XOOPS  2.6.0
textfilter.php
Go to the documentation of this file.
1 <?php
2 /*
3  You may not change or alter any portion of this comment or credits
4  of supporting developers from this source code or any supporting source code
5  which is considered copyrighted (c) material of the original comment or credit authors.
6 
7  This program is distributed in the hope that it will be useful,
8  but WITHOUT ANY WARRANTY; without even the implied warranty of
9  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 */
11 
25 {
32  public function load(MyTextSanitizer &$ts, $text, $force = false)
33  {
35  if (empty($force) && $xoops->userIsAdmin) {
36  return $text;
37  }
38  // Built-in fitlers for XSS scripts
39  // To be improved
40  $text = $ts->filterXss($text);
41 
42  if (XoopsLoad::load("purifier", "framework")) {
43  $text = XoopsPurifier::purify($text);
44  return $text;
45  }
46 
47  $tags = array();
48  $search = array();
49  $replace = array();
50  $config = parent::loadConfig(__DIR__);
51  if (!empty($config["patterns"])) {
52  foreach ($config["patterns"] as $pattern) {
53  if (empty($pattern['search'])) {
54  continue;
55  }
56  $search[] = $pattern['search'];
57  $replace[] = $pattern['replace'];
58  }
59  }
60  if (!empty($config["tags"])) {
61  $tags = array_map("trim", $config["tags"]);
62  }
63 
64  // Set embedded tags
65  $tags[] = "SCRIPT";
66  $tags[] = "VBSCRIPT";
67  $tags[] = "JAVASCRIPT";
68  foreach ($tags as $tag) {
69  $search[] = "/<" . $tag . "[^>]*?>.*?<\/" . $tag . ">/si";
70  $replace[] = " [!" . strtoupper($tag) . " FILTERED!] ";
71  }
72  // Set meta refresh tag
73  $search[] = "/<META[^>\/]*HTTP-EQUIV=(['\"])?REFRESH(\\1)[^>\/]*?\/>/si";
74  $replace[] = "";
75  // Sanitizing scripts in IMG tag
76  //$search[]= "/(<IMG[\s]+[^>\/]*SOURCE=)(['\"])?(.*)(\\2)([^>\/]*?\/>)/si";
77  //$replace[]="";
78  // Set iframe tag
79  $search[] = "/<IFRAME[^>\/]*SRC=(['\"])?([^>\/]*)(\\1)[^>\/]*?\/>/si";
80  $replace[] = " [!IFRAME FILTERED! \\2] ";
81  $search[] = "/<IFRAME[^>]*?>([^<]*)<\/IFRAME>/si";
82  $replace[] = " [!IFRAME FILTERED! \\1] ";
83  // action
84  $text = preg_replace($search, $replace, $text);
85  return $text;
86  }
87 }
static getInstance()
Definition: Xoops.php:160
$text
Definition: qrrender.php:27
$search
Definition: index.php:28
$xoops
Definition: admin.php:25
static load($name, $type="core")
Definition: xoopsload.php:65
load(MyTextSanitizer &$ts, $text, $force=false)
Definition: textfilter.php:32