*)\[\/en\]/sU";
if ($xoopsConfig['language'] == "english") {
$replacements[] = '\\1';
} else {
$replacements[] = "";
}
/** End of english language tags definition **/
// LANGUAGE DEFINITION TAGS ENDS HERE
return preg_replace($patterns, $replacements, $text);
}
/**
* Replace XoopsCodes with their equivalent HTML formatting
*
* @param string $text
* @param bool $allowimage Allow images in the text?
* On FALSE, uses links to images.
* @return string
**/
// ML Hack by marcan
// function &xoopsCodeDecode(&$text, $allowimage = 1)
function &xoopsCodeDecode(&$text, $allowimage = 1, $formatML = 1)
// End of ML Hack by marcan
{
$patterns = array();
$replacements = array();
// ML Hack by marcan
If ($formatML) {
$text =& $this->formatForML($text);
}
// End of ML hack by marcan
//$patterns[] = "/\ (.*)[/code]/esU";
//$replacements[] = "''
// RMV: added new markup for intrasite url (allows easier site moves)
// TODO: automatically convert other URLs to this format if XOOPS_URL matches??
$patterns[] = "/[siteurl=(['"]?)([^"'<>]*)\1](.*)[/siteurl]/sU";
$replacements[] = '/\2" target="_blank">\3';
$patterns[] = "/[url=(['"]?)(http[s]?://[^"'<>]*)\1](.*)[/url]/sU";
$replacements[] = '\2" target="_blank">\3';
$patterns[] = "/[url=(['"]?)(ftp?://[^"'<>]*)\1](.*)[/url]/sU";
$replacements[] = '\2" target="_blank">\3';
$patterns[] = "/[url=(['"]?)([^"'<>]*)\1](.*)[/url]/sU";
$replacements[] = 'http://\2" target="_blank">\3';
$patterns[] = "/[color=(['"]?)([a-zA-Z0-9]*)\1](.*)[/color]/sU";
$replacements[] = 'color: #\2;">\3';
$patterns[] = "/[size=(['"]?)([a-z0-9-]*)\1](.*)[/size]/sU";
$replacements[] = 'font-size: \2;">\3';
$patterns[] = "/[font=(['"]?)([^;<>*()"']*)\1](.*)[/font]/sU";
$replacements[] = 'font-family: \2;">\3';
$patterns[] = "/[email]([^;<>*()"']*)[/email]/sU";
$replacements[] = '\1';
$patterns[] = "/[b](.*)[/b]/sU";
$replacements[] = '\1';
$patterns[] = "/[i](.*)[/i]/sU";
$replacements[] = '\1';
$patterns[] = "/[u](.*)[/u]/sU";
$replacements[] = '\1';
$patterns[] = "/[d](.*)[/d]/sU";
$replacements[] = '\1';
//$patterns[] = "/[li](.*)[/li]/sU";
//$replacements[] = '\1';
$patterns[] = "/[img align=(['"]?)(left|center|right)\1]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img align=(['"]?)(left|center|right)\1 id=(['"]?)([0-9]*)\3]([^"()?&'<>]*)[/img]/sU";
$patterns[] = "/[img id=(['"]?)([0-9]*)\1]([^"()?&'<>]*)[/img]/sU";
if ($allowimage != 1) {
$replacements[] = '\3';
$replacements[] = '\1';
$replacements[] = '.XOOPS_URL.'/image.php?id=\4" target="_blank">\4';
$replacements[] = '.XOOPS_URL.'/image.php?id=\2" target="_blank">\3';
} else {
$replacements[] = '';
$replacements[] = '';
$replacements[] = '.XOOPS_URL.'/image.php?id=\4" align="\2" alt="\4" />';
$replacements[] = '.XOOPS_URL.'/image.php?id=\2" alt="\3" />';
}
$patterns[] = "/[quote]/sU";
$replacements[] = _QUOTEC.''
;
//$replacements[] = 'Quote: ';
$patterns[] = "/[/quote]/sU";
$replacements[] = ''
;
$patterns[] = "/javascript:/si";
$replacements[] = "java script:";
$patterns[] = "/about:/si";
$replacements[] = "about :";
return preg_replace($patterns, $replacements, $text);
}
/**
* Convert linebreaks to tags
*
* @param string $text
*
* @return string
*/
function &nl2Br($text)
{
return preg_replace("/(�15�12)|(�15)|(�12)/","",$text);
}
/**
* Add slashes to the text if magic_quotes_gpc is turned off.
*
* @param string $text
* @return string
**/
function &addSlashes($text)
{
if (!get_magic_quotes_gpc()) {
$text =& addslashes($text);
}
return $text;
}
/*
* if magic_quotes_gpc is on, stirip back slashes
*
* @param string $text
*
* @return string
*/
function &stripSlashesGPC($text)
{
if (get_magic_quotes_gpc()) {
$text =& stripslashes($text);
}
return $text;
}
/*
* for displaying data in html textbox forms
*
* @param string $text
*
* @return string
*/
function &htmlSpecialChars($text)
{
//return preg_replace("/&/i", '&', htmlspecialchars($text, ENT_QUOTES));
return preg_replace(array("/&/i", "/ /i"), array('&', ' '), htmlspecialchars($text, ENT_QUOTES));
}
/**
* Reverses {@link htmlSpecialChars()}
*
* @param string $text
* @return string
**/
function &undoHtmlSpecialChars(&$text)
{
return preg_replace(array("/>/i", "/, "/"/i", "/'/i"), array(">", "<", """, "'"), $text);
}
/**
* Filters textarea form data in DB for display
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
// ML Hack by marcan
// function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1, $formatML = 1)
// End of ML Hack by marcan
{
if ($html != 1) {
// html not allowed
$text =& $this->htmlSpecialChars($text);
}
$text =& $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
$text =& $this->makeClickable($text);
if ($smiley != 0) {
// process smiley
$text =& $this->smiley($text);
}
if ($xcode != 0) {
// decode xcode
if ($image != 0) {
// image allowed
// ML Hack by marcan
// $text =& $this->xoopsCodeDecode($text);
$text =& $this->xoopsCodeDecode($text, 1, $formatML);
// End of ML Hack by marcan
} else {
// image not allowed
// ML Hack by marcan
// $text =& $this->xoopsCodeDecode($text, 0);
$text =& $this->xoopsCodeDecode($text, 0, $formatML);
// End of ML Hack by marcan
}
}
if ($br != 0) {
$text =& $this->nl2Br($text);
}
$text =& $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18)
return $text;
}
/**
* Filters textarea form data submitted for preview
*
* @param string $text
* @param bool $html allow html?
* @param bool $smiley allow smileys?
* @param bool $xcode allow xoopscode?
* @param bool $image allow inline images?
* @param bool $br convert linebreaks?
* @return string
**/
function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
$text =& $this->stripSlashesGPC($text);
if ($html != 1) {
// html not allowed
$text =& $this->htmlSpecialChars($text);
}
$text =& $this->codePreConv($text, $xcode); // Ryuji_edit(2003-11-18)
$text =& $this->makeClickable($text);
if ($smiley != 0) {
// process smiley
$text =& $this->smiley($text);
}
if ($xcode != 0) {
// decode xcode
if ($image != 0) {
// image allowed
$text =& $this->xoopsCodeDecode($text);
} else {
// image not allowed
$text =& $this->xoopsCodeDecode($text, 0);
}
}
if ($br != 0) {
$text =& $this->nl2Br($text);
}
$text =& $this->codeConv($text, $xcode, $image); // Ryuji_edit(2003-11-18)
return $text;
}
/**
* Replaces banned words in a string with their replacements
*
* @param string $text
* @return string
*
* @deprecated
**/
function &censorString(&$text)
{
if (!isset($this->censorConf)) {
$config_handler =& xoops_gethandler('config');
$this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR);
}
if ($this->censorConf['censor_enable'] == 1) {
$replacement = $this->censorConf['censor_replace'];
foreach ($this->censorConf['censor_words'] as $bad) {
if ( !empty($bad) ) {
$bad = quotemeta($bad);
$patterns[] = "/(s)".$bad."/siU";
$replacements[] = "\1".$replacement;
$patterns[] = "/^".$bad."/siU";
$replacements[] = $replacement;
$patterns[] = "/(n)".$bad."/siU";
$replacements[] = "\1".$replacement;
$patterns[] = "/]".$bad."/siU";
$replacements[] = "]".$replacement;
$text = preg_replace($patterns, $replacements, $text);
}
}
}
return $text;
}
/**#@+
* Sanitizing of [code] tag
*/
function codePreConv($text, $xcode = 1) {
if($xcode != 0){
$patterns = "/[code](.*)[/code]/esU";
$replacements = "'[code]'.base64_encode('$1').' '";
$text = preg_replace($patterns, $replacements, $text);
}
return $text;
}
function codeConv($text, $xcode = 1, $image = 1){
if($xcode != 0){
$patterns = "/\[code](.*)\[\/code\]/esU";
if ($image != 0) {
// image allowed
$replacements = "'
'.MyTextSanitizer::codeSanitizer('$1').''";
//$text =& $this->xoopsCodeDecode($text);
} else {
// image not allowed
$replacements = "'
'.MyTextSanitizer::codeSanitizer('$1', 0).''";
//$text =& $this->xoopsCodeDecode($text, 0);
}
$text = preg_replace($patterns, $replacements, $text);
}
return $text;
}
function codeSanitizer($str, $image = 1){
if($image != 0){
$str = $this->xoopsCodeDecode(
$this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str)))
);
}else{
$str = $this->xoopsCodeDecode(
$this->htmlSpecialChars(str_replace('\"', '"', base64_decode($str))),0
);
}
return $str;
}
/**#@-*/
##################### Deprecated Methods ######################
/**#@+
* @deprecated
*/
function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}
function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
$text = $this->oopsStripSlashesGPC($text);
if ( $allowhtml == 0 ) {
$text = $this->htmlSpecialChars($text);
} else {
//$config =& $GLOBALS['xoopsConfig'];
//$allowed = $config['allowed_html'];
//$text = strip_tags($text, $allowed);
$text = $this->makeClickable($text);
}
if ( $smiley == 1 ) {
$text = $this->smiley($text);
}
if ( $bbcode == 1 ) {
$text = $this->xoopsCodeDecode($text);
}
$text = $this->nl2Br($text);
return $text;
}
function makeTboxData4Save($text)
{
//$text = $this->undoHtmlSpecialChars($text);
return $this->addSlashes($text);
}
function makeTboxData4Show($text, $smiley=0)
{
$text = $this->htmlSpecialChars($text);
// MT hack added by hsalazar //
$text =& $this->xoopsCodeDecode($text, 0);
// MT hack added by hsalazar //
return $text;
}
function makeTboxData4Edit($text)
{
return $this->htmlSpecialChars($text);
}
function makeTboxData4Preview($text, $smiley=0)
{
$text = $this->stripSlashesGPC($text);
$text = $this->htmlSpecialChars($text);
// MT hack added by hsalazar //
$text =& $this->xoopsCodeDecode($text, 0);
// MT hack added by hsalazar //
return $text;
}
function makeTboxData4PreviewInForm($text)
{
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}
function makeTareaData4Save($text)
{
return $this->addSlashes($text);
}
function &makeTareaData4Show(&$text, $html=1, $smiley=1, $xcode=1)
{
return $this->displayTarea($text, $html, $smiley, $xcode);
}
function makeTareaData4Edit($text)
{
return $this->htmlSpecialChars($text);
}
function &makeTareaData4Preview(&$text, $html=1, $smiley=1, $xcode=1)
{
return $this->previewTarea($text, $html, $smiley, $xcode);
}
function makeTareaData4PreviewInForm($text)
{
//if magic_quotes_gpc is on, do stipslashes
$text = $this->stripSlashesGPC($text);
return $this->htmlSpecialChars($text);
}
function makeTareaData4InsideQuotes($text)
{
return $this->htmlSpecialChars($text);
}
function &oopsStripSlashesGPC($text)
{
return $this->stripSlashesGPC($text);
}
function &oopsStripSlashesRT($text)
{
if (get_magic_quotes_runtime()) {
$text =& stripslashes($text);
}
return $text;
}
function &oopsAddSlashes($text)
{
return $this->addSlashes($text);
}
function &oopsHtmlSpecialChars($text)
{
return $this->htmlSpecialChars($text);
}
function &oopsNl2Br($text)
{
return $this->nl2br($text);
}
/**#@-*/
}
?>
