1: <?php
2: // $Id: module.textsanitizer.php,v 1.1 2007/05/15 02:34:21 minahito Exp $
3: // ------------------------------------------------------------------------ //
4: // XOOPS - PHP Content Management System //
5: // Copyright (c) 2000 XOOPS.org //
6: // <http://www.xoops.org/> //
7: // ------------------------------------------------------------------------ //
8: // This program is free software; you can redistribute it and/or modify //
9: // it under the terms of the GNU General Public License as published by //
10: // the Free Software Foundation; either version 2 of the License, or //
11: // (at your option) any later version. //
12: // //
13: // You may not change or alter any portion of this comment or credits //
14: // of supporting developers from this source code or any supporting //
15: // source code which is considered copyrighted (c) material of the //
16: // original comment or credit authors. //
17: // //
18: // This program is distributed in the hope that it will be useful, //
19: // but WITHOUT ANY WARRANTY; without even the implied warranty of //
20: // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the //
21: // GNU General Public License for more details. //
22: // //
23: // You should have received a copy of the GNU General Public License //
24: // along with this program; if not, write to the Free Software //
25: // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA //
26: // ------------------------------------------------------------------------ //
27: // Author: Kazumi Ono (http://www.myweb.ne.jp/, http://jp.xoops.org/) //
28: // Goghs Cheng (http://www.eqiao.com, http://www.devbeez.com/) //
29: // Project: The XOOPS Project (http://www.xoops.org/) //
30: // ------------------------------------------------------------------------- //
31:
32: /**
33: * Class to "clean up" text for various uses
34: *
35: * <b>Singleton</b>
36: *
37: * @package kernel
38: * @subpackage core
39: *
40: * @author Kazumi Ono <onokazu@xoops.org>
41: * @author Goghs Cheng
42: * @copyright (c) 2000-2003 The Xoops Project - www.xoops.org
43: */
44: class MyTextSanitizer
45: {
46: /**
47: *
48: */
49: var $censorConf;
50:
51: /**
52: * @var XCube_TextFilter
53: */
54: var $mTextFilter = null;
55:
56: /**
57: * @var XCube_Delegate
58: * @deprecated
59: */
60: var $mMakeClickablePostFilter = null;
61:
62: /**
63: * @var XCube_Delegate
64: * @deprecated
65: */
66: var $mXoopsCodePostFilter = null;
67:
68: /*
69: * Constructor of this class
70: *
71: * Gets allowed html tags from admin config settings
72: * <br> should not be allowed since nl2br will be used
73: * when storing data.
74: *
75: * @access private
76: *
77: * @todo Sofar, this does nuttin' ;-)
78: */
79: function MyTextSanitizer()
80: {
81:
82: $this->mMakeClickablePostFilter =new XCube_Delegate();
83: $this->mMakeClickablePostFilter->register('MyTextSanitizer.MakeClickablePostFilter');
84:
85: $this->mXoopsCodePostFilter =new XCube_Delegate();
86: $this->mXoopsCodePostFilter->register('MyTextSanitizer.XoopsCodePostFilter');
87:
88: $root =& XCube_Root::getSingleton();
89: $this->mTextFilter =& $root->getTextFilter();
90:
91: }
92:
93: /**
94: * Access the only instance of this class
95: *
96: * @return object
97: *
98: * @static
99: * @staticvar object
100: */
101: public function &getInstance()
102: {
103: static $instance;
104: if (!isset($instance)) {
105: $instance = new MyTextSanitizer();
106: }
107: return $instance;
108: }
109:
110: /**
111: * Get the smileys
112: *
113: * @return array
114: */
115: function getSmileys()
116: {
117: return $this->mTextFilter->getSmileys();
118: }
119:
120: /**
121: * Replace emoticons in the message with smiley images
122: *
123: * @param string $message
124: *
125: * @return string
126: */
127: function &smiley($text)
128: {
129: $text = $this->mTextFilter->smiley($text);
130: return $text;
131: }
132:
133: /**
134: * Make links in the text clickable
135: *
136: * @param string $text
137: * @return string
138: **/
139: function &makeClickable($text)
140: {
141: $text = $this->mTextFilter->makeClickable($text);
142:
143: // RaiseEvent : 'MyTextSanitizer.MakeClickablePostFilter'
144: // Delegate may convert output text with quickApplyFilter rule
145: // Args :
146: // 'string' [I/O] : Text to convert;
147: //
148: $this->mMakeClickablePostFilter->call(new XCube_Ref($text));
149: return $text;
150: }
151:
152: /**
153: * Replace XoopsCodes with their equivalent HTML formatting
154: *
155: * @param string $text
156: * @param bool $allowimage Allow images in the text?
157: * On FALSE, uses links to images.
158: * @return string
159: **/
160: function &xoopsCodeDecode($text, $allowimage = 1)
161: {
162: $text = $this->mTextFilter->convertXCode($text, $allowimage);
163:
164: // RaiseEvent : 'MyTextSanitizer.XoopsCodePostFilter'
165: // Delegate may convert output text with quickApplyFilter rule
166: // Args :
167: // 'string' [I/O] : Text to convert;
168: // 'allowimage' [I] : xoopsCodeDecode $allowimage parameter
169: //
170: $this->mXoopsCodePostFilter->call(new XCube_Ref($text), $allowimage);
171: return $text;
172: }
173:
174: /**
175: * Filters out invalid strings included in URL, if any
176: *
177: * @param array $matches
178: * @return string
179: */
180: function _filterImgUrl($matches)
181: {
182: if ($this->checkUrlString($matches[2])) {
183: return $matches[0];
184: } else {
185: return "";
186: }
187: }
188:
189: /**
190: * Checks if invalid strings are included in URL
191: *
192: * @param string $text
193: * @return bool
194: */
195: function checkUrlString($text)
196: {
197: // Check control code
198: if (preg_match("/[\\0-\\31]/", $text)) {
199: return false;
200: }
201: // check black pattern(deprecated)
202: return !preg_match("/^(javascript|vbscript|about):/i", $text);
203: }
204:
205: /**
206: * Convert linebreaks to <br /> tags
207: *
208: * @param string $text
209: *
210: * @return string
211: */
212: function &nl2Br($text)
213: {
214: $ret = $this->mTextFilter->nl2Br($text);
215: return $ret;
216: }
217:
218: /**
219: * Add slashes to the text if magic_quotes_gpc is turned off.
220: *
221: * @param string $text
222: * @return string
223: **/
224: function &addSlashes($text)
225: {
226: if (!get_magic_quotes_gpc()) {
227: $text = addslashes($text);
228: }
229: return $text;
230: }
231: /*
232: * if magic_quotes_gpc is on, stirip back slashes
233: *
234: * @param string $text
235: *
236: * @return string
237: */
238: function &stripSlashesGPC($text)
239: {
240: if (get_magic_quotes_gpc()) {
241: $text = stripslashes($text);
242: }
243: return $text;
244: }
245:
246: /*
247: * for displaying data in html textbox forms
248: *
249: * @param string $text
250: * @param bool $forEdit (experimental)
251: *
252: * @return string
253: */
254: function &htmlSpecialChars($text, $forEdit=false)
255: {
256: if (!$forEdit) {
257: $ret = $this->mTextFilter->toShow($text, true);
258: } else {
259: $ret = $this->mTextFilter->toEdit($text);
260: }
261: return $ret;
262: }
263:
264: /**
265: * Reverses {@link htmlSpecialChars()}
266: *
267: * @param string $text
268: * @return string
269: * @deprecated
270: **/
271: function &undoHtmlSpecialChars($text)
272: {
273: $ret = preg_replace(array("/>/i", "/</i", "/"/i", "/'/i"), array(">", "<", "\"", "'"), $text);
274: return $ret;
275: }
276:
277: /**
278: * Filters textarea data for display
279: * (This method makes overhead but needed for compatibility)
280: *
281: * @param string $text
282: * @param bool $html allow html?
283: * @param bool $smiley allow smileys?
284: * @param bool $xcode allow xoopscode?
285: * @param bool $image allow inline images?
286: * @param bool $br convert linebreaks?
287: * @return string
288: **/
289:
290: function _ToShowTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1) {
291: $text = $this->codePreConv($text, $xcode);
292: if ($html != 1) $text = $this->htmlSpecialChars($text);
293: $text = $this->makeClickable($text);
294: if ($smiley != 0) $text = $this->smiley($text);
295: if ($xcode != 0) $text = $this->xoopsCodeDecode($text, $image);
296: if ($br != 0) $text = $this->nl2Br($text);
297: $text = $this->codeConv($text, $xcode, $image);
298: return $text;
299: }
300:
301: /**
302: * Filters textarea form data in DB for display
303: *
304: * @param string $text
305: * @param bool $html allow html?
306: * @param bool $smiley allow smileys?
307: * @param bool $xcode allow xoopscode?
308: * @param bool $image allow inline images?
309: * @param bool $br convert linebreaks?
310: * @return string
311: **/
312: function &displayTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
313: {
314: $text = $this->mTextFilter->toShowTarea($text, $html, $smiley, $xcode, $image, $br, true);
315: return $text;
316: }
317:
318: /**
319: * Filters textarea form data submitted for preview
320: *
321: * @param string $text
322: * @param bool $html allow html?
323: * @param bool $smiley allow smileys?
324: * @param bool $xcode allow xoopscode?
325: * @param bool $image allow inline images?
326: * @param bool $br convert linebreaks?
327: * @return string
328: **/
329: function &previewTarea($text, $html = 0, $smiley = 1, $xcode = 1, $image = 1, $br = 1)
330: {
331: $text =& $this->stripSlashesGPC($text);
332: $text = $this->mTextFilter->toPreviewTarea($text, $html, $smiley, $xcode, $image, $br, true);
333: return $text;
334: }
335:
336: /**
337: * Replaces banned words in a string with their replacements
338: *
339: * @param string $text
340: * @return string
341: *
342: * @deprecated
343: **/
344: function &censorString($text)
345: {
346: if (!isset($this->censorConf)) {
347: $config_handler =& xoops_gethandler('config');
348: $this->censorConf =& $config_handler->getConfigsByCat(XOOPS_CONF_CENSOR);
349: }
350: if ($this->censorConf['censor_enable'] == 1) {
351: $replacement = $this->censorConf['censor_replace'];
352: foreach ($this->censorConf['censor_words'] as $bad) {
353: if ( !empty($bad) ) {
354: $bad = quotemeta($bad);
355: $patterns[] = "/(\s)".$bad."/siU";
356: $replacements[] = "\\1".$replacement;
357: $patterns[] = "/^".$bad."/siU";
358: $replacements[] = $replacement;
359: $patterns[] = "/(\n)".$bad."/siU";
360: $replacements[] = "\\1".$replacement;
361: $patterns[] = "/]".$bad."/siU";
362: $replacements[] = "]".$replacement;
363: $text = preg_replace($patterns, $replacements, $text);
364: }
365: }
366: }
367: return $text;
368: }
369:
370:
371: /**#@+
372: * Sanitizing of [code] tag
373: */
374: function codePreConv($text, $xcode = 1) {
375: if($xcode != 0){
376: $text = $this->mTextFilter->preConvertXCode($text, $xcode);
377: }
378: return $text;
379: }
380:
381: function codeConv($text, $xcode = 1, $image = 1){
382: if($xcode != 0){
383: $text = $this->mTextFilter->postConvertXCode($text, $xcode);
384: }
385: return $text;
386: }
387:
388: ##################### Deprecated Methods ######################
389:
390: /**#@+
391: * @deprecated
392: */
393: function sanitizeForDisplay($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
394: {
395: $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
396: return $text;
397: }
398:
399: function sanitizeForPreview($text, $allowhtml = 0, $smiley = 1, $bbcode = 1)
400: {
401: $text = $this->oopsStripSlashesGPC($text);
402: $text = $this->_ToShowTarea($text, $allowhtml, $smiley, $bbcode, 1, 1);
403: return $text;
404: }
405:
406: function makeTboxData4Save($text)
407: {
408: return $this->addSlashes($text);
409: }
410:
411: function makeTboxData4Show($text, $smiley=0)
412: {
413: $text = $this->mTextFilter->toShow($text, true);
414: return $text;
415: }
416:
417: function makeTboxData4Edit($text)
418: {
419: return $this->mTextFilter->toEdit($text);
420: }
421:
422: function makeTboxData4Preview($text, $smiley=0)
423: {
424: $text = $this->stripSlashesGPC($text);
425: $text = $this->mTextFilter->toShow($text, true);
426: return $text;
427: }
428:
429: function makeTboxData4PreviewInForm($text)
430: {
431: $text = $this->stripSlashesGPC($text);
432: return $this->mTextFilter->toEdit($text);
433: }
434:
435: function makeTareaData4Save($text)
436: {
437: return $this->addSlashes($text);
438: }
439:
440: function &makeTareaData4Show($text, $html=1, $smiley=1, $xcode=1)
441: {
442: $ret = $this->displayTarea($text, $html, $smiley, $xcode);
443: return $ret;
444: }
445:
446: function makeTareaData4Edit($text)
447: {
448: return $this->mTextFilter->toEdit($text);
449: }
450:
451: function &makeTareaData4Preview($text, $html=1, $smiley=1, $xcode=1)
452: {
453: $ret = $this->previewTarea($text, $html, $smiley, $xcode);
454: return $ret;
455: }
456:
457: function makeTareaData4PreviewInForm($text)
458: {
459: //if magic_quotes_gpc is on, do stipslashes
460: $text = $this->stripSlashesGPC($text);
461: return $this->mTextFilter->toEdit($text);
462: }
463:
464: function makeTareaData4InsideQuotes($text)
465: {
466: return $this->mTextFilter->toShow($text, true);
467: }
468:
469: function &oopsStripSlashesGPC($text)
470: {
471: $ret = $this->stripSlashesGPC($text);
472: return $ret;
473: }
474:
475: function &oopsStripSlashesRT($text)
476: {
477: if (get_magic_quotes_runtime()) {
478: $text =& stripslashes($text);
479: }
480: return $text;
481: }
482:
483: function &oopsAddSlashes($text)
484: {
485: $ret = $this->addSlashes($text);
486: return $ret;
487: }
488:
489: function &oopsHtmlSpecialChars($text)
490: {
491: $ret = $this->mTextFilter->toShow($text, true);
492: return $ret;
493: }
494:
495: function &oopsNl2Br($text)
496: {
497: $ret = $this->nl2br($text);
498: return $ret;
499: }
500: /**#@-*/
501: }
502: ?>
503: