Головна сторінка Огляд Довідка
Реєстрація Увійти
iNDivia.net
/
mlMemberRoller
5
0
Відгалуження 0
Файли Проблеми 0 Запити на злиття 0 Wiki
Дерево: 709e141bba
Гілки Теги
mlMemberRoller
/
vendor
/
phpmailer
/
phpmailer
/
extras
/
htmlfilter.php

htmlfilter.php 39 KB
Історія Запис

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * htmlfilter.inc
    4. 

  4.  * ---------------
    5. 

  5.  * This set of functions allows you to filter html in order to remove
    6. 

  6.  * any malicious tags from it. Useful in cases when you need to filter
    7. 

  7.  * user input for any cross-site-scripting attempts.
    8. 

  8.  *
    9. 

  9.  * Copyright (C) 2002-2004 by Duke University
    10. 

  10.  *
    11. 

  11.  * This library is free software; you can redistribute it and/or
    12. 

  12.  * modify it under the terms of the GNU Lesser General Public
    13. 

  13.  * License as published by the Free Software Foundation; either
    14. 

  14.  * version 2.1 of the License, or (at your option) any later version.
    15. 

  15.  *
    16. 

  16.  * This library is distributed in the hope that it will be useful,
    17. 

  17.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    18. 

  18.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the GNU
    19. 

  19.  * Lesser General Public License for more details.
    20. 

  20.  *
    21. 

  21.  * You should have received a copy of the GNU Lesser General Public
    22. 

  22.  * License along with this library; if not, write to the Free Software
    23. 

  23.  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
    24. 

  24.  * 02110-1301  USA
    25. 

  25.  *
    26. 

  26.  * @Author	Konstantin Riabitsev <icon@linux.duke.edu>
    27. 

  27.  * @Author  Jim Jagielski <jim@jaguNET.com / jimjag@gmail.com>
    28. 

  28.  * @Version 1.1 ($Date$)
    29. 

  29.  */
    30. 

  30. 

  31. /**
    32. 

  32.  * This function returns the final tag out of the tag name, an array
    33. 

  33.  * of attributes, and the type of the tag. This function is called by
    34. 

  34.  * tln_sanitize internally.
    35. 

  35.  *
    36. 

  36.  * @param string $tagname the name of the tag.
    37. 

  37.  * @param array $attary the array of attributes and their values
    38. 

  38.  * @param integer $tagtype The type of the tag (see in comments).
    39. 

  39.  * @return string A string with the final tag representation.
    40. 

  40.  */
    41. 

  41. function tln_tagprint($tagname, $attary, $tagtype)
    42. 

  42. {
    43. 

  43.     if ($tagtype == 2) {
    44. 

  44.         $fulltag = '</' . $tagname . '>';
    45. 

  45.     } else {
    46. 

  46.         $fulltag = '<' . $tagname;
    47. 

  47.         if (is_array($attary) && sizeof($attary)) {
    48. 

  48.             $atts = array();
    49. 

  49.             while (list($attname, $attvalue) = each($attary)) {
    50. 

  50.                 array_push($atts, "$attname=$attvalue");
    51. 

  51.             }
    52. 

  52.             $fulltag .= ' ' . join(' ', $atts);
    53. 

  53.         }
    54. 

  54.         if ($tagtype == 3) {
    55. 

  55.             $fulltag .= ' /';
    56. 

  56.         }
    57. 

  57.         $fulltag .= '>';
    58. 

  58.     }
    59. 

  59.     return $fulltag;
    60. 

  60. }
    61. 

  61. 

  62. /**
    63. 

  63.  * A small helper function to use with array_walk. Modifies a by-ref
    64. 

  64.  * value and makes it lowercase.
    65. 

  65.  *
    66. 

  66.  * @param string $val a value passed by-ref.
    67. 

  67.  * @return		void since it modifies a by-ref value.
    68. 

  68.  */
    69. 

  69. function tln_casenormalize(&$val)
    70. 

  70. {
    71. 

  71.     $val = strtolower($val);
    72. 

  72. }
    73. 

  73. 

  74. /**
    75. 

  75.  * This function skips any whitespace from the current position within
    76. 

  76.  * a string and to the next non-whitespace value.
    77. 

  77.  *
    78. 

  78.  * @param string $body the string
    79. 

  79.  * @param integer $offset the offset within the string where we should start
    80. 

  80.  *				   looking for the next non-whitespace character.
    81. 

  81.  * @return integer          the location within the $body where the next
    82. 

  82.  *				   non-whitespace char is located.
    83. 

  83.  */
    84. 

  84. function tln_skipspace($body, $offset)
    85. 

  85. {
    86. 

  86.     preg_match('/^(\s*)/s', substr($body, $offset), $matches);
    87. 

  87.     if (sizeof($matches[1])) {
    88. 

  88.         $count = strlen($matches[1]);
    89. 

  89.         $offset += $count;
    90. 

  90.     }
    91. 

  91.     return $offset;
    92. 

  92. }
    93. 

  93. 

  94. /**
    95. 

  95.  * This function looks for the next character within a string.	It's
    96. 

  96.  * really just a glorified "strpos", except it catches the failures
    97. 

  97.  * nicely.
    98. 

  98.  *
    99. 

  99.  * @param string $body   The string to look for needle in.
    100. 

  100.  * @param integer $offset Start looking from this position.
    101. 

  101.  * @param string $needle The character/string to look for.
    102. 

  102.  * @return integer           location of the next occurrence of the needle, or
    103. 

  103.  *				   strlen($body) if needle wasn't found.
    104. 

  104.  */
    105. 

  105. function tln_findnxstr($body, $offset, $needle)
    106. 

  106. {
    107. 

  107.     $pos = strpos($body, $needle, $offset);
    108. 

  108.     if ($pos === false) {
    109. 

  109.         $pos = strlen($body);
    110. 

  110.     }
    111. 

  111.     return $pos;
    112. 

  112. }
    113. 

  113. 

  114. /**
    115. 

  115.  * This function takes a PCRE-style regexp and tries to match it
    116. 

  116.  * within the string.
    117. 

  117.  *
    118. 

  118.  * @param string $body   The string to look for needle in.
    119. 

  119.  * @param integer $offset Start looking from here.
    120. 

  120.  * @param string $reg       A PCRE-style regex to match.
    121. 

  121.  * @return array|boolean  Returns a false if no matches found, or an array
    122. 

  122.  *				   with the following members:
    123. 

  123.  *				   - integer with the location of the match within $body
    124. 

  124.  *				   - string with whatever content between offset and the match
    125. 

  125.  *				   - string with whatever it is we matched
    126. 

  126.  */
    127. 

  127. function tln_findnxreg($body, $offset, $reg)
    128. 

  128. {
    129. 

  129.     $matches = array();
    130. 

  130.     $retarr = array();
    131. 

  131.     $preg_rule = '%^(.*?)(' . $reg . ')%s';
    132. 

  132.     preg_match($preg_rule, substr($body, $offset), $matches);
    133. 

  133.     if (!isset($matches[0]) || !$matches[0]) {
    134. 

  134.         $retarr = false;
    135. 

  135.     } else {
    136. 

  136.         $retarr[0] = $offset + strlen($matches[1]);
    137. 

  137.         $retarr[1] = $matches[1];
    138. 

  138.         $retarr[2] = $matches[2];
    139. 

  139.     }
    140. 

  140.     return $retarr;
    141. 

  141. }
    142. 

  142. 

  143. /**
    144. 

  144.  * This function looks for the next tag.
    145. 

  145.  *
    146. 

  146.  * @param string $body   String where to look for the next tag.
    147. 

  147.  * @param integer $offset Start looking from here.
    148. 

  148.  * @return array|boolean false if no more tags exist in the body, or
    149. 

  149.  *				   an array with the following members:
    150. 

  150.  *				   - string with the name of the tag
    151. 

  151.  *				   - array with attributes and their values
    152. 

  152.  *				   - integer with tag type (1, 2, or 3)
    153. 

  153.  *				   - integer where the tag starts (starting "<")
    154. 

  154.  *				   - integer where the tag ends (ending ">")
    155. 

  155.  *				   first three members will be false, if the tag is invalid.
    156. 

  156.  */
    157. 

  157. function tln_getnxtag($body, $offset)
    158. 

  158. {
    159. 

  159.     if ($offset > strlen($body)) {
    160. 

  160.         return false;
    161. 

  161.     }
    162. 

  162.     $lt = tln_findnxstr($body, $offset, '<');
    163. 

  163.     if ($lt == strlen($body)) {
    164. 

  164.         return false;
    165. 

  165.     }
    166. 

  166.     /**
    167. 

  167.      * We are here:
    168. 

  168.      * blah blah <tag attribute="value">
    169. 

  169.      * \---------^
    170. 

  170.      */
    171. 

  171.     $pos = tln_skipspace($body, $lt + 1);
    172. 

  172.     if ($pos >= strlen($body)) {
    173. 

  173.         return array(false, false, false, $lt, strlen($body));
    174. 

  174.     }
    175. 

  175.     /**
    176. 

  176.      * There are 3 kinds of tags:
    177. 

  177.      * 1. Opening tag, e.g.:
    178. 

  178.      *	  <a href="blah">
    179. 

  179.      * 2. Closing tag, e.g.:
    180. 

  180.      *	  </a>
    181. 

  181.      * 3. XHTML-style content-less tag, e.g.:
    182. 

  182.      *	  <img src="blah"/>
    183. 

  183.      */
    184. 

  184.     switch (substr($body, $pos, 1)) {
    185. 

  185.     case '/':
    186. 

  186.         $tagtype = 2;
    187. 

  187.         $pos++;
    188. 

  188.         break;
    189. 

  189.     case '!':
    190. 

  190.         /**
    191. 

  191.          * A comment or an SGML declaration.
    192. 

  192.          */
    193. 

  193.             if (substr($body, $pos + 1, 2) == '--') {
    194. 

  194.             $gt = strpos($body, '-->', $pos);
    195. 

  195.             if ($gt === false) {
    196. 

  196.                 $gt = strlen($body);
    197. 

  197.             } else {
    198. 

  198.                 $gt += 2;
    199. 

  199.             }
    200. 

  200.             return array(false, false, false, $lt, $gt);
    201. 

  201.         } else {
    202. 

  202.             $gt = tln_findnxstr($body, $pos, '>');
    203. 

  203.             return array(false, false, false, $lt, $gt);
    204. 

  204.         }
    205. 

  205.         break;
    206. 

  206.     default:
    207. 

  207.         /**
    208. 

  208.          * Assume tagtype 1 for now. If it's type 3, we'll switch values
    209. 

  209.          * later.
    210. 

  210.          */
    211. 

  211.         $tagtype = 1;
    212. 

  212.         break;
    213. 

  213.     }
    214. 

  214. 

  215.     /**
    216. 

  216.      * Look for next [\W-_], which will indicate the end of the tag name.
    217. 

  217.      */
    218. 

  218.     $regary = tln_findnxreg($body, $pos, '[^\w\-_]');
    219. 

  219.     if ($regary == false) {
    220. 

  220.         return array(false, false, false, $lt, strlen($body));
    221. 

  221.     }
    222. 

  222.     list($pos, $tagname, $match) = $regary;
    223. 

  223.     $tagname = strtolower($tagname);
    224. 

  224. 

  225.     /**
    226. 

  226.      * $match can be either of these:
    227. 

  227.      * '>'	indicating the end of the tag entirely.
    228. 

  228.      * '\s' indicating the end of the tag name.
    229. 

  229.      * '/'	indicating that this is type-3 xhtml tag.
    230. 

  230.      *
    231. 

  231.      * Whatever else we find there indicates an invalid tag.
    232. 

  232.      */
    233. 

  233.     switch ($match) {
    234. 

  234.     case '/':
    235. 

  235.         /**
    236. 

  236.          * This is an xhtml-style tag with a closing / at the
    237. 

  237.          * end, like so: <img src="blah"/>. Check if it's followed
    238. 

  238.          * by the closing bracket. If not, then this tag is invalid
    239. 

  239.          */
    240. 

  240.         if (substr($body, $pos, 2) == '/>') {
    241. 

  241.             $pos++;
    242. 

  242.             $tagtype = 3;
    243. 

  243.         } else {
    244. 

  244.             $gt = tln_findnxstr($body, $pos, '>');
    245. 

  245.             $retary = array(false, false, false, $lt, $gt);
    246. 

  246.             return $retary;
    247. 

  247.         }
    248. 

  248.             //intentional fall-through
    249. 

  249.     case '>':
    250. 

  250.         return array($tagname, false, $tagtype, $lt, $pos);
    251. 

  251.         break;
    252. 

  252.     default:
    253. 

  253.         /**
    254. 

  254.          * Check if it's whitespace
    255. 

  255.          */
    256. 

  256.         if (!preg_match('/\s/', $match)) {
    257. 

  257.             /**
    258. 

  258.              * This is an invalid tag! Look for the next closing ">".
    259. 

  259.              */
    260. 

  260.             $gt = tln_findnxstr($body, $lt, '>');
    261. 

  261.             return array(false, false, false, $lt, $gt);
    262. 

  262.         }
    263. 

  263.         break;
    264. 

  264.     }
    265. 

  265. 

  266.     /**
    267. 

  267.      * At this point we're here:
    268. 

  268.      * <tagname	 attribute='blah'>
    269. 

  269.      * \-------^
    270. 

  270.      *
    271. 

  271.      * At this point we loop in order to find all attributes.
    272. 

  272.      */
    273. 

  273.     $attary = array();
    274. 

  274. 

  275.     while ($pos <= strlen($body)) {
    276. 

  276.         $pos = tln_skipspace($body, $pos);
    277. 

  277.         if ($pos == strlen($body)) {
    278. 

  278.             /**
    279. 

  279.              * Non-closed tag.
    280. 

  280.              */
    281. 

  281.             return array(false, false, false, $lt, $pos);
    282. 

  282.         }
    283. 

  283.         /**
    284. 

  284.          * See if we arrived at a ">" or "/>", which means that we reached
    285. 

  285.          * the end of the tag.
    286. 

  286.          */
    287. 

  287.         $matches = array();
    288. 

  288.         if (preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches)) {
    289. 

  289.             /**
    290. 

  290.              * Yep. So we did.
    291. 

  291.              */
    292. 

  292.             $pos += strlen($matches[1]);
    293. 

  293.             if ($matches[2] == '/>') {
    294. 

  294.                 $tagtype = 3;
    295. 

  295.                 $pos++;
    296. 

  296.             }
    297. 

  297.             return array($tagname, $attary, $tagtype, $lt, $pos);
    298. 

  298.         }
    299. 

  299. 

  300.         /**
    301. 

  301.          * There are several types of attributes, with optional
    302. 

  302.          * [:space:] between members.
    303. 

  303.          * Type 1:
    304. 

  304.          *	 attrname[:space:]=[:space:]'CDATA'
    305. 

  305.          * Type 2:
    306. 

  306.          *	 attrname[:space:]=[:space:]"CDATA"
    307. 

  307.          * Type 3:
    308. 

  308.          *	 attr[:space:]=[:space:]CDATA
    309. 

  309.          * Type 4:
    310. 

  310.          *	 attrname
    311. 

  311.          *
    312. 

  312.          * We leave types 1 and 2 the same, type 3 we check for
    313. 

  313.          * '"' and convert to "&quot" if needed, then wrap in
    314. 

  314.          * double quotes. Type 4 we convert into:
    315. 

  315.          * attrname="yes".
    316. 

  316.          */
    317. 

  317.         $regary = tln_findnxreg($body, $pos, '[^\w\-_]');
    318. 

  318.         if ($regary == false) {
    319. 

  319.             /**
    320. 

  320.              * Looks like body ended before the end of tag.
    321. 

  321.              */
    322. 

  322.             return array(false, false, false, $lt, strlen($body));
    323. 

  323.         }
    324. 

  324.         list($pos, $attname, $match) = $regary;
    325. 

  325.         $attname = strtolower($attname);
    326. 

  326.         /**
    327. 

  327.          * We arrived at the end of attribute name. Several things possible
    328. 

  328.          * here:
    329. 

  329.          * '>'	means the end of the tag and this is attribute type 4
    330. 

  330.          * '/'	if followed by '>' means the same thing as above
    331. 

  331.          * '\s' means a lot of things -- look what it's followed by.
    332. 

  332.          *		anything else means the attribute is invalid.
    333. 

  333.          */
    334. 

  334.         switch ($match) {
    335. 

  335.         case '/':
    336. 

  336.             /**
    337. 

  337.              * This is an xhtml-style tag with a closing / at the
    338. 

  338.              * end, like so: <img src="blah"/>. Check if it's followed
    339. 

  339.              * by the closing bracket. If not, then this tag is invalid
    340. 

  340.              */
    341. 

  341.             if (substr($body, $pos, 2) == '/>') {
    342. 

  342.                 $pos++;
    343. 

  343.                 $tagtype = 3;
    344. 

  344.             } else {
    345. 

  345.                 $gt = tln_findnxstr($body, $pos, '>');
    346. 

  346.                 $retary = array(false, false, false, $lt, $gt);
    347. 

  347.                 return $retary;
    348. 

  348.             }
    349. 

  349.                 //intentional fall-through
    350. 

  350.         case '>':
    351. 

  351.             $attary{$attname} = '"yes"';
    352. 

  352.             return array($tagname, $attary, $tagtype, $lt, $pos);
    353. 

  353.             break;
    354. 

  354.         default:
    355. 

  355.             /**
    356. 

  356.              * Skip whitespace and see what we arrive at.
    357. 

  357.              */
    358. 

  358.             $pos = tln_skipspace($body, $pos);
    359. 

  359.             $char = substr($body, $pos, 1);
    360. 

  360.             /**
    361. 

  361.              * Two things are valid here:
    362. 

  362.              * '=' means this is attribute type 1 2 or 3.
    363. 

  363.              * \w means this was attribute type 4.
    364. 

  364.              * anything else we ignore and re-loop. End of tag and
    365. 

  365.              * invalid stuff will be caught by our checks at the beginning
    366. 

  366.              * of the loop.
    367. 

  367.              */
    368. 

  368.             if ($char == '=') {
    369. 

  369.                 $pos++;
    370. 

  370.                 $pos = tln_skipspace($body, $pos);
    371. 

  371.                 /**
    372. 

  372.                  * Here are 3 possibilities:
    373. 

  373.                  * "'"	attribute type 1
    374. 

  374.                  * '"'	attribute type 2
    375. 

  375.                  * everything else is the content of tag type 3
    376. 

  376.                  */
    377. 

  377.                 $quot = substr($body, $pos, 1);
    378. 

  378.                 if ($quot == '\'') {
    379. 

  379.                         $regary = tln_findnxreg($body, $pos + 1, '\'');
    380. 

  380.                     if ($regary == false) {
    381. 

  381.                         return array(false, false, false, $lt, strlen($body));
    382. 

  382.                     }
    383. 

  383.                     list($pos, $attval, $match) = $regary;
    384. 

  384.                     $pos++;
    385. 

  385.                     $attary{$attname} = '\'' . $attval . '\'';
    386. 

  386.                 } elseif ($quot == '"') {
    387. 

  387.                     $regary = tln_findnxreg($body, $pos + 1, '\"');
    388. 

  388.                     if ($regary == false) {
    389. 

  389.                         return array(false, false, false, $lt, strlen($body));
    390. 

  390.                     }
    391. 

  391.                     list($pos, $attval, $match) = $regary;
    392. 

  392.                     $pos++;
    393. 

  393.                             $attary{$attname} = '"' . $attval . '"';
    394. 

  394.                 } else {
    395. 

  395.                     /**
    396. 

  396.                      * These are hateful. Look for \s, or >.
    397. 

  397.                      */
    398. 

  398.                     $regary = tln_findnxreg($body, $pos, '[\s>]');
    399. 

  399.                     if ($regary == false) {
    400. 

  400.                         return array(false, false, false, $lt, strlen($body));
    401. 

  401.                     }
    402. 

  402.                     list($pos, $attval, $match) = $regary;
    403. 

  403.                     /**
    404. 

  404.                      * If it's ">" it will be caught at the top.
    405. 

  405.                      */
    406. 

  406.                     $attval = preg_replace('/\"/s', '&quot;', $attval);
    407. 

  407.                     $attary{$attname} = '"' . $attval . '"';
    408. 

  408.                 }
    409. 

  409.             } elseif (preg_match('|[\w/>]|', $char)) {
    410. 

  410.                 /**
    411. 

  411.                  * That was attribute type 4.
    412. 

  412.                  */
    413. 

  413.                 $attary{$attname} = '"yes"';
    414. 

  414.             } else {
    415. 

  415.                 /**
    416. 

  416.                  * An illegal character. Find next '>' and return.
    417. 

  417.                  */
    418. 

  418.                 $gt = tln_findnxstr($body, $pos, '>');
    419. 

  419.                 return array(false, false, false, $lt, $gt);
    420. 

  420.             }
    421. 

  421.             break;
    422. 

  422.         }
    423. 

  423.     }
    424. 

  424.     /**
    425. 

  425.      * The fact that we got here indicates that the tag end was never
    426. 

  426.      * found. Return invalid tag indication so it gets stripped.
    427. 

  427.      */
    428. 

  428.     return array(false, false, false, $lt, strlen($body));
    429. 

  429. }
    430. 

  430. 

  431. /**
    432. 

  432.  * Translates entities into literal values so they can be checked.
    433. 

  433.  *
    434. 

  434.  * @param string $attvalue the by-ref value to check.
    435. 

  435.  * @param string $regex    the regular expression to check against.
    436. 

  436.  * @param boolean $hex        whether the entites are hexadecimal.
    437. 

  437.  * @return boolean            True or False depending on whether there were matches.
    438. 

  438.  */
    439. 

  439. function tln_deent(&$attvalue, $regex, $hex = false)
    440. 

  440. {
    441. 

  441.     preg_match_all($regex, $attvalue, $matches);
    442. 

  442.     if (is_array($matches) && sizeof($matches[0]) > 0) {
    443. 

  443.         $repl = array();
    444. 

  444.         for ($i = 0; $i < sizeof($matches[0]); $i++) {
    445. 

  445.             $numval = $matches[1][$i];
    446. 

  446.             if ($hex) {
    447. 

  447.                 $numval = hexdec($numval);
    448. 

  448.             }
    449. 

  449.             $repl{$matches[0][$i]} = chr($numval);
    450. 

  450.         }
    451. 

  451.         $attvalue = strtr($attvalue, $repl);
    452. 

  452.         return true;
    453. 

  453.     } else {
    454. 

  454.         return false;
    455. 

  455.     }
    456. 

  456. }
    457. 

  457. 

  458. /**
    459. 

  459.  * This function checks attribute values for entity-encoded values
    460. 

  460.  * and returns them translated into 8-bit strings so we can run
    461. 

  461.  * checks on them.
    462. 

  462.  *
    463. 

  463.  * @param string $attvalue A string to run entity check against.
    464. 

  464.  * @return             Void, modifies a reference value.
    465. 

  465.  */
    466. 

  466. function tln_defang(&$attvalue)
    467. 

  467. {
    468. 

  468.     /**
    469. 

  469.      * Skip this if there aren't ampersands or backslashes.
    470. 

  470.      */
    471. 

  471.     if (strpos($attvalue, '&') === false
    472. 

  472.         && strpos($attvalue, '\\') === false
    473. 

  473.     ) {
    474. 

  474.         return;
    475. 

  475.     }
    476. 

  476.     do {
    477. 

  477.         $m = false;
    478. 

  478.         $m = $m || tln_deent($attvalue, '/\&#0*(\d+);*/s');
    479. 

  479.         $m = $m || tln_deent($attvalue, '/\&#x0*((\d|[a-f])+);*/si', true);
    480. 

  480.         $m = $m || tln_deent($attvalue, '/\\\\(\d+)/s', true);
    481. 

  481.     } while ($m == true);
    482. 

  482.     $attvalue = stripslashes($attvalue);
    483. 

  483. }
    484. 

  484. 

  485. /**
    486. 

  486.  * Kill any tabs, newlines, or carriage returns. Our friends the
    487. 

  487.  * makers of the browser with 95% market value decided that it'd
    488. 

  488.  * be funny to make "java[tab]script" be just as good as "javascript".
    489. 

  489.  *
    490. 

  490.  * @param string $attvalue     The attribute value before extraneous spaces removed.
    491. 

  491.  * @return     Void, modifies a reference value.
    492. 

  492.  */
    493. 

  493. function tln_unspace(&$attvalue)
    494. 

  494. {
    495. 

  495.     if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)) {
    496. 

  496.         $attvalue = str_replace(
    497. 

  497.             array("\t", "\r", "\n", "\0", " "),
    498. 

  498.             array('', '', '', '', ''),
    499. 

  499.             $attvalue
    500. 

  500.         );
    501. 

  501.     }
    502. 

  502. }
    503. 

  503. 

  504. /**
    505. 

  505.  * This function runs various checks against the attributes.
    506. 

  506.  *
    507. 

  507.  * @param string $tagname            String with the name of the tag.
    508. 

  508.  * @param array $attary            Array with all tag attributes.
    509. 

  509.  * @param array $rm_attnames        See description for tln_sanitize
    510. 

  510.  * @param array $bad_attvals        See description for tln_sanitize
    511. 

  511.  * @param array $add_attr_to_tag See description for tln_sanitize
    512. 

  512.  * @param string $trans_image_path
    513. 

  513.  * @param boolean $block_external_images
    514. 

  514.  * @return					Array with modified attributes.
    515. 

  515.  */
    516. 

  516. function tln_fixatts(
    517. 

  517.     $tagname,
    518. 

  518.     $attary,
    519. 

  519.     $rm_attnames,
    520. 

  520.     $bad_attvals,
    521. 

  521.     $add_attr_to_tag,
    522. 

  522.     $trans_image_path,
    523. 

  523.     $block_external_images
    524. 

  524. ) {
    525. 

  525.     while (list($attname, $attvalue) = each($attary)) {
    526. 

  526.         /**
    527. 

  527.          * See if this attribute should be removed.
    528. 

  528.          */
    529. 

  529.         foreach ($rm_attnames as $matchtag => $matchattrs) {
    530. 

  530.             if (preg_match($matchtag, $tagname)) {
    531. 

  531.                 foreach ($matchattrs as $matchattr) {
    532. 

  532.                     if (preg_match($matchattr, $attname)) {
    533. 

  533.                         unset($attary{$attname});
    534. 

  534.                         continue;
    535. 

  535.                     }
    536. 

  536.                 }
    537. 

  537.             }
    538. 

  538.         }
    539. 

  539.         /**
    540. 

  540.          * Remove any backslashes, entities, or extraneous whitespace.
    541. 

  541.          */
    542. 

  542.         $oldattvalue = $attvalue;
    543. 

  543.         tln_defang($attvalue);
    544. 

  544.         if ($attname == 'style' && $attvalue !== $oldattvalue) {
    545. 

  545.             $attvalue = "idiocy";
    546. 

  546.             $attary{$attname} = $attvalue;
    547. 

  547.         }
    548. 

  548.         tln_unspace($attvalue);
    549. 

  549. 

  550.         /**
    551. 

  551.          * Now let's run checks on the attvalues.
    552. 

  552.          * I don't expect anyone to comprehend this. If you do,
    553. 

  553.          * get in touch with me so I can drive to where you live and
    554. 

  554.          * shake your hand personally. :)
    555. 

  555.          */
    556. 

  556.         foreach ($bad_attvals as $matchtag => $matchattrs) {
    557. 

  557.             if (preg_match($matchtag, $tagname)) {
    558. 

  558.                 foreach ($matchattrs as $matchattr => $valary) {
    559. 

  559.                     if (preg_match($matchattr, $attname)) {
    560. 

  560.                         /**
    561. 

  561.                          * There are two arrays in valary.
    562. 

  562.                          * First is matches.
    563. 

  563.                          * Second one is replacements
    564. 

  564.                          */
    565. 

  565.                         list($valmatch, $valrepl) = $valary;
    566. 

  566.                         $newvalue = preg_replace($valmatch, $valrepl, $attvalue);
    567. 

  567.                         if ($newvalue != $attvalue) {
    568. 

  568.                             $attary{$attname} = $newvalue;
    569. 

  569.                             $attvalue = $newvalue;
    570. 

  570.                         }
    571. 

  571.                     }
    572. 

  572.                 }
    573. 

  573.             }
    574. 

  574.         }
    575. 

  575.         if ($attname == 'style') {
    576. 

  576.             if (preg_match('/[\0-\37\200-\377]+/', $attvalue)) {
    577. 

  577.                 $attary{$attname} = '"disallowed character"';
    578. 

  578.             }
    579. 

  579.             preg_match_all("/url\s*\((.+)\)/si", $attvalue, $aMatch);
    580. 

  580.             if (count($aMatch)) {
    581. 

  581.                 foreach($aMatch[1] as $sMatch) {
    582. 

  582.                     $urlvalue = $sMatch;
    583. 

  583.                     tln_fixurl($attname, $urlvalue, $trans_image_path, $block_external_images);
    584. 

  584.                     $attary{$attname} = str_replace($sMatch, $urlvalue, $attvalue);
    585. 

  585.                 }
    586. 

  586.             }
    587. 

  587.         }
    588. 

  588.      }
    589. 

  589.     /**
    590. 

  590.      * See if we need to append any attributes to this tag.
    591. 

  591.      */
    592. 

  592.     foreach ($add_attr_to_tag as $matchtag => $addattary) {
    593. 

  593.         if (preg_match($matchtag, $tagname)) {
    594. 

  594.             $attary = array_merge($attary, $addattary);
    595. 

  595.         }
    596. 

  596.     }
    597. 

  597.     return $attary;
    598. 

  598. }
    599. 

  599. 

  600. function tln_fixurl($attname, &$attvalue, $trans_image_path, $block_external_images)
    601. 

  601. {
    602. 

  602.     $sQuote = '"';
    603. 

  603.     $attvalue = trim($attvalue);
    604. 

  604.     if ($attvalue && ($attvalue[0] =='"'|| $attvalue[0] == "'")) {
    605. 

  605.         // remove the double quotes
    606. 

  606.         $sQuote = $attvalue[0];
    607. 

  607.         $attvalue = trim(substr($attvalue,1,-1));
    608. 

  608.     }
    609. 

  609. 

  610.     /**
    611. 

  611.      * Replace empty src tags with the blank image.  src is only used
    612. 

  612.      * for frames, images, and image inputs.  Doing a replace should
    613. 

  613.      * not affect them working as should be, however it will stop
    614. 

  614.      * IE from being kicked off when src for img tags are not set
    615. 

  615.      */
    616. 

  616.     if ($attvalue == '') {
    617. 

  617.         $attvalue = $sQuote . $trans_image_path . $sQuote;
    618. 

  618.     } else {
    619. 

  619.         // first, disallow 8 bit characters and control characters
    620. 

  620.         if (preg_match('/[\0-\37\200-\377]+/',$attvalue)) {
    621. 

  621.             switch ($attname) {
    622. 

  622.                 case 'href':
    623. 

  623.                     $attvalue = $sQuote . 'http://invalid-stuff-detected.example.com' . $sQuote;
    624. 

  624.                     break;
    625. 

  625.                 default:
    626. 

  626.                     $attvalue = $sQuote . $trans_image_path . $sQuote;
    627. 

  627.                     break;
    628. 

  628.             }
    629. 

  629.         } else {
    630. 

  630.             $aUrl = parse_url($attvalue);
    631. 

  631.             if (isset($aUrl['scheme'])) {
    632. 

  632.                 switch(strtolower($aUrl['scheme'])) {
    633. 

  633.                     case 'mailto':
    634. 

  634.                     case 'http':
    635. 

  635.                     case 'https':
    636. 

  636.                     case 'ftp':
    637. 

  637.                         if ($attname != 'href') {
    638. 

  638.                             if ($block_external_images == true) {
    639. 

  639.                                 $attvalue = $sQuote . $trans_image_path . $sQuote;
    640. 

  640.                             } else {
    641. 

  641.                                 if (!isset($aUrl['path'])) {
    642. 

  642.                                     $attvalue = $sQuote . $trans_image_path . $sQuote;
    643. 

  643.                                 }
    644. 

  644.                             }
    645. 

  645.                         } else {
    646. 

  646.                             $attvalue = $sQuote . $attvalue . $sQuote;
    647. 

  647.                         }
    648. 

  648.                         break;
    649. 

  649.                     case 'outbind':
    650. 

  650.                         $attvalue = $sQuote . $attvalue . $sQuote;
    651. 

  651.                         break;
    652. 

  652.                     case 'cid':
    653. 

  653.                         $attvalue = $sQuote . $attvalue . $sQuote;
    654. 

  654.                         break;
    655. 

  655.                     default:
    656. 

  656.                         $attvalue = $sQuote . $trans_image_path . $sQuote;
    657. 

  657.                         break;
    658. 

  658.                 }
    659. 

  659.             } else {
    660. 

  660.                 if (!isset($aUrl['path']) || $aUrl['path'] != $trans_image_path) {
    661. 

  661.                     $$attvalue = $sQuote . $trans_image_path . $sQuote;
    662. 

  662.                 }
    663. 

  663.             }
    664. 

  664.         }
    665. 

  665.     }
    666. 

  666. }
    667. 

  667. 

  668. function tln_fixstyle($body, $pos, $trans_image_path, $block_external_images)
    669. 

  669. {
    670. 

  670.     $me = 'tln_fixstyle';
    671. 

  671.     // workaround for </style> in between comments
    672. 

  672.     $iCurrentPos = $pos;
    673. 

  673.     $content = '';
    674. 

  674.     $sToken = '';
    675. 

  675.     $bSucces = false;
    676. 

  676.     $bEndTag = false;
    677. 

  677.     for ($i=$pos,$iCount=strlen($body);$i<$iCount;++$i) {
    678. 

  678.         $char = $body{$i};
    679. 

  679.         switch ($char) {
    680. 

  680.             case '<':
    681. 

  681.                 $sToken = $char;
    682. 

  682.                 break;
    683. 

  683.             case '/':
    684. 

  684.                  if ($sToken == '<') {
    685. 

  685.                     $sToken .= $char;
    686. 

  686.                     $bEndTag = true;
    687. 

  687.                  } else {
    688. 

  688.                     $content .= $char;
    689. 

  689.                  }
    690. 

  690.                  break;
    691. 

  691.             case '>':
    692. 

  692.                  if ($bEndTag) {
    693. 

  693.                     $sToken .= $char;
    694. 

  694.                     if (preg_match('/\<\/\s*style\s*\>/i',$sToken,$aMatch)) {
    695. 

  695.                         $newpos = $i + 1;
    696. 

  696.                         $bSucces = true;
    697. 

  697.                         break 2;
    698. 

  698.                     } else {
    699. 

  699.                         $content .= $sToken;
    700. 

  700.                     }
    701. 

  701.                     $bEndTag = false;
    702. 

  702.                  } else {
    703. 

  703.                     $content .= $char;
    704. 

  704.                  }
    705. 

  705.                  break;
    706. 

  706.             case '!':
    707. 

  707.                 if ($sToken == '<') {
    708. 

  708.                     // possible comment
    709. 

  709.                     if (isset($body{$i+2}) && substr($body,$i,3) == '!--') {
    710. 

  710.                         $i = strpos($body,'-->',$i+3);
    711. 

  711.                         if ($i === false) { // no end comment
    712. 

  712.                             $i = strlen($body);
    713. 

  713.                         }
    714. 

  714.                         $sToken = '';
    715. 

  715.                     }
    716. 

  716.                 } else {
    717. 

  717.                     $content .= $char;
    718. 

  718.                 }
    719. 

  719.                 break;
    720. 

  720.             default:
    721. 

  721.                 if ($bEndTag) {
    722. 

  722.                     $sToken .= $char;
    723. 

  723.                 } else {
    724. 

  724.                     $content .= $char;
    725. 

  725.                 }
    726. 

  726.                 break;
    727. 

  727.         }
    728. 

  728.     }
    729. 

  729.     if ($bSucces == FALSE){
    730. 

  730.         return array(FALSE, strlen($body));
    731. 

  731.     }
    732. 

  732. 

  733. 

  734. 

  735.     /**
    736. 

  736.      * First look for general BODY style declaration, which would be
    737. 

  737.      * like so:
    738. 

  738.      * body {background: blah-blah}
    739. 

  739.      * and change it to .bodyclass so we can just assign it to a <div>
    740. 

  740.      */
    741. 

  741.     $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
    742. 

  742. 

  743.     $trans_image_path = $trans_image_path;
    744. 

  744. 

  745.     /**
    746. 

  746.     * Fix url('blah') declarations.
    747. 

  747.     */
    748. 

  748.     //   $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
    749. 

  749.     //                           "url(\\1$trans_image_path\\2)", $content);
    750. 

  750. 

  751.     // first check for 8bit sequences and disallowed control characters
    752. 

  752.     if (preg_match('/[\16-\37\200-\377]+/',$content)) {
    753. 

  753.         $content = '<!-- style block removed by html filter due to presence of 8bit characters -->';
    754. 

  754.         return array($content, $newpos);
    755. 

  755.     }
    756. 

  756. 

  757.     // remove @import line
    758. 

  758.     $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content);
    759. 

  759. 

  760.     $content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i", 'url', $content);
    761. 

  761.     preg_match_all("/url\s*\((.+)\)/si",$content,$aMatch);
    762. 

  762.     if (count($aMatch)) {
    763. 

  763.         $aValue = $aReplace = array();
    764. 

  764.         foreach($aMatch[1] as $sMatch) {
    765. 

  765.             // url value
    766. 

  766.             $urlvalue = $sMatch;
    767. 

  767.             tln_fixurl('style',$urlvalue, $trans_image_path, $block_external_images);
    768. 

  768.             $aValue[] = $sMatch;
    769. 

  769.             $aReplace[] = $urlvalue;
    770. 

  770.         }
    771. 

  771.         $content = str_replace($aValue,$aReplace,$content);
    772. 

  772.     }
    773. 

  773. 

  774.     /**
    775. 

  775.      * Remove any backslashes, entities, and extraneous whitespace.
    776. 

  776.      */
    777. 

  777.     $contentTemp = $content;
    778. 

  778.     tln_defang($contentTemp);
    779. 

  779.     tln_unspace($contentTemp);
    780. 

  780. 

  781.     $match   = Array('/\/\*.*\*\//',
    782. 

  782.                     '/expression/i',
    783. 

  783.                     '/behaviou*r/i',
    784. 

  784.                     '/binding/i',
    785. 

  785.                     '/include-source/i',
    786. 

  786.                     '/javascript/i',
    787. 

  787.                     '/script/i',
    788. 

  788.                     '/position/i');
    789. 

  789.     $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', '');
    790. 

  790.     $contentNew = preg_replace($match, $replace, $contentTemp);
    791. 

  791.     if ($contentNew !== $contentTemp) {
    792. 

  792.         $content = $contentNew;
    793. 

  793.     }
    794. 

  794.     return array($content, $newpos);
    795. 

  795. }
    796. 

  796. 

  797. function tln_body2div($attary, $trans_image_path)
    798. 

  798. {
    799. 

  799.     $me = 'tln_body2div';
    800. 

  800.     $divattary = array('class' => "'bodyclass'");
    801. 

  801.     $text = '#000000';
    802. 

  802.     $has_bgc_stl = $has_txt_stl = false;
    803. 

  803.     $styledef = '';
    804. 

  804.     if (is_array($attary) && sizeof($attary) > 0){
    805. 

  805.         foreach ($attary as $attname=>$attvalue){
    806. 

  806.             $quotchar = substr($attvalue, 0, 1);
    807. 

  807.             $attvalue = str_replace($quotchar, "", $attvalue);
    808. 

  808.             switch ($attname){
    809. 

  809.                 case 'background':
    810. 

  810.                     $styledef .= "background-image: url('$trans_image_path'); ";
    811. 

  811.                     break;
    812. 

  812.                 case 'bgcolor':
    813. 

  813.                     $has_bgc_stl = true;
    814. 

  814.                     $styledef .= "background-color: $attvalue; ";
    815. 

  815.                     break;
    816. 

  816.                 case 'text':
    817. 

  817.                     $has_txt_stl = true;
    818. 

  818.                     $styledef .= "color: $attvalue; ";
    819. 

  819.                     break;
    820. 

  820.             }
    821. 

  821.         }
    822. 

  822.         // Outlook defines a white bgcolor and no text color. This can lead to
    823. 

  823.         // white text on a white bg with certain themes.
    824. 

  824.         if ($has_bgc_stl && !$has_txt_stl) {
    825. 

  825.             $styledef .= "color: $text; ";
    826. 

  826.         }
    827. 

  827.         if (strlen($styledef) > 0){
    828. 

  828.             $divattary{"style"} = "\"$styledef\"";
    829. 

  829.         }
    830. 

  830.     }
    831. 

  831.     return $divattary;
    832. 

  832. }
    833. 

  833. 

  834. /**
    835. 

  835.  *
    836. 

  836.  * @param string $body                    The HTML you wish to filter
    837. 

  837.  * @param array $tag_list                see description above
    838. 

  838.  * @param array $rm_tags_with_content see description above
    839. 

  839.  * @param array $self_closing_tags    see description above
    840. 

  840.  * @param boolean $force_tag_closing    see description above
    841. 

  841.  * @param array $rm_attnames            see description above
    842. 

  842.  * @param array $bad_attvals            see description above
    843. 

  843.  * @param array $add_attr_to_tag        see description above
    844. 

  844.  * @param string $trans_image_path
    845. 

  845.  * @param boolean $block_external_images
    846. 

  846. 

  847.  * @return string                       Sanitized html safe to show on your pages.
    848. 

  848.  */
    849. 

  849. function tln_sanitize(
    850. 

  850.     $body,
    851. 

  851.     $tag_list,
    852. 

  852.     $rm_tags_with_content,
    853. 

  853.     $self_closing_tags,
    854. 

  854.     $force_tag_closing,
    855. 

  855.     $rm_attnames,
    856. 

  856.     $bad_attvals,
    857. 

  857.     $add_attr_to_tag,
    858. 

  858.     $trans_image_path,
    859. 

  859.     $block_external_images
    860. 

  860. ) {
    861. 

  861.     /**
    862. 

  862.      * Normalize rm_tags and rm_tags_with_content.
    863. 

  863.      */
    864. 

  864.     $rm_tags = array_shift($tag_list);
    865. 

  865.     @array_walk($tag_list, 'tln_casenormalize');
    866. 

  866.     @array_walk($rm_tags_with_content, 'tln_casenormalize');
    867. 

  867.     @array_walk($self_closing_tags, 'tln_casenormalize');
    868. 

  868.     /**
    869. 

  869.      * See if tag_list is of tags to remove or tags to allow.
    870. 

  870.      * false  means remove these tags
    871. 

  871.      * true	  means allow these tags
    872. 

  872.      */
    873. 

  873.     $curpos = 0;
    874. 

  874.     $open_tags = array();
    875. 

  875.     $trusted = "<!-- begin tln_sanitized html -->\n";
    876. 

  876.     $skip_content = false;
    877. 

  877.     /**
    878. 

  878.      * Take care of netscape's stupid javascript entities like
    879. 

  879.      * &{alert('boo')};
    880. 

  880.      */
    881. 

  881.     $body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body);
    882. 

  882.     while (($curtag = tln_getnxtag($body, $curpos)) != false) {
    883. 

  883.         list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
    884. 

  884.         $free_content = substr($body, $curpos, $lt-$curpos);
    885. 

  885.         /**
    886. 

  886.          * Take care of <style>
    887. 

  887.          */
    888. 

  888.         if ($tagname == "style" && $tagtype == 1){
    889. 

  889.             list($free_content, $curpos) =
    890. 

  890.                 tln_fixstyle($body, $gt+1, $trans_image_path, $block_external_images);
    891. 

  891.             if ($free_content != FALSE){
    892. 

  892.                 if ( !empty($attary) ) {
    893. 

  893.                     $attary = tln_fixatts($tagname,
    894. 

  894.                                          $attary,
    895. 

  895.                                          $rm_attnames,
    896. 

  896.                                          $bad_attvals,
    897. 

  897.                                          $add_attr_to_tag,
    898. 

  898.                                          $trans_image_path,
    899. 

  899.                                          $block_external_images
    900. 

  900.                                          );
    901. 

  901.                 }
    902. 

  902.                 $trusted .= tln_tagprint($tagname, $attary, $tagtype);
    903. 

  903.                 $trusted .= $free_content;
    904. 

  904.                 $trusted .= tln_tagprint($tagname, false, 2);
    905. 

  905.             }
    906. 

  906.             continue;
    907. 

  907.         }
    908. 

  908.         if ($skip_content == false){
    909. 

  909.             $trusted .= $free_content;
    910. 

  910.         }
    911. 

  911.         if ($tagname != false) {
    912. 

  912.             if ($tagtype == 2) {
    913. 

  913.                 if ($skip_content == $tagname) {
    914. 

  914.                     /**
    915. 

  915.                      * Got to the end of tag we needed to remove.
    916. 

  916.                      */
    917. 

  917.                     $tagname = false;
    918. 

  918.                     $skip_content = false;
    919. 

  919.                 } else {
    920. 

  920.                     if ($skip_content == false) {
    921. 

  921.                         if ($tagname == "body") {
    922. 

  922.                             $tagname = "div";
    923. 

  923.                         }
    924. 

  924.                         if (isset($open_tags{$tagname}) &&
    925. 

  925.                             $open_tags{$tagname} > 0
    926. 

  926.                         ) {
    927. 

  927.                             $open_tags{$tagname}--;
    928. 

  928.                         } else {
    929. 

  929.                             $tagname = false;
    930. 

  930.                         }
    931. 

  931.                     }
    932. 

  932.                 }
    933. 

  933.             } else {
    934. 

  934.                 /**
    935. 

  935.                  * $rm_tags_with_content
    936. 

  936.                  */
    937. 

  937.                 if ($skip_content == false) {
    938. 

  938.                     /**
    939. 

  939.                      * See if this is a self-closing type and change
    940. 

  940.                      * tagtype appropriately.
    941. 

  941.                      */
    942. 

  942.                     if ($tagtype == 1
    943. 

  943.                         && in_array($tagname, $self_closing_tags)
    944. 

  944.                     ) {
    945. 

  945.                         $tagtype = 3;
    946. 

  946.                     }
    947. 

  947.                     /**
    948. 

  948.                      * See if we should skip this tag and any content
    949. 

  949.                      * inside it.
    950. 

  950.                      */
    951. 

  951.                     if ($tagtype == 1
    952. 

  952.                         && in_array($tagname, $rm_tags_with_content)
    953. 

  953.                     ) {
    954. 

  954.                         $skip_content = $tagname;
    955. 

  955.                     } else {
    956. 

  956.                         if (($rm_tags == false
    957. 

  957.                              && in_array($tagname, $tag_list)) ||
    958. 

  958.                             ($rm_tags == true
    959. 

  959.                                 && !in_array($tagname, $tag_list))
    960. 

  960.                         ) {
    961. 

  961.                             $tagname = false;
    962. 

  962.                         } else {
    963. 

  963.                             /**
    964. 

  964.                              * Convert body into div.
    965. 

  965.                              */
    966. 

  966.                             if ($tagname == "body"){
    967. 

  967.                                 $tagname = "div";
    968. 

  968.                                 $attary = tln_body2div($attary, $trans_image_path);
    969. 

  969.                             }
    970. 

  970.                             if ($tagtype == 1) {
    971. 

  971.                                 if (isset($open_tags{$tagname})) {
    972. 

  972.                                     $open_tags{$tagname}++;
    973. 

  973.                                 } else {
    974. 

  974.                                     $open_tags{$tagname} = 1;
    975. 

  975.                                 }
    976. 

  976.                             }
    977. 

  977.                             /**
    978. 

  978.                              * This is where we run other checks.
    979. 

  979.                              */
    980. 

  980.                             if (is_array($attary) && sizeof($attary) > 0) {
    981. 

  981.                                 $attary = tln_fixatts(
    982. 

  982.                                     $tagname,
    983. 

  983.                                     $attary,
    984. 

  984.                                     $rm_attnames,
    985. 

  985.                                     $bad_attvals,
    986. 

  986.                                     $add_attr_to_tag,
    987. 

  987.                                     $trans_image_path,
    988. 

  988.                                     $block_external_images
    989. 

  989.                                 );
    990. 

  990.                             }
    991. 

  991.                         }
    992. 

  992.                     }
    993. 

  993.                 }
    994. 

  994.             }
    995. 

  995.             if ($tagname != false && $skip_content == false) {
    996. 

  996.                 $trusted .= tln_tagprint($tagname, $attary, $tagtype);
    997. 

  997.             }
    998. 

  998.         }
    999. 

  999.         $curpos = $gt + 1;
    1000. 

  1000.     }
    1001. 

  1001.     $trusted .= substr($body, $curpos, strlen($body) - $curpos);
    1002. 

  1002.     if ($force_tag_closing == true) {
    1003. 

  1003.         foreach ($open_tags as $tagname => $opentimes) {
    1004. 

  1004.             while ($opentimes > 0) {
    1005. 

  1005.                 $trusted .= '</' . $tagname . '>';
    1006. 

  1006.                 $opentimes--;
    1007. 

  1007.             }
    1008. 

  1008.         }
    1009. 

  1009.         $trusted .= "\n";
    1010. 

  1010.     }
    1011. 

  1011.     $trusted .= "<!-- end tln_sanitized html -->\n";
    1012. 

  1012.     return $trusted;
    1013. 

  1013. }
    1014. 

  1014. 

  1015. //
    1016. 

  1016. // Use the nifty htmlfilter library
    1017. 

  1017. //
    1018. 

  1018. 

  1019. 

  1020. function HTMLFilter($body, $trans_image_path, $block_external_images = false)
    1021. 

  1021. {
    1022. 

  1022. 

  1023.     $tag_list = array(
    1024. 

  1024.         false,
    1025. 

  1025.         "object",
    1026. 

  1026.         "meta",
    1027. 

  1027.         "html",
    1028. 

  1028.         "head",
    1029. 

  1029.         "base",
    1030. 

  1030.         "link",
    1031. 

  1031.         "frame",
    1032. 

  1032.         "iframe",
    1033. 

  1033.         "plaintext",
    1034. 

  1034.         "marquee"
    1035. 

  1035.     );
    1036. 

  1036. 

  1037.     $rm_tags_with_content = array(
    1038. 

  1038.         "script",
    1039. 

  1039.         "applet",
    1040. 

  1040.         "embed",
    1041. 

  1041.         "title",
    1042. 

  1042.         "frameset",
    1043. 

  1043.         "xmp",
    1044. 

  1044.         "xml"
    1045. 

  1045.     );
    1046. 

  1046. 

  1047.     $self_closing_tags =  array(
    1048. 

  1048.         "img",
    1049. 

  1049.         "br",
    1050. 

  1050.         "hr",
    1051. 

  1051.         "input",
    1052. 

  1052.         "outbind"
    1053. 

  1053.     );
    1054. 

  1054. 

  1055.     $force_tag_closing = true;
    1056. 

  1056. 

  1057.     $rm_attnames = array(
    1058. 

  1058.         "/.*/" =>
    1059. 

  1059.             array(
    1060. 

  1060.                 // "/target/i",
    1061. 

  1061.                 "/^on.*/i",
    1062. 

  1062.                 "/^dynsrc/i",
    1063. 

  1063.                 "/^data.*/i",
    1064. 

  1064.                 "/^lowsrc.*/i"
    1065. 

  1065.             )
    1066. 

  1066.     );
    1067. 

  1067. 

  1068.     $bad_attvals = array(
    1069. 

  1069.         "/.*/" =>
    1070. 

  1070.         array(
    1071. 

  1071.             "/^src|background/i" =>
    1072. 

  1072.             array(
    1073. 

  1073.                 array(
    1074. 

  1074.                     '/^([\'"])\s*\S+script\s*:.*([\'"])/si',
    1075. 

  1075.                     '/^([\'"])\s*mocha\s*:*.*([\'"])/si',
    1076. 

  1076.                     '/^([\'"])\s*about\s*:.*([\'"])/si'
    1077. 

  1077.                 ),
    1078. 

  1078.                 array(
    1079. 

  1079.                     "\\1$trans_image_path\\2",
    1080. 

  1080.                     "\\1$trans_image_path\\2",
    1081. 

  1081.                     "\\1$trans_image_path\\2"
    1082. 

  1082.                 )
    1083. 

  1083.             ),
    1084. 

  1084.             "/^href|action/i" =>
    1085. 

  1085.             array(
    1086. 

  1086.                 array(
    1087. 

  1087.                     '/^([\'"])\s*\S+script\s*:.*([\'"])/si',
    1088. 

  1088.                     '/^([\'"])\s*mocha\s*:*.*([\'"])/si',
    1089. 

  1089.                     '/^([\'"])\s*about\s*:.*([\'"])/si'
    1090. 

  1090.                 ),
    1091. 

  1091.                 array(
    1092. 

  1092.                     "\\1#\\1",
    1093. 

  1093.                     "\\1#\\1",
    1094. 

  1094.                     "\\1#\\1"
    1095. 

  1095.                 )
    1096. 

  1096.             ),
    1097. 

  1097.             "/^style/i" =>
    1098. 

  1098.             array(
    1099. 

  1099.                 array(
    1100. 

  1100.                     "/\/\*.*\*\//",
    1101. 

  1101.                     "/expression/i",
    1102. 

  1102.                     "/binding/i",
    1103. 

  1103.                     "/behaviou*r/i",
    1104. 

  1104.                     "/include-source/i",
    1105. 

  1105.                     '/position\s*:/i',
    1106. 

  1106.                     '/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i',
    1107. 

  1107.                     '/url\s*\(\s*([\'"])\s*\S+script\s*:.*([\'"])\s*\)/si',
    1108. 

  1108.                     '/url\s*\(\s*([\'"])\s*mocha\s*:.*([\'"])\s*\)/si',
    1109. 

  1109.                     '/url\s*\(\s*([\'"])\s*about\s*:.*([\'"])\s*\)/si',
    1110. 

  1110.                     '/(.*)\s*:\s*url\s*\(\s*([\'"]*)\s*\S+script\s*:.*([\'"]*)\s*\)/si'
    1111. 

  1111.                 ),
    1112. 

  1112.                 array(
    1113. 

  1113.                     "",
    1114. 

  1114.                     "idiocy",
    1115. 

  1115.                     "idiocy",
    1116. 

  1116.                     "idiocy",
    1117. 

  1117.                     "idiocy",
    1118. 

  1118.                     "idiocy",
    1119. 

  1119.                     "url",
    1120. 

  1120.                     "url(\\1#\\1)",
    1121. 

  1121.                     "url(\\1#\\1)",
    1122. 

  1122.                     "url(\\1#\\1)",
    1123. 

  1123.                     "\\1:url(\\2#\\3)"
    1124. 

  1124.                 )
    1125. 

  1125.             )
    1126. 

  1126.         )
    1127. 

  1127.     );
    1128. 

  1128. 

  1129.     if ($block_external_images) {
    1130. 

  1130.         array_push(
    1131. 

  1131.             $bad_attvals{'/.*/'}{'/^src|background/i'}[0],
    1132. 

  1132.             '/^([\'\"])\s*https*:.*([\'\"])/si'
    1133. 

  1133.         );
    1134. 

  1134.         array_push(
    1135. 

  1135.             $bad_attvals{'/.*/'}{'/^src|background/i'}[1],
    1136. 

  1136.             "\\1$trans_image_path\\1"
    1137. 

  1137.         );
    1138. 

  1138.         array_push(
    1139. 

  1139.             $bad_attvals{'/.*/'}{'/^style/i'}[0],
    1140. 

  1140.             '/url\(([\'\"])\s*https*:.*([\'\"])\)/si'
    1141. 

  1141.         );
    1142. 

  1142.         array_push(
    1143. 

  1143.             $bad_attvals{'/.*/'}{'/^style/i'}[1],
    1144. 

  1144.             "url(\\1$trans_image_path\\1)"
    1145. 

  1145.         );
    1146. 

  1146.     }
    1147. 

  1147. 

  1148.     $add_attr_to_tag = array(
    1149. 

  1149.         "/^a$/i" =>
    1150. 

  1150.             array('target' => '"_blank"')
    1151. 

  1151.     );
    1152. 

  1152. 

  1153.     $trusted = tln_sanitize(
    1154. 

  1154.         $body,
    1155. 

  1155.         $tag_list,
    1156. 

  1156.         $rm_tags_with_content,
    1157. 

  1157.         $self_closing_tags,
    1158. 

  1158.         $force_tag_closing,
    1159. 

  1159.         $rm_attnames,
    1160. 

  1160.         $bad_attvals,
    1161. 

  1161.         $add_attr_to_tag,
    1162. 

  1162.         $trans_image_path,
    1163. 

  1163.         $block_external_images
    1164. 

  1164.     );
    1165. 

  1165.     return $trusted;
    1166. 

  1166. }
    1167.