[xoops-cvslog 6080] CVS update: xoops2jp/html/class

Back to archive index

NobuNobu nobun****@users*****
2007年 1月 3日 (水) 23:56:07 JST


Index: xoops2jp/html/class/module.textsanitizer.php
diff -u xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.3 xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.4
--- xoops2jp/html/class/module.textsanitizer.php:1.2.8.9.2.3	Sat Dec  9 23:11:48 2006
+++ xoops2jp/html/class/module.textsanitizer.php	Wed Jan  3 23:56:07 2007
@@ -1,5 +1,5 @@
 <?php
-// $Id: module.textsanitizer.php,v 1.2.8.9.2.3 2006/12/09 14:11:48 nobunobu Exp $
+// $Id: module.textsanitizer.php,v 1.2.8.9.2.4 2007/01/03 14:56:07 nobunobu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -172,6 +172,37 @@
     }
 
     /**
+     * Filters out invalid strings included in URL, if any
+     *
+     * @param   array  $matches
+     * @return  string
+     */
+    function _filterImgUrl($matches)
+    {
+        if ($this->checkUrlString($matches[2])) {
+            return $matches[0];
+        } else {
+            return "";
+        }
+    }
+
+    /**
+     * Checks if invalid strings are included in URL
+     *
+     * @param   string  $text
+     * @return  bool
+     */
+    function checkUrlString($text)
+    {
+        // Check control code
+        if (preg_match("/[\\0-\\31]/", $text)) {
+            return false;
+        }
+        // check black pattern(deprecated)
+        return !preg_match("/^(javascript|vbscript|about):/i", $text);
+    }
+
+    /**
      * Convert linebreaks to <br /> tags
      *
      * @param   string  $text
@@ -244,6 +275,30 @@
     }
 
     /**
+     * Filters textarea data for display
+     * (This method makes overhead but needed for compatibility)
+     *
+     * @param   string  $text
+     * @param   bool    $html   allow html?
+     * @param   bool    $smiley allow smileys?
+     * @param   bool    $xcode  allow xoopscode?
+     * @param   bool    $image  allow inline images?
+     * @param   bool    $br     convert linebreaks?
+     * @return  string
+     **/
+    
+    function _ToShowTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) {
+        $text = $this->codePreConv($text, $xcode);
+        if ($html != 1) $text = $this->htmlSpecialChars($text);
+        $text = $this->makeClickable($text);
+        if ($smiley != 0) $text = $this->smiley($text);
+        if ($xcode != 0) $text = $this->xoopsCodeDecode($text, $image);
+        if ($br != 0) $text = $this->nl2Br($text);
+        $text = $this->codeConv($text, $xcode, $image);
+        return $text;
+    }
+
+    /**
      * Filters textarea form data in DB for display
      *
      * @param   string  $text
@@ -256,7 +311,7 @@
      **/
     function &displayTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
     {
-        $text = $this->mTextFilter->ToShowTarea($text, $html, $smiley, $xcode, $image, $br, true);
+        $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br);
         return $text;
     }
 
@@ -274,7 +329,7 @@
     function &previewTarea(&$text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
     {
         $text =& $this->stripSlashesGPC($text);
-        $text = $this->mTextFilter->ToShowTarea($text, $html, $smiley, $xcode, $image, $br, true);
+        $text = $this->_ToShowTarea($text, $html, $smiley, $xcode, $image, $br);
         return $text;
     }
 
@@ -337,14 +392,14 @@
      */
     function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
     {
-        $text = $this->mTextFilter->ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1, true);
+        $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
         return $text;
     }
 
     function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
     {
         $text = $this->oopsStripSlashesGPC($text);
-        $text = $this->mTextFilter->ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1, true);
+        $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
         return $text;
     }
 


xoops-cvslog メーリングリストの案内
Back to archive index