本文整理汇总了PHP中HTMLPurifier函数的典型用法代码示例。如果您正苦于以下问题:PHP HTMLPurifier函数的具体用法?PHP HTMLPurifier怎么用?PHP HTMLPurifier使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了HTMLPurifier函数的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: purify
function purify($dirty_html)
{
if (is_array($dirty_html)) {
foreach ($dirty_html as $key => $val) {
$dirty_html[$key] = purify($val);
}
return $dirty_html;
}
if (trim($dirty_html) === '') {
return $dirty_html;
}
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('AutoFormat.Linkify', true);
$config->set('CSS.Trusted', true);
$config->set('CSS.AllowTricky', true);
$config->set('Filter.YouTube', true);
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$config->set('Output.Newline', '<br />');
$def = $config->getHTMLDefinition(true);
$def->addElement('spoiler', 'Block', 'Flow', 'Common', array());
return HTMLPurifier($dirty_html, $config);
}
示例2: update_page
/** Update a wiki page
@param array $hash- lock_it,contributions, contributors
@param int $saveLastModif - modification time - pass null for now, unless importing a Wiki page
**/
function update_page($pageName, $edit_data, $edit_comment, $edit_user, $edit_ip, $edit_description = null, $edit_minor = 0, $lang = '', $is_html = null, $hash = null, $saveLastModif = null, $wysiwyg = '', $wiki_authors_style = '')
{
global $prefs;
$histlib = TikiLib::lib('hist');
if (!$edit_user) {
$edit_user = 'anonymous';
}
$this->invalidate_cache($pageName);
// Collect pages before modifying edit_data (see update of links below)
$pages = $this->get_pages($edit_data, true);
$this->check_alias($edit_data, $pageName);
if (!$this->page_exists($pageName)) {
return false;
}
// Get this page information
$info = $this->get_page_info($pageName);
if ($edit_description === null) {
$edit_description = $info['description'];
}
// Use largest version +1 in history table rather than tiki_page because versions used to be bugged
// tiki_history is also bugged as not all changes get stored in the history, like minor changes
// and changes that do not modify the body of the page. Both numbers are wrong, but the largest of
// them both is right.
$old_version = max($info["version"], $histlib->get_page_latest_version($pageName));
$user = $info["user"] ? $info["user"] : 'anonymous';
$data = $info["data"];
$willDoHistory = $prefs['feature_wiki_history_full'] == 'y' || $data != $edit_data || $info['description'] != $edit_description || $info["comment"] != $edit_comment;
$version = $old_version + ($willDoHistory ? 1 : 0);
if ($is_html === null) {
$html = $info['is_html'];
} else {
$html = $is_html ? 1 : 0;
}
if ($wysiwyg == '') {
$wysiwyg = $info['wysiwyg'];
}
if ($wysiwyg == 'y' && $html != 1 && $prefs['wysiwyg_htmltowiki'] != 'y') {
// correct for html only wysiwyg
$html = 1;
}
$parserlib = TikiLib::lib('parser');
$edit_data = $parserlib->process_save_plugins($edit_data, array('type' => 'wiki page', 'itemId' => $pageName, 'user' => $user));
if ($html == 1 && $prefs['feature_purifier'] != 'n') {
$parserlib->isHtmlPurifying = true;
$parserlib->isEditMode = true;
$noparsed = array();
$parserlib->plugins_remove($edit_data, $noparsed);
require_once 'lib/htmlpurifier_tiki/HTMLPurifier.tiki.php';
$edit_data = HTMLPurifier($edit_data);
$parserlib->plugins_replace($edit_data, $noparsed, true);
$parserlib->isHtmlPurifying = false;
$parserlib->isEditMode = false;
}
if (is_null($saveLastModif)) {
$saveLastModif = $this->now;
}
$queryData = array('description' => $edit_description, 'data' => $edit_data, 'comment' => $edit_comment, 'lastModif' => (int) $saveLastModif, 'version' => $version, 'version_minor' => $edit_minor, 'user' => $edit_user, 'ip' => $edit_ip, 'page_size' => strlen($edit_data), 'is_html' => $html, 'wysiwyg' => $wysiwyg, 'wiki_authors_style' => $wiki_authors_style, 'lang' => $lang);
if ($hash !== null) {
if (!empty($hash['lock_it']) && ($hash['lock_it'] == 'y' || $hash['lock_it'] == 'on')) {
$queryData['flag'] = 'L';
$queryData['lockedby'] = $user;
} else {
if (empty($hash['lock_it']) || $hash['lock_it'] == 'n') {
$queryData['flag'] = '';
$queryData['lockedby'] = '';
}
}
}
if ($prefs['wiki_comments_allow_per_page'] != 'n') {
if (!empty($hash['comments_enabled']) && $hash['comments_enabled'] == 'y') {
$queryData['comments_enabled'] = 'y';
} else {
if (empty($hash['comments_enabled']) || $hash['comments_enabled'] == 'n') {
$queryData['comments_enabled'] = 'n';
}
}
}
if (empty($hash['contributions'])) {
$hash['contributions'] = '';
}
if (empty($hash['contributors'])) {
$hash2 = '';
} else {
foreach ($hash['contributors'] as $c) {
$hash3['contributor'] = $c;
$hash2[] = $hash3;
}
}
$this->table('tiki_pages')->update($queryData, array('pageName' => $pageName));
// Synchronize object comment
if ($prefs['feature_wiki_description'] == 'y') {
$query = 'update `tiki_objects` set `description`=? where `itemId`=? and `type`=?';
$this->query($query, array($edit_description, $pageName, 'wiki page'));
}
//update status, page storage was updated in tiki 9 to be non html encoded
$wikilib = TikiLib::lib('wiki');
//.........这里部分代码省略.........
示例3: array
if ($_REQUEST['msgid'] > 1) {
$smarty->assign('prev', $_REQUEST['msgid'] - 1);
} else {
$smarty->assign('prev', '');
}
$attachments = array();
// if ($message->isMultipart()) {
// TODO deal with attachments here??
// }
$bodies = $webmaillib->get_mail_content($user, $current['accountId'], $_REQUEST['msgid'], true);
for ($i = 0, $count_bodies = count($bodies); $i < $count_bodies; $i++) {
if ($bodies[$i]['contentType'] == 'text/html') {
$bod = $bodies[$i]['body'];
// Clean the string using HTML Purifier
require_once 'lib/htmlpurifier_tiki/HTMLPurifier.tiki.php';
$bod = HTMLPurifier($bod);
if (preg_match_all('/<[\\/]?body[^>]*>/i', $bod, $m, PREG_OFFSET_CAPTURE) && count($m) > 0 && count($m[0]) > 1) {
// gets positions of the start and end body tags then substr the bit inbetween
$bod = substr($bod, $m[0][0][1] + strlen($m[0][0][0]), $m[0][1][1]);
}
$bod = strip_tags($bod, '<a><b><i><strong><em><p><blockquote><table><tbody><tr><td><th>' . '<ul><li><img><hr><ol><br><h1><h2><h3><h4><h5><h6><div><span>' . '<font><form><input><textarea><checkbox><select><style>');
// try to close malformed html not fixed by the purifier - because people email Really Bad Things and this messes up *lite.css layout
$bod = closetags($bod);
$bodies[$i]['body'] = $bod;
} else {
if ($bodies[$i]['contentType'] == 'text/plain') {
// reply text
$smarty->assign('plainbody', format_email_reply($bodies[$i]['body'], $aux['from'], $aux['date']));
$bodies[$i]['body'] = nl2br($bodies[$i]['body']);
}
}
示例4: xss_clean
/**
* Clean cross site scripting exploits from string.
* HTMLPurifier may be used if installed, otherwise defaults to built in method.
* Note - This function should only be used to deal with data upon submission.
* It's not something that should be used for general runtime processing
* since it requires a fair amount of processing overhead.
*
* @param string data to clean
* @param string xss_clean method to use ('htmlpurifier' or defaults to built-in method)
* @return string
*/
public function xss_clean($data, $tool = NULL)
{
if ($tool === NULL) {
// Use the default tool
$tool = Kohana::config('core.global_xss_filtering');
}
if (is_array($data)) {
foreach ($data as $key => $val) {
$data[$key] = $this->xss_clean($val, $tool);
}
return $data;
}
// Do not clean empty strings
if (trim($data) === '') {
return $data;
}
if ($tool === TRUE) {
// NOTE: This is necessary because switch is NOT type-sensative!
$tool = 'default';
}
switch ($tool) {
case 'htmlpurifier':
/**
* @todo License should go here, http://htmlpurifier.org/
*/
if (!class_exists('HTMLPurifier_Config', FALSE)) {
// Load HTMLPurifier
require Kohana::find_file('vendor', 'htmlpurifier/HTMLPurifier.auto', TRUE);
require 'HTMLPurifier.func.php';
}
// Set configuration
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML', 'TidyLevel', 'none');
// Only XSS cleaning now
// Run HTMLPurifier
$data = HTMLPurifier($data, $config);
break;
default:
// http://svn.bitflux.ch/repos/public/popoon/trunk/classes/externalinput.php
// +----------------------------------------------------------------------+
// | Copyright (c) 2001-2006 Bitflux GmbH |
// +----------------------------------------------------------------------+
// | Licensed under the Apache License, Version 2.0 (the "License"); |
// | you may not use this file except in compliance with the License. |
// | You may obtain a copy of the License at |
// | http://www.apache.org/licenses/LICENSE-2.0 |
// | Unless required by applicable law or agreed to in writing, software |
// | distributed under the License is distributed on an "AS IS" BASIS, |
// | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
// | implied. See the License for the specific language governing |
// | permissions and limitations under the License. |
// +----------------------------------------------------------------------+
// | Author: Christian Stocker <chregu@bitflux.ch> |
// +----------------------------------------------------------------------+
//
// Kohana Modifications:
// * Changed double quotes to single quotes, changed indenting and spacing
// * Removed magic_quotes stuff
// * Increased regex readability:
// * Used delimeters that aren't found in the pattern
// * Removed all unneeded escapes
// * Deleted U modifiers and swapped greediness where needed
// * Increased regex speed:
// * Made capturing parentheses non-capturing where possible
// * Removed parentheses where possible
// * Split up alternation alternatives
// * Made some quantifiers possessive
// Fix &entity\n;
$data = str_replace(array('&', '<', '>'), array('&amp;', '&lt;', '&gt;'), $data);
$data = preg_replace('/(&#*\\w+)[\\x00-\\x20]+;/u', '$1;', $data);
$data = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $data);
$data = html_entity_decode($data, ENT_COMPAT, 'UTF-8');
// Remove any attribute starting with "on" or xmlns
$data = preg_replace('#(<[^>]+?[\\x00-\\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);
// Remove javascript: and vbscript: protocols
$data = preg_replace('#([a-z]*)[\\x00-\\x20]*=[\\x00-\\x20]*([`\'"]*)[\\x00-\\x20]*j[\\x00-\\x20]*a[\\x00-\\x20]*v[\\x00-\\x20]*a[\\x00-\\x20]*s[\\x00-\\x20]*c[\\x00-\\x20]*r[\\x00-\\x20]*i[\\x00-\\x20]*p[\\x00-\\x20]*t[\\x00-\\x20]*:#iu', '$1=$2nojavascript...', $data);
$data = preg_replace('#([a-z]*)[\\x00-\\x20]*=([\'"]*)[\\x00-\\x20]*v[\\x00-\\x20]*b[\\x00-\\x20]*s[\\x00-\\x20]*c[\\x00-\\x20]*r[\\x00-\\x20]*i[\\x00-\\x20]*p[\\x00-\\x20]*t[\\x00-\\x20]*:#iu', '$1=$2novbscript...', $data);
$data = preg_replace('#([a-z]*)[\\x00-\\x20]*=([\'"]*)[\\x00-\\x20]*-moz-binding[\\x00-\\x20]*:#u', '$1=$2nomozbinding...', $data);
// Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
$data = preg_replace('#(<[^>]+?)style[\\x00-\\x20]*=[\\x00-\\x20]*[`\'"]*.*?expression[\\x00-\\x20]*\\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\\x00-\\x20]*=[\\x00-\\x20]*[`\'"]*.*?behaviour[\\x00-\\x20]*\\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\\x00-\\x20]*=[\\x00-\\x20]*[`\'"]*.*?s[\\x00-\\x20]*c[\\x00-\\x20]*r[\\x00-\\x20]*i[\\x00-\\x20]*p[\\x00-\\x20]*t[\\x00-\\x20]*:*[^>]*+>#iu', '$1>', $data);
// Remove namespaced elements (we do not need them)
$data = preg_replace('#</*\\w+:\\w[^>]*+>#i', '', $data);
do {
// Remove really unwanted tags
$old_data = $data;
$data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
} while ($old_data !== $data);
//.........这里部分代码省略.........
示例5: filter
function filter($data)
{
require_once 'lib/htmlpurifier_tiki/HTMLPurifier.tiki.php';
return HTMLPurifier($data);
}
示例6: process_inbound_mail
function process_inbound_mail($forumId)
{
global $prefs;
require_once "lib/webmail/net_pop3.php";
require_once "lib/mail/mimelib.php";
$info = $this->get_forum($forumId);
// for any reason my sybase test machine adds a space to
// the inbound_pop_server field in the table.
$info["inbound_pop_server"] = trim($info["inbound_pop_server"]);
if (!$info["inbound_pop_server"] || empty($info["inbound_pop_server"])) {
return;
}
$pop3 = new Net_POP3();
$pop3->connect($info["inbound_pop_server"]);
$pop3->login($info["inbound_pop_user"], $info["inbound_pop_password"]);
if (!$pop3) {
return;
}
$mailSum = $pop3->numMsg();
//we don't want the operation to time out... this would result in the same messages being imported over and over...
//(messages are only removed from the pop server on a gracefull connection termination... ie .not php or webserver a timeout)
//$maximport should be in a admin config screen, but I don't know how to do that yet.
$maxImport = 10;
if ($mailSum > $maxImport) {
$mailSum = $maxImport;
}
for ($i = 1; $i <= $mailSum; $i++) {
//echo 'loop ' . $i;
$aux = $pop3->getParsedHeaders($i);
// If the mail came from Tiki, we don't need to add it again
if (isset($aux['X-Tiki']) && $aux['X-Tiki'] == 'yes') {
$pop3->deleteMsg($i);
continue;
}
// If the connection is done, or the mail has an error, or whatever,
// we try to delete the current mail (because something is wrong with it)
// and continue on. --rlpowell
if ($aux == FALSE) {
$pop3->deleteMsg($i);
continue;
}
//echo '<pre>';
//print_r ($aux);
//echo '</pre>';
if (!isset($aux['From'])) {
if (isset($aux['Return-path'])) {
$aux['From'] = $aux['Return-path'];
} else {
$aux['From'] = "";
$aux['Return-path'] = "";
}
}
//try to get the date from the email:
$postDate = strtotime($aux['Date']);
if ($postDate == false) {
$postDate = $this->now;
}
//save the original email address, if we don't get a user match, then we
//can at least give some info about the poster.
$original_email = $aux["From"];
//fix mailman addresses, or there is no chance to get a match
$aux["From"] = str_replace(' at ', '@', $original_email);
preg_match('/<?([-!#$%&\'*+\\.\\/0-9=?A-Z^_`a-z{|}~]+@[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\\.[-!#$%&\'*+\\.\\/0-9=?A-Z^_`a-z{|}~]+)>?/', $aux["From"], $mail);
// should we throw out emails w/ invalid (possibly obfusicated) email addressses?
//this should be an admin option, but I don't know how to put it there yet.
$throwOutInvalidEmails = false;
if (!array_key_exists(1, $mail)) {
if ($throwOutInvalidEmails) {
continue;
}
}
$email = $mail[1];
$full = $pop3->getMsg($i);
$mimelib = new mime();
$output = $mimelib->decode($full);
$body = '';
if ($output['type'] == 'multipart/report') {
// mimelib doesn't seem to parse error reports properly
$pop3->deleteMsg($i);
// and we almost certainly don't want them in the forum
continue;
// so do what exactly? log them somewhere? TODO
}
require_once 'lib/htmlpurifier_tiki/HTMLPurifier.tiki.php';
if ($prefs['feature_forum_parse'] === 'y' && $prefs['forum_inbound_mail_parse_html'] === 'y') {
$body = $mimelib->getPartBody($output, 'html');
if ($body) {
// on some systems HTMLPurifier fails with smart quotes in the html
$body = $mimelib->cleanQuotes($body);
// some emails have invalid font and span tags that create incorrect purifying of lists
$body = preg_replace_callback('/\\<(ul|ol).*\\>(.*)\\<\\/(ul|ol)\\>/Umis', array($this, 'process_inbound_mail_cleanlists'), $body);
// Clean the string using HTML Purifier next
$body = HTMLPurifier($body);
// html emails require some speciaal handling
$body = preg_replace('/--(.*)--/', '~np~--$1--~/np~', $body);
// disable strikethough syntax
$body = preg_replace('/\\{(.*)\\}/', '~np~{$1}~/np~', $body);
// disable plugin type things
// special handling for MS links which contain underline tags in the label which wiki doesn't like
$body = preg_replace('/(\\<a .*\\>)\\<font .*\\>\\<u\\>(.*)\\<\\/u\\>\\<\\/font\\>\\<\\/a\\>/Umis', '$1$2</a>', $body);
//.........这里部分代码省略.........
示例7: HTMLpurify
/**
*
*/
function HTMLpurify($dirty_html, $set = 'default')
{
if (is_array($dirty_html)) {
foreach ($dirty_html as $key => $val) {
$dirty_html[$key] = purify($val);
}
return $dirty_html;
}
if (trim($dirty_html) === '') {
return $dirty_html;
}
require_once FCPATH . "assets/htmlpurifier/library/HTMLPurifier.auto.php";
require_once FCPATH . "assets/htmlpurifier/library/HTMLPurifier.func.php";
$config = HTMLPurifier_Config::createDefault();
if (!file_exists('content/cache/HTMLPurifier')) {
mkdir('content/cache/HTMLPurifier');
}
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('Cache.SerializerPath', FCPATH . 'content/cache/HTMLPurifier');
switch ($set) {
case 'default':
break;
case 'unallowed':
$config->set('HTML.AllowedElements', '');
break;
}
return HTMLPurifier($dirty_html, $config);
}