XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
textfilter.php
Go to the documentation of this file.
1 <?php
20 defined('XOOPS_ROOT_PATH') or die('Restricted access');
21 
31 {
32  function load(&$ts, $text, $force = false)
33  {
35  if (empty($force) && $xoopsUserIsAdmin) {
36  return $text;
37  }
38  // Built-in fitlers for XSS scripts
39  // To be improved
40  $text = $ts->filterXss($text);
41 
42  if (xoops_load("purifier", "framework")) {
43  $text = XoopsPurifier::purify($text);
44  return $text;
45  }
46 
47  $tags = array();
48  $search = array();
49  $replace = array();
50  $config = parent::loadConfig(dirname(__FILE__));
51  if (!empty($config["patterns"])) {
52  foreach ($config["patterns"] as $pattern) {
53  if (empty($pattern['search']))
54  continue;
55  $search[] = $pattern['search'];
56  $replace[] = $pattern['replace'];
57  }
58  }
59  if (!empty($config["tags"])) {
60  $tags = array_map("trim", $config["tags"]);
61  }
62 
63  // Set embedded tags
64  $tags[] = "SCRIPT";
65  $tags[] = "VBSCRIPT";
66  $tags[] = "JAVASCRIPT";
67  foreach ($tags as $tag) {
68  $search[] = "/<" . $tag . "[^>]*?>.*?<\/" . $tag . ">/si";
69  $replace[] = " [!" . strtoupper($tag) . " FILTERED!] ";
70  }
71  // Set meta refresh tag
72  $search[] = "/<META[^>\/]*HTTP-EQUIV=(['\"])?REFRESH(\\1)[^>\/]*?\/>/si";
73  $replace[] = "";
74  // Sanitizing scripts in IMG tag
75  //$search[]= "/(<IMG[\s]+[^>\/]*SOURCE=)(['\"])?(.*)(\\2)([^>\/]*?\/>)/si";
76  //$replace[]="";
77  // Set iframe tag
78  $search[] = "/<IFRAME[^>\/]*SRC=(['\"])?([^>\/]*)(\\1)[^>\/]*?\/>/si";
79  $replace[] = " [!IFRAME FILTERED! \\2] ";
80  $search[] = "/<IFRAME[^>]*?>([^<]*)<\/IFRAME>/si";
81  $replace[] = " [!IFRAME FILTERED! \\1] ";
82  // action
83  $text = preg_replace($search, $replace, $text);
84  return $text;
85  }
86 }
87 ?>