NobuNobu
nobun****@users*****
2007年 1月 3日 (水) 23:56:07 JST
Index: xoops2jp/html/class/module.textsanitizer.php diff -u xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.3 xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.4 --- xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.3 Sat Dec 9 23:11:48 2006 +++ xoops2jp/html/class/module.textsanitizer.php Wed Jan 3 23:56:07 2007 @@ -1,5 +1,5 @@ <?php -// $Id: module.textsanitizer.php,v 1.2.8.9.2.3 2006/12/09 14:11:48 nobunobu Exp $ +// $Id: module.textsanitizer.php,v 1.2.8.9.2.4 2007/01/03 14:56:07 nobunobu Exp $ // ------------------------------------------------------------------------ // // XOOPS - PHP Content Management System // // Copyright (c) 2000 XOOPS.org // @@ -172,6 +172,37 @@ } /** + * Filters out invalid strings included in URL, if any + * + * @param array $matches + * @return string + */ + function _filterImgUrl($matches) + { + if ($this->checkUrlString($matches[2])) { + return $matches[0]; + } else { + return ""; + } + } + + /** + * Checks if invalid strings are included in URL + * + * @param string $text + * @return bool + */ + function checkUrlString($text) + { + // Check control code + if (preg_match("/[\\0-\\31]/", $text)) { + return false; + } + // check black pattern(deprecated) + return !preg_match("/^(javascript|vbscript|about):/i", $text); + } + + /** * Convert linebreaks to <br /> tags * * @param string $text @@ -244,6 +275,30 @@ } /** + * Filters textarea data for display + * (This method makes overhead but needed for compatibility) + * + * @param string $text + * @param bool $html allow html? + * @param bool $smiley allow smileys? + * @param bool $xcode allow xoopscode? + * @param bool $image allow inline images? + * @param bool $br convert linebreaks? + * @return string + **/ + + function _ToShowTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { + $text = $this->codePreConv($text, $xcode); + if ($html != 1) $text = $this->htmlSpecialChars($text); + $text = $this->makeClickable($text); + if ($smiley != 0) $text = $this->smiley($text); + if ($xcode != 0) $text = $this->xoopsCodeDecode($text, $image); + if ($br != 0) $text = $this->nl2Br($text); + $text = $this->codeConv($text, $xcode, $image); + return $text; + } + + /** * Filters textarea form data in DB for display * * @param string $text @@ -256,7 +311,7 @@ **/ function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { - $text = $this->mTextFilter->ToShowTarea($text, $html, $smiley, $xcode, $image, $br, true); + $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br); return $text; } @@ -274,7 +329,7 @@ function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) { $text =& $this->stripSlashesGPC($text); - $text = $this->mTextFilter->ToShowTarea($text, $html, $smiley, $xcode, $image, $br, true); + $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br); return $text; } @@ -337,14 +392,14 @@ */ function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) { - $text = $this->mTextFilter->ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1, true); + $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1); return $text; } function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1) { $text = $this->oopsStripSlashesGPC($text); - $text = $this->mTextFilter->ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1, true); + $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1); return $text; }