File class\textsanitizer\textfilter\textfilter.php

1:	<?php
2:	/**
3:	* TextSanitizer extension
4:	*
5:	* You may not change or alter any portion of this comment or credits
6:	* of supporting developers from this source code or any supporting source code
7:	* which is considered copyrighted (c) material of the original comment or credit authors.
8:	* This program is distributed in the hope that it will be useful,
9:	* but WITHOUT ANY WARRANTY; without even the implied warranty of
10:	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11:	*
12:	* @copyright (c) 2000-2016 XOOPS Project (www.xoops.org)
13:	* @license GNU GPL 2 (https://www.gnu.org/licenses/gpl-2.0.html)
14:	* @package class
15:	* @subpackage textsanitizer
16:	* @since 2.3.0
17:	* @author Taiwen Jiang <phppp@users.sourceforge.net>
18:	*/
19:	defined('XOOPS_ROOT_PATH') \|\| exit('Restricted access');
20:
21:	/**
22:	* Filter out possible malicious text
23:	* kses project at SF could be a good solution to check
24:	*
25:	* @param string $text text to filter
26:	* @param bool $force flag indicating to force filtering
27:	* @return string filtered text
28:	*/
29:	class MytsTextfilter extends MyTextSanitizerExtension
30:	{
31:	/**
32:	* @param MyTextSanitizer $myts
33:	* @param $text
34:	* @param bool $force
35:	*
36:	* @return mixed
37:	*/
38:	public function load($myts, $text, $force = false)
39:	{
40:	global $xoopsUser, $xoopsConfig, $xoopsUserIsAdmin;
41:	if (empty($force) && $xoopsUserIsAdmin) {
42:	return $text;
43:	}
44:	// Built-in filters for XSS scripts
45:	// To be improved
46:	$text = $myts->filterXss($text);
47:
48:	if (xoops_load('purifier', 'framework')) {
49:	$text = XoopsPurifier::purify($text);
50:
51:	return $text;
52:	}
53:
54:	$tags = array();
55:	$search = array();
56:	$replace = array();
57:	$config = parent::loadConfig(__DIR__);
58:	if (!empty($config['patterns'])) {
59:	foreach ($config['patterns'] as $pattern) {
60:	if (empty($pattern['search'])) {
61:	continue;
62:	}
63:	$search[] = $pattern['search'];
64:	$replace[] = $pattern['replace'];
65:	}
66:	}
67:	if (!empty($config['tags'])) {
68:	$tags = array_map('trim', $config['tags']);
69:	}
70:
71:	// Set embedded tags
72:	$tags[] = 'SCRIPT';
73:	$tags[] = 'VBSCRIPT';
74:	$tags[] = 'JAVASCRIPT';
75:	foreach ($tags as $tag) {
76:	$search[] = '/<' . $tag . "[^>]?>.?<\/" . $tag . '>/si';
77:	$replace[] = ' [!' . strtoupper($tag) . ' FILTERED!] ';
78:	}
79:	// Set meta refresh tag
80:	$search[] = "/<META[^>\/]HTTP-EQUIV=(['\"])?REFRESH(\\1)[^>\/]?\/>/si";
81:	$replace[] = '';
82:	// Sanitizing scripts in IMG tag
83:	//$search[]= "/(<IMG[\s]+[^>\/]SOURCE=)(['\"])?(.)(\\2)([^>\/]*?\/>)/si";
84:	//$replace[]="";
85:	// Set iframe tag
86:	$search[] = "/<IFRAME[^>\/]SRC=(['\"])?([^>\/])(\\1)[^>\/]*?\/>/si";
87:	$replace[] = " [!IFRAME FILTERED! \\2] ";
88:	$search[] = "/<IFRAME[^>]?>([^<])<\/IFRAME>/si";
89:	$replace[] = " [!IFRAME FILTERED! \\1] ";
90:	// action
91:	$text = preg_replace($search, $replace, $text);
92:
93:	return $text;
94:	}
95:	}
96:

Namespaces

Classes

Interfaces

Exceptions

Functions