NobuNobu
nobun****@users*****
2007年 1月 3日 (水) 23:56:07 JST
Index: xoops2jp/html/class/module.textsanitizer.php
diff -u xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.3 xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.4
--- xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.3 Sat Dec 9 23:11:48 2006
+++ xoops2jp/html/class/module.textsanitizer.php Wed Jan 3 23:56:07 2007
@@ -1,5 +1,5 @@
<?php
-// $Id: module.textsanitizer.php,v 1.2.8.9.2.3 2006/12/09 14:11:48 nobunobu Exp $
+// $Id: module.textsanitizer.php,v 1.2.8.9.2.4 2007/01/03 14:56:07 nobunobu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
@@ -172,6 +172,37 @@
}
/**
+ * Filters out invalid strings included in URL, if any
+ *
+ * @param array $matches
+ * @return string
+ */
+ function _filterImgUrl($matches)
+ {
+ if ($this->checkUrlString($matches[2])) {
+ return $matches[0];
+ } else {
+ return "";
+ }
+ }
+
+ /**
+ * Checks if invalid strings are included in URL
+ *
+ * @param string $text
+ * @return bool
+ */
+ function checkUrlString($text)
+ {
+ // Check control code
+ if (preg_match("/[\\0-\\31]/", $text)) {
+ return false;
+ }
+ // check black pattern(deprecated)
+ return !preg_match("/^(javascript|vbscript|about):/i", $text);
+ }
+
+ /**
* Convert linebreaks to <br /> tags
*
* @param string $text
@@ -244,6 +275,30 @@
}
/**
+ * Filters textarea data for display
+ * (This method makes overhead but needed for compatibility)
+ *
+ * @param string $text
+ * @param bool $html allow html?
+ * @param bool $smiley allow smileys?
+ * @param bool $xcode allow xoopscode?
+ * @param bool $image allow inline images?
+ * @param bool $br convert linebreaks?
+ * @return string
+ **/
+
+ function _ToShowTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) {
+ $text = $this->codePreConv($text, $xcode);
+ if ($html != 1) $text = $this->htmlSpecialChars($text);
+ $text = $this->makeClickable($text);
+ if ($smiley != 0) $text = $this->smiley($text);
+ if ($xcode != 0) $text = $this->xoopsCodeDecode($text, $image);
+ if ($br != 0) $text = $this->nl2Br($text);
+ $text = $this->codeConv($text, $xcode, $image);
+ return $text;
+ }
+
+ /**
* Filters textarea form data in DB for display
*
* @param string $text
@@ -256,7 +311,7 @@
**/
function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
- $text = $this->mTextFilter->ToShowTarea($text, $html, $smiley, $xcode, $image, $br, true);
+ $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br);
return $text;
}
@@ -274,7 +329,7 @@
function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
{
$text =& $this->stripSlashesGPC($text);
- $text = $this->mTextFilter->ToShowTarea($text, $html, $smiley, $xcode, $image, $br, true);
+ $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br);
return $text;
}
@@ -337,14 +392,14 @@
*/
function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
- $text = $this->mTextFilter->ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1, true);
+ $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
return $text;
}
function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
{
$text = $this->oopsStripSlashesGPC($text);
- $text = $this->mTextFilter->ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1, true);
+ $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
return $text;
}