[2] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | * This is a fork of a slick piece of procedural code called 'kses' written by Ulf Harnhammar |
---|
| 4 | * The entire set of functions was wrapped in a PHP object with some internal modifications |
---|
| 5 | * by Richard Vasquez (http://www.chaos.org/) 7/25/2003 |
---|
| 6 | * |
---|
| 7 | * The original (procedural) version of the code can be found at: |
---|
| 8 | * http://sourceforge.net/projects/kses/ |
---|
| 9 | * |
---|
| 10 | * [kses strips evil scripts!] |
---|
| 11 | * |
---|
| 12 | * ========================================================================================== |
---|
| 13 | * |
---|
| 14 | * class.kses.php 0.0.2 - PHP class that filters HTML/XHTML only allowing some elements and |
---|
| 15 | * attributes to be passed through. |
---|
| 16 | * |
---|
| 17 | * Copyright (C) 2003 Richard R. Vasquez, Jr. |
---|
| 18 | * |
---|
| 19 | * Derived from kses 0.2.1 - HTML/XHTML filter that only allows some elements and attributes |
---|
| 20 | * Copyright (C) 2002, 2003 Ulf Harnhammar |
---|
| 21 | * |
---|
| 22 | * ========================================================================================== |
---|
| 23 | * |
---|
| 24 | * This program is free software and open source software; you can redistribute |
---|
| 25 | * it and/or modify it under the terms of the GNU General Public License as |
---|
| 26 | * published by the Free Software Foundation; either version 2 of the License, |
---|
| 27 | * or (at your option) any later version. |
---|
| 28 | * |
---|
| 29 | * This program is distributed in the hope that it will be useful, but WITHOUT |
---|
| 30 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
---|
| 31 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for |
---|
| 32 | * more details. |
---|
| 33 | * |
---|
| 34 | * You should have received a copy of the GNU General Public License along |
---|
| 35 | * with this program; if not, write to the Free Software Foundation, Inc., |
---|
| 36 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA or visit |
---|
| 37 | * http://www.gnu.org/licenses/gpl.html |
---|
| 38 | * |
---|
| 39 | * ========================================================================================== |
---|
| 40 | * CONTACT INFORMATION: |
---|
| 41 | * |
---|
| 42 | * Email: View current valid email address at http://www.chaos.org/contact/ |
---|
| 43 | */ |
---|
| 44 | |
---|
| 45 | class kses |
---|
| 46 | { |
---|
| 47 | var $allowed_protocols = array('http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'gopher', 'mailto'); |
---|
| 48 | var $allowed_html = array(); |
---|
| 49 | |
---|
| 50 | function kses() |
---|
| 51 | { |
---|
| 52 | } |
---|
| 53 | |
---|
| 54 | function Parse($string = "") |
---|
| 55 | { |
---|
| 56 | if (get_magic_quotes_gpc()) |
---|
| 57 | { |
---|
| 58 | $string = stripslashes($string); |
---|
| 59 | } |
---|
| 60 | $string = $this->_no_null($string); |
---|
| 61 | $string = $this->_js_entities($string); |
---|
| 62 | $string = $this->_normalize_entities($string); |
---|
| 63 | $string = $this->_hook($string); |
---|
| 64 | return $this->_split($string); |
---|
| 65 | } |
---|
| 66 | |
---|
| 67 | function Protocols() |
---|
| 68 | { |
---|
| 69 | $c_args = func_num_args(); |
---|
| 70 | if($c_args != 1) |
---|
| 71 | { |
---|
| 72 | return false; |
---|
| 73 | } |
---|
| 74 | |
---|
| 75 | $protocol_data = func_get_arg(0); |
---|
| 76 | |
---|
| 77 | if(is_array($protocol_data)) |
---|
| 78 | { |
---|
| 79 | foreach($protocol_data as $protocol) |
---|
| 80 | { |
---|
| 81 | $this->AddProtocol($protocol); |
---|
| 82 | } |
---|
| 83 | } |
---|
| 84 | elseif(is_string($protocol_data)) |
---|
| 85 | { |
---|
| 86 | $this->AddProtocol($protocol_data); |
---|
| 87 | return true; |
---|
| 88 | } |
---|
| 89 | else |
---|
| 90 | { |
---|
| 91 | trigger_error("kses::Protocols() did not receive a string or an array.", E_USER_WARNING); |
---|
| 92 | return false; |
---|
| 93 | } |
---|
| 94 | } |
---|
| 95 | |
---|
| 96 | function AddProtocol($protocol = "") |
---|
| 97 | { |
---|
| 98 | if(!is_string($protocol)) |
---|
| 99 | { |
---|
| 100 | trigger_error("kses::AddProtocol() requires a string.", E_USER_WARNING); |
---|
| 101 | return false; |
---|
| 102 | } |
---|
| 103 | |
---|
| 104 | $protocol = strtolower(trim($protocol)); |
---|
| 105 | if($protocol == "") |
---|
| 106 | { |
---|
| 107 | trigger_error("kses::AddProtocol() tried to add an empty/NULL protocol.", E_USER_WARNING); |
---|
| 108 | return false; |
---|
| 109 | } |
---|
| 110 | |
---|
| 111 | // Remove any inadvertent ':' at the end of the protocol. |
---|
| 112 | if(substr($protocol, strlen($protocol) - 1, 1) == ":") |
---|
| 113 | { |
---|
| 114 | $protocol = substr($protocol, 0, strlen($protocol) - 1); |
---|
| 115 | } |
---|
| 116 | |
---|
| 117 | if(!in_array($protocol, $this->allowed_protocols)) |
---|
| 118 | { |
---|
| 119 | array_push($this->allowed_protocols, $protocol); |
---|
| 120 | sort($this->allowed_protocols); |
---|
| 121 | } |
---|
| 122 | return true; |
---|
| 123 | } |
---|
| 124 | |
---|
| 125 | function AddHTML($tag = "", $attribs = array()) |
---|
| 126 | { |
---|
| 127 | if(!is_string($tag)) |
---|
| 128 | { |
---|
| 129 | trigger_error("kses::AddHTML() requires the tag to be a string", E_USER_WARNING); |
---|
| 130 | return false; |
---|
| 131 | } |
---|
| 132 | |
---|
| 133 | $tag = strtolower(trim($tag)); |
---|
| 134 | if($tag == "") |
---|
| 135 | { |
---|
| 136 | trigger_error("kses::AddHTML() tried to add an empty/NULL tag", E_USER_WARNING); |
---|
| 137 | return false; |
---|
| 138 | } |
---|
| 139 | |
---|
| 140 | if(!is_array($attribs)) |
---|
| 141 | { |
---|
| 142 | trigger_error("kses::AddHTML() requires an array (even an empty one) of attributes for '$tag'", E_USER_WARNING); |
---|
| 143 | return false; |
---|
| 144 | } |
---|
| 145 | |
---|
| 146 | $new_attribs = array(); |
---|
| 147 | foreach($attribs as $idx1 => $val1) |
---|
| 148 | { |
---|
| 149 | $new_idx1 = strtolower($idx1); |
---|
| 150 | $new_val1 = $attribs[$idx1]; |
---|
| 151 | |
---|
| 152 | if(is_array($new_val1)) |
---|
| 153 | { |
---|
| 154 | $tmp_val = array(); |
---|
| 155 | foreach($new_val1 as $idx2 => $val2) |
---|
| 156 | { |
---|
| 157 | $new_idx2 = strtolower($idx2); |
---|
| 158 | $tmp_val[$new_idx2] = $val2; |
---|
| 159 | } |
---|
| 160 | $new_val1 = $tmp_val; |
---|
| 161 | } |
---|
| 162 | |
---|
| 163 | $new_attribs[$new_idx1] = $new_val1; |
---|
| 164 | } |
---|
| 165 | |
---|
| 166 | $this->allowed_html[$tag] = $new_attribs; |
---|
| 167 | return true; |
---|
| 168 | } |
---|
| 169 | |
---|
| 170 | ############################################################################### |
---|
| 171 | # This function removes any NULL or chr(173) characters in $string. |
---|
| 172 | ############################################################################### |
---|
| 173 | function _no_null($string) |
---|
| 174 | { |
---|
| 175 | $string = preg_replace('/\0+/', '', $string); |
---|
| 176 | $string = preg_replace('/(\\\\0)+/', '', $string); |
---|
| 177 | # commented out, because it breaks chinese chars |
---|
| 178 | #$string = preg_replace('/\xad+/', '', $string); # deals with Opera "feature" |
---|
| 179 | return $string; |
---|
| 180 | } # function _no_null |
---|
| 181 | |
---|
| 182 | ############################################################################### |
---|
| 183 | # This function removes the HTML JavaScript entities found in early versions of |
---|
| 184 | # Netscape 4. |
---|
| 185 | ############################################################################### |
---|
| 186 | function _js_entities($string) |
---|
| 187 | { |
---|
| 188 | return preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string); |
---|
| 189 | } # function _js_entities |
---|
| 190 | |
---|
| 191 | |
---|
| 192 | ############################################################################### |
---|
| 193 | # This function normalizes HTML entities. It will convert "AT&T" to the correct |
---|
| 194 | # "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on. |
---|
| 195 | ############################################################################### |
---|
| 196 | function _normalize_entities($string) |
---|
| 197 | { |
---|
| 198 | # Disarm all entities by converting & to & |
---|
| 199 | $string = str_replace('&', '&', $string); |
---|
| 200 | |
---|
| 201 | # Change back the allowed entities in our entity white list |
---|
| 202 | |
---|
| 203 | $string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string); |
---|
| 204 | $string = preg_replace('/&#0*([0-9]{1,5});/e', '\$this->_normalize_entities2("\\1")', $string); |
---|
| 205 | $string = preg_replace('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', '&#\\1\\2;', $string); |
---|
| 206 | |
---|
| 207 | return $string; |
---|
| 208 | } # function _normalize_entities |
---|
| 209 | |
---|
| 210 | |
---|
| 211 | ############################################################################### |
---|
| 212 | # This function helps _normalize_entities() to only accept 16 bit values |
---|
| 213 | # and nothing more for &#number; entities. |
---|
| 214 | ############################################################################### |
---|
| 215 | function _normalize_entities2($i) |
---|
| 216 | { |
---|
| 217 | return (($i > 65535) ? "&#$i;" : "&#$i;"); |
---|
| 218 | } # function _normalize_entities2 |
---|
| 219 | |
---|
| 220 | ############################################################################### |
---|
| 221 | # You add any kses hooks here. |
---|
| 222 | ############################################################################### |
---|
| 223 | function _hook($string) |
---|
| 224 | { |
---|
| 225 | return $string; |
---|
| 226 | } # function _hook |
---|
| 227 | |
---|
| 228 | ############################################################################### |
---|
| 229 | # This function goes through an array, and changes the keys to all lower case. |
---|
| 230 | ############################################################################### |
---|
| 231 | function _array_lc($inarray) |
---|
| 232 | { |
---|
| 233 | $outarray = array(); |
---|
| 234 | |
---|
| 235 | foreach ($inarray as $inkey => $inval) |
---|
| 236 | { |
---|
| 237 | $outkey = strtolower($inkey); |
---|
| 238 | $outarray[$outkey] = array(); |
---|
| 239 | |
---|
| 240 | foreach ($inval as $inkey2 => $inval2) |
---|
| 241 | { |
---|
| 242 | $outkey2 = strtolower($inkey2); |
---|
| 243 | $outarray[$outkey][$outkey2] = $inval2; |
---|
| 244 | } # foreach $inval |
---|
| 245 | } # foreach $inarray |
---|
| 246 | |
---|
| 247 | return $outarray; |
---|
| 248 | } # function _array_lc |
---|
| 249 | |
---|
| 250 | ############################################################################### |
---|
| 251 | # This function searches for HTML tags, no matter how malformed. It also |
---|
| 252 | # matches stray ">" characters. |
---|
| 253 | ############################################################################### |
---|
| 254 | function _split($string) |
---|
| 255 | { |
---|
| 256 | return preg_replace( |
---|
| 257 | '%(<'. # EITHER: < |
---|
| 258 | '[^>]*'. # things that aren't > |
---|
| 259 | '(>|$)'. # > or end of string |
---|
| 260 | '|>)%e', # OR: just a > |
---|
| 261 | "\$this->_split2('\\1')", |
---|
| 262 | $string); |
---|
| 263 | } # function _split |
---|
| 264 | |
---|
| 265 | function _split2($string) |
---|
| 266 | ############################################################################### |
---|
| 267 | # This function does a lot of work. It rejects some very malformed things |
---|
| 268 | # like <:::>. It returns an empty string, if the element isn't allowed (look |
---|
| 269 | # ma, no strip_tags()!). Otherwise it splits the tag into an element and an |
---|
| 270 | # attribute list. |
---|
| 271 | ############################################################################### |
---|
| 272 | { |
---|
| 273 | $string = $this->_stripslashes($string); |
---|
| 274 | |
---|
| 275 | if (substr($string, 0, 1) != '<') |
---|
| 276 | { |
---|
| 277 | # It matched a ">" character |
---|
| 278 | return '>'; |
---|
| 279 | } |
---|
| 280 | |
---|
| 281 | if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches)) |
---|
| 282 | { |
---|
| 283 | # It's seriously malformed |
---|
| 284 | return ''; |
---|
| 285 | } |
---|
| 286 | |
---|
| 287 | $slash = trim($matches[1]); |
---|
| 288 | $elem = $matches[2]; |
---|
| 289 | $attrlist = $matches[3]; |
---|
| 290 | |
---|
| 291 | if (!is_array($this->allowed_html[strtolower($elem)])) |
---|
| 292 | { |
---|
| 293 | # They are using a not allowed HTML element |
---|
| 294 | return ''; |
---|
| 295 | } |
---|
| 296 | |
---|
| 297 | return $this->_attr("$slash$elem", $attrlist); |
---|
| 298 | } # function _split2 |
---|
| 299 | |
---|
| 300 | ############################################################################### |
---|
| 301 | # This function removes all attributes, if none are allowed for this element. |
---|
| 302 | # If some are allowed it calls s_hair() to split them further, and then it |
---|
| 303 | # builds up new HTML code from the data that _hair() returns. It also |
---|
| 304 | # removes "<" and ">" characters, if there are any left. One more thing it |
---|
| 305 | # does is to check if the tag has a closing XHTML slash, and if it does, |
---|
| 306 | # it puts one in the returned code as well. |
---|
| 307 | ############################################################################### |
---|
| 308 | function _attr($element, $attr) |
---|
| 309 | { |
---|
| 310 | # Is there a closing XHTML slash at the end of the attributes? |
---|
| 311 | $xhtml_slash = ''; |
---|
| 312 | if (preg_match('%\s/\s*$%', $attr)) |
---|
| 313 | { |
---|
| 314 | $xhtml_slash = ' /'; |
---|
| 315 | } |
---|
| 316 | |
---|
| 317 | # Are any attributes allowed at all for this element? |
---|
| 318 | if (count($this->allowed_html[strtolower($element)]) == 0) |
---|
| 319 | { |
---|
| 320 | return "<$element$xhtml_slash>"; |
---|
| 321 | } |
---|
| 322 | |
---|
| 323 | # Split it |
---|
| 324 | $attrarr = $this->_hair($attr); |
---|
| 325 | |
---|
| 326 | # Go through $attrarr, and save the allowed attributes for this element |
---|
| 327 | # in $attr2 |
---|
| 328 | $attr2 = ''; |
---|
| 329 | foreach ($attrarr as $arreach) |
---|
| 330 | { |
---|
| 331 | $current = $this->allowed_html[strtolower($element)][strtolower($arreach['name'])]; |
---|
| 332 | if ($current == '') |
---|
| 333 | { |
---|
| 334 | # the attribute is not allowed |
---|
| 335 | continue; |
---|
| 336 | } |
---|
| 337 | |
---|
| 338 | if (!is_array($current)) |
---|
| 339 | { |
---|
| 340 | # there are no checks |
---|
| 341 | $attr2 .= ' '.$arreach['whole']; |
---|
| 342 | } |
---|
| 343 | else |
---|
| 344 | { |
---|
| 345 | # there are some checks |
---|
| 346 | $ok = true; |
---|
| 347 | foreach ($current as $currkey => $currval) |
---|
| 348 | { |
---|
| 349 | if (!$this->_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval)) |
---|
| 350 | { |
---|
| 351 | $ok = false; |
---|
| 352 | break; |
---|
| 353 | } |
---|
| 354 | } |
---|
| 355 | |
---|
| 356 | if ($ok) |
---|
| 357 | { |
---|
| 358 | # it passed them |
---|
| 359 | $attr2 .= ' '.$arreach['whole']; |
---|
| 360 | } |
---|
| 361 | } # if !is_array($current) |
---|
| 362 | } # foreach |
---|
| 363 | |
---|
| 364 | # Remove any "<" or ">" characters |
---|
| 365 | $attr2 = preg_replace('/[<>]/', '', $attr2); |
---|
| 366 | return "<$element$attr2$xhtml_slash>"; |
---|
| 367 | } # function _attr |
---|
| 368 | |
---|
| 369 | ############################################################################### |
---|
| 370 | # This function does a lot of work. It parses an attribute list into an array |
---|
| 371 | # with attribute data, and tries to do the right thing even if it gets weird |
---|
| 372 | # input. It will add quotes around attribute values that don't have any quotes |
---|
| 373 | # or apostrophes around them, to make it easier to produce HTML code that will |
---|
| 374 | # conform to W3C's HTML specification. It will also remove bad URL protocols |
---|
| 375 | # from attribute values. |
---|
| 376 | ############################################################################### |
---|
| 377 | function _hair($attr) |
---|
| 378 | { |
---|
| 379 | $attrarr = array(); |
---|
| 380 | $mode = 0; |
---|
| 381 | $attrname = ''; |
---|
| 382 | |
---|
| 383 | # Loop through the whole attribute list |
---|
| 384 | |
---|
| 385 | while (strlen($attr) != 0) |
---|
| 386 | { |
---|
| 387 | # Was the last operation successful? |
---|
| 388 | $working = 0; |
---|
| 389 | |
---|
| 390 | switch ($mode) |
---|
| 391 | { |
---|
| 392 | case 0: # attribute name, href for instance |
---|
| 393 | if (preg_match('/^([-a-zA-Z]+)/', $attr, $match)) |
---|
| 394 | { |
---|
| 395 | $attrname = $match[1]; |
---|
| 396 | $working = $mode = 1; |
---|
| 397 | $attr = preg_replace('/^[-a-zA-Z]+/', '', $attr); |
---|
| 398 | } |
---|
| 399 | break; |
---|
| 400 | case 1: # equals sign or valueless ("selected") |
---|
| 401 | if (preg_match('/^\s*=\s*/', $attr)) # equals sign |
---|
| 402 | { |
---|
| 403 | $working = 1; |
---|
| 404 | $mode = 2; |
---|
| 405 | $attr = preg_replace('/^\s*=\s*/', '', $attr); |
---|
| 406 | break; |
---|
| 407 | } |
---|
| 408 | if (preg_match('/^\s+/', $attr)) # valueless |
---|
| 409 | { |
---|
| 410 | $working = 1; |
---|
| 411 | $mode = 0; |
---|
| 412 | $attrarr[] = array( |
---|
| 413 | 'name' => $attrname, |
---|
| 414 | 'value' => '', |
---|
| 415 | 'whole' => $attrname, |
---|
| 416 | 'vless' => 'y' |
---|
| 417 | ); |
---|
| 418 | $attr = preg_replace('/^\s+/', '', $attr); |
---|
| 419 | } |
---|
| 420 | break; |
---|
| 421 | case 2: # attribute value, a URL after href= for instance |
---|
| 422 | if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match)) # "value" |
---|
| 423 | { |
---|
| 424 | $thisval = $this->_bad_protocol($match[1]); |
---|
| 425 | $attrarr[] = array( |
---|
| 426 | 'name' => $attrname, |
---|
| 427 | 'value' => $thisval, |
---|
| 428 | 'whole' => "$attrname=\"$thisval\"", |
---|
| 429 | 'vless' => 'n' |
---|
| 430 | ); |
---|
| 431 | $working = 1; |
---|
| 432 | $mode = 0; |
---|
| 433 | $attr = preg_replace('/^"[^"]*"(\s+|$)/', '', $attr); |
---|
| 434 | break; |
---|
| 435 | } |
---|
| 436 | if (preg_match("/^'([^']*)'(\s+|$)/", $attr, $match)) # 'value' |
---|
| 437 | { |
---|
| 438 | $thisval = $this->_bad_protocol($match[1]); |
---|
| 439 | $attrarr[] = array( |
---|
| 440 | 'name' => $attrname, |
---|
| 441 | 'value' => $thisval, |
---|
| 442 | 'whole' => "$attrname='$thisval'", |
---|
| 443 | 'vless' => 'n' |
---|
| 444 | ); |
---|
| 445 | $working = 1; |
---|
| 446 | $mode = 0; |
---|
| 447 | $attr = preg_replace("/^'[^']*'(\s+|$)/", '', $attr); |
---|
| 448 | break; |
---|
| 449 | } |
---|
| 450 | if (preg_match("%^([^\s\"']+)(\s+|$)%", $attr, $match)) # value |
---|
| 451 | { |
---|
| 452 | $thisval = $this->_bad_protocol($match[1]); |
---|
| 453 | $attrarr[] = array( |
---|
| 454 | 'name' => $attrname, |
---|
| 455 | 'value' => $thisval, |
---|
| 456 | 'whole' => "$attrname=\"$thisval\"", |
---|
| 457 | 'vless' => 'n' |
---|
| 458 | ); |
---|
| 459 | # We add quotes to conform to W3C's HTML spec. |
---|
| 460 | $working = 1; |
---|
| 461 | $mode = 0; |
---|
| 462 | $attr = preg_replace("%^[^\s\"']+(\s+|$)%", '', $attr); |
---|
| 463 | } |
---|
| 464 | break; |
---|
| 465 | } # switch |
---|
| 466 | |
---|
| 467 | if ($working == 0) # not well formed, remove and try again |
---|
| 468 | { |
---|
| 469 | $attr = $this->_html_error($attr); |
---|
| 470 | $mode = 0; |
---|
| 471 | } |
---|
| 472 | } # while |
---|
| 473 | |
---|
| 474 | # special case, for when the attribute list ends with a valueless |
---|
| 475 | # attribute like "selected" |
---|
| 476 | if ($mode == 1) |
---|
| 477 | { |
---|
| 478 | $attrarr[] = array( |
---|
| 479 | 'name' => $attrname, |
---|
| 480 | 'value' => '', |
---|
| 481 | 'whole' => $attrname, |
---|
| 482 | 'vless' => 'y' |
---|
| 483 | ); |
---|
| 484 | } |
---|
| 485 | |
---|
| 486 | return $attrarr; |
---|
| 487 | } # function _hair |
---|
| 488 | |
---|
| 489 | ############################################################################### |
---|
| 490 | # This function removes all non-allowed protocols from the beginning of |
---|
| 491 | # $string. It ignores whitespace and the case of the letters, and it does |
---|
| 492 | # understand HTML entities. It does its work in a while loop, so it won't be |
---|
| 493 | # fooled by a string like "javascript:javascript:alert(57)". |
---|
| 494 | ############################################################################### |
---|
| 495 | function _bad_protocol($string) |
---|
| 496 | { |
---|
| 497 | $string = $this->_no_null($string); |
---|
| 498 | $string2 = $string.'a'; |
---|
| 499 | |
---|
| 500 | while ($string != $string2) |
---|
| 501 | { |
---|
| 502 | $string2 = $string; |
---|
| 503 | $string = $this->_bad_protocol_once($string); |
---|
| 504 | } # while |
---|
| 505 | |
---|
| 506 | return $string; |
---|
| 507 | } # function _bad_protocol |
---|
| 508 | |
---|
| 509 | ############################################################################### |
---|
| 510 | # This function searches for URL protocols at the beginning of $string, while |
---|
| 511 | # handling whitespace and HTML entities. |
---|
| 512 | ############################################################################### |
---|
| 513 | function _bad_protocol_once($string) |
---|
| 514 | { |
---|
| 515 | return preg_replace( |
---|
| 516 | '/^((&[^;]*;|[\sA-Za-z0-9])*)'. |
---|
| 517 | '(:|:|&#[Xx]3[Aa];)\s*/e', |
---|
| 518 | '\$this->_bad_protocol_once2("\\1")', |
---|
| 519 | $string |
---|
| 520 | ); |
---|
| 521 | return $string; |
---|
| 522 | } # function _bad_protocol_once |
---|
| 523 | |
---|
| 524 | |
---|
| 525 | ############################################################################### |
---|
| 526 | # This function processes URL protocols, checks to see if they're in the white- |
---|
| 527 | # list or not, and returns different data depending on the answer. |
---|
| 528 | ############################################################################### |
---|
| 529 | function _bad_protocol_once2($string) |
---|
| 530 | { |
---|
| 531 | $string2 = $this->_decode_entities($string2); |
---|
| 532 | $string2 = preg_replace('/\s/', '', $string); |
---|
| 533 | $string2 = $this->_no_null($string2); |
---|
| 534 | $string2 = strtolower($string2); |
---|
| 535 | |
---|
| 536 | $allowed = false; |
---|
| 537 | foreach ($this->allowed_protocols as $one_protocol) |
---|
| 538 | { |
---|
| 539 | if (strtolower($one_protocol) == $string2) |
---|
| 540 | { |
---|
| 541 | $allowed = true; |
---|
| 542 | break; |
---|
| 543 | } |
---|
| 544 | } |
---|
| 545 | |
---|
| 546 | if ($allowed) |
---|
| 547 | { |
---|
| 548 | return "$string2:"; |
---|
| 549 | } |
---|
| 550 | else |
---|
| 551 | { |
---|
| 552 | return ''; |
---|
| 553 | } |
---|
| 554 | } # function _bad_protocol_once2 |
---|
| 555 | |
---|
| 556 | ############################################################################### |
---|
| 557 | # This function performs different checks for attribute values. The currently |
---|
| 558 | # implemented checks are "maxlen", "minlen", "maxval", "minval" and "valueless" |
---|
| 559 | # with even more checks to come soon. |
---|
| 560 | ############################################################################### |
---|
| 561 | function _check_attr_val($value, $vless, $checkname, $checkvalue) |
---|
| 562 | { |
---|
| 563 | $ok = true; |
---|
| 564 | |
---|
| 565 | switch (strtolower($checkname)) |
---|
| 566 | { |
---|
| 567 | # The maxlen check makes sure that the attribute value has a length not |
---|
| 568 | # greater than the given value. This can be used to avoid Buffer Overflows |
---|
| 569 | # in WWW clients and various Internet servers. |
---|
| 570 | case 'maxlen': |
---|
| 571 | if (strlen($value) > $checkvalue) |
---|
| 572 | { |
---|
| 573 | $ok = false; |
---|
| 574 | } |
---|
| 575 | break; |
---|
| 576 | |
---|
| 577 | # The minlen check makes sure that the attribute value has a length not |
---|
| 578 | # smaller than the given value. |
---|
| 579 | case 'minlen': |
---|
| 580 | if (strlen($value) < $checkvalue) |
---|
| 581 | { |
---|
| 582 | $ok = false; |
---|
| 583 | } |
---|
| 584 | break; |
---|
| 585 | |
---|
| 586 | # The maxval check does two things: it checks that the attribute value is |
---|
| 587 | # an integer from 0 and up, without an excessive amount of zeroes or |
---|
| 588 | # whitespace (to avoid Buffer Overflows). It also checks that the attribute |
---|
| 589 | # value is not greater than the given value. |
---|
| 590 | # This check can be used to avoid Denial of Service attacks. |
---|
| 591 | case 'maxval': |
---|
| 592 | if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value)) |
---|
| 593 | { |
---|
| 594 | $ok = false; |
---|
| 595 | } |
---|
| 596 | if ($value > $checkvalue) |
---|
| 597 | { |
---|
| 598 | $ok = false; |
---|
| 599 | } |
---|
| 600 | break; |
---|
| 601 | |
---|
| 602 | # The minval check checks that the attribute value is a positive integer, |
---|
| 603 | # and that it is not smaller than the given value. |
---|
| 604 | case 'minval': |
---|
| 605 | if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value)) |
---|
| 606 | { |
---|
| 607 | $ok = false; |
---|
| 608 | } |
---|
| 609 | if ($value < $checkvalue) |
---|
| 610 | { |
---|
| 611 | $ok = false; |
---|
| 612 | } |
---|
| 613 | break; |
---|
| 614 | |
---|
| 615 | # The valueless check checks if the attribute has a value |
---|
| 616 | # (like <a href="blah">) or not (<option selected>). If the given value |
---|
| 617 | # is a "y" or a "Y", the attribute must not have a value. |
---|
| 618 | # If the given value is an "n" or an "N", the attribute must have one. |
---|
| 619 | case 'valueless': |
---|
| 620 | if (strtolower($checkvalue) != $vless) |
---|
| 621 | { |
---|
| 622 | $ok = false; |
---|
| 623 | } |
---|
| 624 | break; |
---|
| 625 | |
---|
| 626 | } # switch |
---|
| 627 | |
---|
| 628 | return $ok; |
---|
| 629 | } # function _check_attr_val |
---|
| 630 | |
---|
| 631 | ############################################################################### |
---|
| 632 | # This function changes the character sequence \" to just " |
---|
| 633 | # It leaves all other slashes alone. It's really weird, but the quoting from |
---|
| 634 | # preg_replace(//e) seems to require this. |
---|
| 635 | ############################################################################### |
---|
| 636 | function _stripslashes($string) |
---|
| 637 | { |
---|
| 638 | return preg_replace('%\\\\"%', '"', $string); |
---|
| 639 | } # function _stripslashes |
---|
| 640 | |
---|
| 641 | ############################################################################### |
---|
| 642 | # This function deals with parsing errors in _hair(). The general plan is |
---|
| 643 | # to remove everything to and including some whitespace, but it deals with |
---|
| 644 | # quotes and apostrophes as well. |
---|
| 645 | ############################################################################### |
---|
| 646 | function _html_error($string) |
---|
| 647 | { |
---|
| 648 | return preg_replace('/^("[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*/', '', $string); |
---|
| 649 | } # function _html_error |
---|
| 650 | |
---|
| 651 | ############################################################################### |
---|
| 652 | # This function decodes numeric HTML entities (A and A). It doesn't |
---|
| 653 | # do anything with other entities like ä, but we don't need them in the |
---|
| 654 | # URL protocol white listing system anyway. |
---|
| 655 | ############################################################################### |
---|
| 656 | function _decode_entities($string) |
---|
| 657 | { |
---|
| 658 | $string = preg_replace('/&#([0-9]+);/e', 'chr("\\1")', $string); |
---|
| 659 | $string = preg_replace('/&#[Xx]([0-9A-Fa-f]+);/e', 'chr(hexdec("\\1"))', $string); |
---|
| 660 | return $string; |
---|
| 661 | } # function _decode_entities |
---|
| 662 | |
---|
| 663 | ############################################################################### |
---|
| 664 | # This function returns kses' version number. |
---|
| 665 | ############################################################################### |
---|
| 666 | function _version() |
---|
| 667 | { |
---|
| 668 | return '0.0.2 (OOP fork of kses 0.2.1)'; |
---|
| 669 | } # function _version |
---|
| 670 | } |
---|
| 671 | ?> |
---|