1: <?php
2: 3: 4: 5: 6: 7: 8: 9: 10:
11:
12: namespace Xoops\Core\Text\Sanitizer\Extensions;
13:
14: use Xoops\Core\Text\Sanitizer;
15: use Xoops\Core\Text\Sanitizer\FilterAbstract;
16:
17: 18: 19: 20: 21: 22: 23: 24: 25: 26:
27: class TextFilter extends FilterAbstract
28: {
29: 30: 31:
32: protected static $defaultConfiguration = [
33: 'enabled' => false,
34: 'tags' => array(),
35: 'patterns' => [
36: 'search' => '',
37: 'replace' => '',
38: ],
39: ];
40:
41: 42: 43: 44: 45: 46: 47: 48:
49: public function applyFilter($text, $force = true)
50: {
51: $xoops = \Xoops::getInstance();
52: if (!$force && $xoops->userIsAdmin) {
53: return $text;
54: }
55:
56: if (class_exists('\HTMLPurifier')) {
57: $config = \HTMLPurifier_Config::createDefault();
58: $purifier = new \HTMLPurifier($config);
59: $text = $purifier->purify($text);
60: return $text;
61: }
62:
63: $tags = array();
64: $search = array();
65: $replace = array();
66: $config = $this->config;
67: if (!empty($config["patterns"])) {
68: foreach ($config["patterns"] as $pattern) {
69: if (empty($pattern['search'])) {
70: continue;
71: }
72: $search[] = $pattern['search'];
73: $replace[] = $pattern['replace'];
74: }
75: }
76: if (!empty($config["tags"])) {
77: $tags = array_map("trim", $config["tags"]);
78: }
79:
80:
81: $tags[] = "SCRIPT";
82: $tags[] = "VBSCRIPT";
83: $tags[] = "JAVASCRIPT";
84: foreach ($tags as $tag) {
85: $search[] = "/<" . $tag . "[^>]*?>.*?<\/" . $tag . ">/si";
86: $replace[] = " [!" . strtoupper($tag) . " FILTERED!] ";
87: }
88:
89: $search[] = "/<META[^>\/]*HTTP-EQUIV=(['\"])?REFRESH(\\1)[^>\/]*?\/>/si";
90: $replace[] = "";
91:
92:
93:
94:
95: $search[] = "/<IFRAME[^>\/]*SRC=(['\"])?([^>\/]*)(\\1)[^>\/]*?\/>/si";
96: $replace[] = " [!IFRAME FILTERED! \\2] ";
97: $search[] = "/<IFRAME[^>]*?>([^<]*)<\/IFRAME>/si";
98: $replace[] = " [!IFRAME FILTERED! \\1] ";
99:
100: $text = preg_replace($search, $replace, $text);
101: return $text;
102: }
103: }
104: