1: | <?php
|
2: | |
3: | |
4: | |
5: | |
6: | |
7: | |
8: | |
9: | |
10: | |
11: | |
12: | |
13: | |
14: | |
15: | |
16: | |
17: | |
18: |
|
19: | defined('XOOPS_ROOT_PATH') || exit('Restricted access');
|
20: |
|
21: | |
22: | |
23: | |
24: | |
25: | |
26: | |
27: | |
28: |
|
29: | class MytsTextfilter extends MyTextSanitizerExtension
|
30: | {
|
31: | |
32: | |
33: | |
34: | |
35: | |
36: | |
37: |
|
38: | public function load($myts, $text, $force = false)
|
39: | {
|
40: | global $xoopsUser, $xoopsConfig, $xoopsUserIsAdmin;
|
41: | if (empty($force) && $xoopsUserIsAdmin) {
|
42: | return $text;
|
43: | }
|
44: |
|
45: |
|
46: | $text = $myts->filterXss($text);
|
47: |
|
48: | if (xoops_load('purifier', 'framework')) {
|
49: | $text = XoopsPurifier::purify($text);
|
50: |
|
51: | return $text;
|
52: | }
|
53: |
|
54: | $tags = array();
|
55: | $search = array();
|
56: | $replace = array();
|
57: | $config = parent::loadConfig(__DIR__);
|
58: | if (!empty($config['patterns'])) {
|
59: | foreach ($config['patterns'] as $pattern) {
|
60: | if (empty($pattern['search'])) {
|
61: | continue;
|
62: | }
|
63: | $search[] = $pattern['search'];
|
64: | $replace[] = $pattern['replace'];
|
65: | }
|
66: | }
|
67: | if (!empty($config['tags'])) {
|
68: | $tags = array_map('trim', $config['tags']);
|
69: | }
|
70: |
|
71: |
|
72: | $tags[] = 'SCRIPT';
|
73: | $tags[] = 'VBSCRIPT';
|
74: | $tags[] = 'JAVASCRIPT';
|
75: | foreach ($tags as $tag) {
|
76: | $search[] = '/<' . $tag . "[^>]*?>.*?<\/" . $tag . '>/si';
|
77: | $replace[] = ' [!' . strtoupper($tag) . ' FILTERED!] ';
|
78: | }
|
79: |
|
80: | $search[] = "/<META[^>\/]*HTTP-EQUIV=(['\"])?REFRESH(\\1)[^>\/]*?\/>/si";
|
81: | $replace[] = '';
|
82: |
|
83: |
|
84: |
|
85: |
|
86: | $search[] = "/<IFRAME[^>\/]*SRC=(['\"])?([^>\/]*)(\\1)[^>\/]*?\/>/si";
|
87: | $replace[] = " [!IFRAME FILTERED! \\2] ";
|
88: | $search[] = "/<IFRAME[^>]*?>([^<]*)<\/IFRAME>/si";
|
89: | $replace[] = " [!IFRAME FILTERED! \\1] ";
|
90: |
|
91: | $text = preg_replace($search, $replace, $text);
|
92: |
|
93: | return $text;
|
94: | }
|
95: | }
|
96: | |