Files @ 3be168914a12
Branch filter:

Location: DistRen/htdocs/sql/libraries/sanitizing.lib.php - annotation

3be168914a12 2.0 KiB text/x-php Show Source Show as Raw Download as Raw
ethanzonca
Added web interface fileshg commit -h
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12
3be168914a12

<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 *
 * @version $Id: sanitizing.lib.php 10298 2007-04-17 17:08:12Z lem9 $
 */

/**
 * Sanitizes $message, taking into account our special codes
 * for formatting
 *
 * @uses    preg_replace()
 * @uses    strtr()
 * @param   string   the message
 *
 * @return  string   the sanitized message
 *
 * @access  public
 */
function PMA_sanitize($message)
{
    $replace_pairs = array(
        '<'         => '&lt;',
        '>'         => '&gt;',
        '[i]'       => '<em>',      // deprecated by em
        '[/i]'      => '</em>',     // deprecated by em
        '[em]'      => '<em>',
        '[/em]'     => '</em>',
        '[b]'       => '<strong>',  // deprecated by strong
        '[/b]'      => '</strong>', // deprecated by strong
        '[strong]'  => '<strong>',
        '[/strong]' => '</strong>',
        '[tt]'      => '<code>',    // deprecated by CODE or KBD
        '[/tt]'     => '</code>',   // deprecated by CODE or KBD
        '[code]'    => '<code>',
        '[/code]'   => '</code>',
        '[kbd]'     => '<kbd>',
        '[/kbd]'    => '</kbd>',
        '[br]'      => '<br />',
        '[/a]'      => '</a>',
        '[sup]'      => '<sup>',
        '[/sup]'      => '</sup>',
    );
    $message = strtr($message, $replace_pairs);

    $pattern = '/\[a@([^"@]*)@([^]"]*)\]/';

    if (preg_match_all($pattern, $message, $founds, PREG_SET_ORDER)) {
        $valid_links = array(
            'http',  // default http:// links (and https://)
            './Do',  // ./Documentation
        );

        foreach ($founds as $found) {
            // only http... and ./Do... allowed
            if (! in_array(substr($found[1], 0, 4), $valid_links)) {
                return $message;
            }
            // a-z and _ allowed in target
            if (! empty($found[2]) && preg_match('/[^a-z_]+/i', $found[2])) {
                return $message;
            }
        }

        $message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
    }

    return $message;
}
?>
Server instance: zserverv-307515 This site is powered by Kallithea, which is © 2010–2021 by various authors & licensed under GPLv3. – Support