PHP clean_html函数代码示例

function prepare_message($message, $html_on, $bbcode_on, $smile_on, $bbcode_uid = 0)
{
    global $board_config, $html_entities_match, $html_entities_replace;
    //
    // Clean up the message
    //
    $message = trim($message);
    if ($html_on) {
        // If HTML is on, we try to make it safe
        // This approach is quite agressive and anything that does not look like a valid tag
        // is going to get converted to HTML entities
        $message = stripslashes($message);
        $html_match = '#<[^\\w<]*(\\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
        $matches = array();
        $message_split = preg_split($html_match, $message);
        preg_match_all($html_match, $message, $matches);
        $message = '';
        foreach ($message_split as $part) {
            $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
            $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag);
        }
        $message = addslashes($message);
        $message = str_replace('&quot;', '\\&quot;', $message);
    } else {
        $message = preg_replace($html_entities_match, $html_entities_replace, $message);
    }
    if ($bbcode_on && $bbcode_uid != '') {
        $message = bbencode_first_pass($message, $bbcode_uid);
    }
    return $message;
}

 public function assign_smarty_vars()
 {
     $this->smarty->assign('artefacttype', 'internal');
     $this->smarty->assign('artefactplugin', 'internal');
     $this->smarty->assign('title', display_name($this->get('exporter')->get('user'), $this->get('exporter')->get('user')));
     // If this ID is changed, you'll have to change it in author.tpl too
     $this->smarty->assign('id', 'portfolio:artefactinternal');
     $this->smarty->assign('leaptype', $this->get_leap_type());
     $persondata = array();
     $spacialdata = array();
     foreach ($this->artefacts as $a) {
         if (!($data = $this->data_mapping($a))) {
             if ($a->get('artefacttype') == 'introduction') {
                 $this->smarty->assign('contenttype', 'html');
                 $this->smarty->assign('content', clean_html($a->get('title')));
             }
             continue;
         }
         $value = $a->render_self(array());
         $value = $value['html'];
         // TODO fix this when we non-js stuff
         $data = array_merge(array('value' => $value, 'artefacttype' => $a->get('artefacttype'), 'artefactplugin' => 'internal'), $data);
         if (array_key_exists('spacial', $data)) {
             $spacialdata[] = (object) $data;
         } else {
             $data = array_merge($data, array('label' => get_string($a->get('artefacttype'), 'artefact.internal')));
             $persondata[] = (object) $data;
         }
     }
     if ($extras = $this->exporter->get('extrapersondata')) {
         $persondata = array_merge($persondata, $extras);
     }
     $this->smarty->assign('persondata', $persondata);
     $this->smarty->assign('spacialdata', $spacialdata);
 }

function export_form_cell_html($element)
{
    global $THEME;
    $strclicktopreview = get_string('clicktopreview', 'export');
    $strpreview = get_string('Preview');
    $element['description'] = clean_html($element['description']);
    return <<<EOF

<div class="checkbox">


    {$element['html']}

    {$element['labelhtml']}
    <div class="text-small with-label plxs">
    {$element['description']}
    <a href="{$element['viewlink']}" class="viewlink nojs-hidden-inline" target="_blank">{$strclicktopreview}</a>
    </div>

</div>



EOF;
}

function show_xls($_POST)
{
    $OUT = show_report($_POST);
    $OUT = clean_html($OUT);
    require_lib("xls");
    StreamXLS("Leave", $OUT);
}

 public static function render_instance(BlockInstance $instance, $editing = false)
 {
     $configdata = $instance->get('configdata');
     // this will make sure to unserialize it for us
     $configdata['viewid'] = $instance->get('view');
     $result = '';
     $artefactid = isset($configdata['artefactid']) ? $configdata['artefactid'] : null;
     if ($artefactid) {
         $artefact = $instance->get_artefact_instance($artefactid);
         if (!file_exists($artefact->get_path())) {
             return;
         }
         $result = clean_html(file_get_contents($artefact->get_path()));
         require_once get_config('docroot') . 'artefact/comment/lib.php';
         require_once get_config('docroot') . 'lib/view.php';
         $view = new View($configdata['viewid']);
         list($commentcount, $comments) = ArtefactTypeComment::get_artefact_comments_for_view($artefact, $view, $instance->get('id'), true, $editing);
     }
     $smarty = smarty_core();
     if ($artefactid) {
         $smarty->assign('commentcount', $commentcount);
         $smarty->assign('comments', $comments);
     }
     $smarty->assign('html', $result);
     return $smarty->fetch('blocktype:html:html.tpl');
 }

function prepare_message($message, $html_on, $bbcode_on, $smile_on)
{
    global $config, $html_entities_match, $html_entities_replace;
    // Clean up the message
    $message = trim($message);
    if ($html_on) {
        // If HTML is on, we try to make it safe
        // This approach is quite agressive and anything that does not look like a valid tag is going to get converted to HTML entities
        $message = $message;
        $html_match = '#<[^\\w<]*(\\w+)((?:"[^"]*"|\'[^\']*\'|[^<>\'"])+)?>#';
        $matches = array();
        $message_split = preg_split($html_match, $message);
        preg_match_all($html_match, $message, $matches);
        $message = '';
        foreach ($message_split as $part) {
            $tag = array(array_shift($matches[0]), array_shift($matches[1]), array_shift($matches[2]));
            $message .= preg_replace($html_entities_match, $html_entities_replace, $part) . clean_html($tag);
            //$message .= preg_replace($html_entities_match, $html_entities_replace, $part) . $tag;
        }
        $message = $message;
        // Mighty Gorgon: This should not be needed any more...
        //$message = str_replace('&quot;', '\&quot;', $message);
    } else {
        $message = preg_replace($html_entities_match, $html_entities_replace, $message);
    }
    return $message;
}

/**
 * clean
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Clean
 * @author Henry Ruhs
 *
 * @param string $input
 * @param integer $mode
 * @return string
 */
function clean($input = '', $mode = '')
{
    $output = $input;
    /* if untrusted user */
    if (FILTER == 1) {
        if ($mode == 0) {
            $output = clean_special($output);
        }
        if ($mode == 1) {
            $output = clean_script($output);
            $output = clean_html($output);
        }
    }
    /* type related clean */
    if ($mode == 2) {
        $output = clean_alias($output);
    }
    if ($mode == 3) {
        $output = clean_email($output);
    }
    if ($mode == 4) {
        $output = clean_url($output);
    }
    /* mysql clean */
    $output = clean_mysql($output);
    return $output;
}

 public static function render_instance(BlockInstance $instance, $editing = false)
 {
     $configdata = $instance->get('configdata');
     $text = isset($configdata['text']) ? $configdata['text'] : '';
     safe_require('artefact', 'file');
     $text = ArtefactTypeFolder::append_view_url($text, $instance->get('view'));
     return clean_html($text);
 }

 public function assign_smarty_vars()
 {
     $user = $this->get('exporter')->get('user');
     $userid = $user->get('id');
     $updated = get_record_sql('select ' . db_format_tsfield('max(mtime)', 'mtime') . ' from {artefact} a join {artefact_installed_type} t on a.artefacttype = t.name where t.plugin = \'internal\'');
     $this->smarty->assign('artefacttype', 'internal');
     $this->smarty->assign('artefactplugin', 'internal');
     $this->smarty->assign('title', display_name($user, $user));
     $this->smarty->assign('updated', PluginExportLeap::format_rfc3339_date($updated->mtime));
     // If this ID is changed, you'll have to change it in author.tpl too
     $this->smarty->assign('id', 'portfolio:artefactinternal');
     $this->smarty->assign('leaptype', $this->get_leap_type());
     $persondata = array();
     $spacialdata = array();
     usort($this->artefacts, array($this, 'artefact_sort'));
     foreach ($this->artefacts as $a) {
         if (!($data = $this->data_mapping($a))) {
             if ($a->get('artefacttype') == 'introduction') {
                 $this->smarty->assign('contenttype', 'html');
                 $this->smarty->assign('content', clean_html($a->get('title')));
             }
             continue;
         }
         $value = $a->render_self(array());
         $value = $value['html'];
         // TODO fix this when we non-js stuff
         $data = array_merge(array('value' => $value, 'artefacttype' => $a->get('artefacttype'), 'artefactplugin' => 'internal'), $data);
         if (array_key_exists('spacial', $data)) {
             $spacialdata[] = (object) $data;
         } else {
             $label = get_string($a->get('artefacttype'), 'artefact.internal');
             if ($a->get('artefacttype') == 'socialprofile') {
                 $label = $a->get('description');
             }
             $data = array_merge($data, array('label' => $label));
             $persondata[] = (object) $data;
         }
     }
     if ($extras = $this->exporter->get('extrapersondata')) {
         $persondata = array_merge($persondata, $extras);
     }
     $this->smarty->assign('persondata', $persondata);
     $this->smarty->assign('spacialdata', $spacialdata);
     // Grab profile icons and link to them, making sure the default is first
     if ($icons = get_column_sql("SELECT id\n            FROM {artefact}\n            WHERE artefacttype = 'profileicon'\n            AND \"owner\" = ?\n            ORDER BY id = (\n                SELECT profileicon FROM {usr} WHERE id = ?\n            ) DESC, id", array($userid, $userid))) {
         foreach ($icons as $icon) {
             $icon = artefact_instance_from_id($icon);
             $this->add_artefact_link($icon, 'related');
         }
         $this->smarty->assign('links', $this->links);
     }
     if (!($categories = $this->get_categories())) {
         $categories = array();
     }
     $this->smarty->assign('categories', $categories);
 }

function export_form_cell_html($element)
{
    $strclicktopreview = get_string('clicktopreview', 'export');
    $previewimg = theme_get_url('images/icon-display.png');
    $strpreview = get_string('Preview');
    $element['description'] = clean_html($element['description']);
    return <<<EOF
<td>
{$element['html']} {$element['labelhtml']}
<div>{$element['description']}</div>
<div><a href="{$element['viewlink']}" class="viewlink nojs-hidden-inline" target="_blank">{$strclicktopreview}</a></div>
</td>
EOF;
}

function process_expired(&$trans_class, $mins, $cntLimit = 0)
{
    echo "<p>processing expired subscriptions</p>";
    $timeLimit = time() + $mins * 60;
    $cnt = 1;
    echo "\r\n\t<table>\r\n\t\t\t<tr>\r\n\t\t\t<td>Subscription ID</td><td>&nbsp;</td>\r\n\t\t\t<td>Count ID</td><td>&nbsp;</td>\r\n\t\t\t<td>Response</td><td>&nbsp;</td>\r\n\t\t\t</tr>\r\n\t";
    while ((time() < $timeLimit || $mins == 0) && ($cnt < $cntLimit || $cntLimit == 0) && ($id = $trans_class->get_next_expired_rebill())) {
        $trans_class->pull_subscription($id);
        $res = $trans_class->update_account_status();
        echo "\r\n\t\t\t<tr>\r\n\t\t\t<td>{$id}</td><td></td>\r\n\t\t\t<td>" . $cnt . "</td><td></td>\r\n\t\t\t<td>" . clean_html($res[1]['response']['body']) . "</td><td></td>\r\n\t\t\t</tr>\r\n\t\t";
        flush();
        $cnt++;
    }
    echo "\r\n\t</table>\r\n\t";
}

 public static function render_instance(BlockInstance $instance, $editing = false)
 {
     $configdata = $instance->get('configdata');
     // this will make sure to unserialize it for us
     $configdata['viewid'] = $instance->get('view');
     $result = '';
     if (isset($configdata['artefactid'])) {
         $html = $instance->get_artefact_instance($configdata['artefactid']);
         if (!file_exists($html->get_path())) {
             return;
         }
         $result = clean_html(file_get_contents($html->get_path()));
     }
     return $result;
 }

function print_report()
{
    $OUTPUT = clean_html(financialStatements::incomestmnt($_POST));
    switch ($_POST["key"]) {
        case ct("Print"):
            require "../tmpl-print.php";
            break;
        case ct("Save"):
            db_conn("core");
            $sql = "INSERT INTO save_income_stmnt (output, gendate, div) VALUES ('" . base64_encode($OUTPUT) . "', current_date, '" . USER_DIV . "')";
            $svincRslt = db_exec($sql) or errDie("Unable to save the balance sheet to Cubit.");
            return "<li class='err'>Income statement has been successfully saved to Cubit.</li>\n\t\t\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width=25%>\n\t\t\t\t<tr><th>Quick Links</th></tr>\n\t\t\t\t<tr class=datacell><td align=center><a target=_blank href='../core/acc-new2.php'>Add account (New Window)</a></td></tr>\n\t\t\t\t<tr class=datacell><td align=center><a href='index-reports.php'>Financials</a></td></tr>\n\t\t\t\t<tr class=datacell><td align=center><a href='index-reports-stmnt.php'>Current Year Financial Statements</a></td></tr>\n\t\t\t\t<tr class=datacell><td align=center><a href='../main.php'>Main Menu</td></tr>\n\t\t\t</table>";
            break;
        case ct("Export to Spreadsheet"):
            require_lib("xls");
            StreamXLS("income_statement", $OUTPUT);
            break;
    }
}

function display()
{
    extract($_REQUEST);
    $fields = array();
    $fields["from_year"] = date("Y");
    $fields["from_month"] = date("m");
    $fields["from_day"] = "01";
    $fields["to_year"] = date("Y");
    $fields["to_month"] = date("m");
    $fields["to_day"] = date("d");
    $fields["print"] = 0;
    extract($fields, EXTR_SKIP);
    if (!$print) {
        $OUTPUT = "<center>\r\n\t\t<h3>Driver Collect/Deliver</h3>\r\n\t\t<form method='post' action='" . SELF . "'>\r\n\t\t<table " . TMPL_tblDflts . ">\r\n\t\t\t<tr><th colspan='4'>Date Range</th></tr>\r\n\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t<td>" . mkDateSelect("from", $from_year, $from_month, $from_day) . "</td>\r\n\t\t\t\t<td>&nbsp; <b>To</b> &nbsp;</td>\r\n\t\t\t\t<td>" . mkDateSelect("to", $to_year, $to_month, $to_day) . "</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<input type='submit' value='Select' style='font-weight: bold' />\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\r\n\t\t\t<tr><td>&nbsp</td></tr>\r\n\t\t\t<tr>\r\n\t\t\t\t<td colspan='4' align='center'>\r\n\t\t\t\t\t<input type='submit' name='print' value='Print' />\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t\t</form>";
    } else {
        $OUTPUT = "";
    }
    $sql = "\r\n\tSELECT hire_invoices.invid, hire_invitems.collection, customers.surname,\r\n\t\tinvnum, branch_addr, branch_descrip, addr1, bustel, cellno\r\n\t\tFROM hire.hire_invitems\r\n\t\t\tLEFT JOIN hire.hire_invoices\r\n\t\t\t\tON hire_invitems.invid=hire_invoices.invid\r\n\t\t\tLEFT JOIN cubit.customers\r\n\t\t\t\tON hire_invoices.cusnum=customers.cusnum\r\n\t\t\tLEFT JOIN cubit.customer_branches\r\n\t\t\t\tON customers.cusnum=customer_branches.cusnum";
    $item_rslt = db_exec($sql) or errDie("Unable to retrieve hire note items.");
    $item_out = "";
    while ($item_data = pg_fetch_array($item_rslt)) {
        // Parse collection
        $collection = explode(", ", $item_data["collection"]);
        foreach ($collection as $value) {
            if ($value == "Client Collect") {
                continue;
            }
            if ($item_data["branch_addr"]) {
                $address = nl2br($item_data["branch_descrip"]);
            } else {
                $address = nl2br($item_data["addr1"]);
            }
            $item_out .= "\r\n\t\t\t<table " . TMPL_tblDflts . " width='400' style='border: 1px solid #000'>\r\n\t\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t\t<td><b>{$item_data['surname']}</b></td>\r\n\t\t\t\t\t<td>" . ucfirst($value) . "</td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t\t<td>Hire No: H" . getHirenum($item_data["invid"], 1) . "</td>\r\n\t\t\t\t\t<td>Date:_____________________</td>\r\n\t\t\t\t</td>\r\n\t\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t\t<td>Business Tel: {$item_data['bustel']}</td>\r\n\t\t\t\t\t<td>Cell No: {$item_data['cellno']}</td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t\t<td colspan='2'>{$address}</td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t\t<td style='padding-top: 10px'>Signature (Driver)</td>\r\n\t\t\t\t\t<td>___________________________</td>\r\n\t\t\t\t</tr>\r\n\t\t\t\t<tr class='" . bg_class() . "'>\r\n\t\t\t\t\t<td style='padding-top: 10px'>Signature (Recipient)</td>\r\n\t\t\t\t\t<td>___________________________</td>\r\n\t\t\t\t</tr>\r\n\t\t\t</table>\r\n\t\t\t<br />";
        }
    }
    $OUTPUT .= "{$item_out}";
    if ($print) {
        $OUTPUT = clean_html($OUTPUT);
        require "../tmpl-print.php";
    } else {
        return $OUTPUT;
    }
}

 public static function get_mails($user_id)
 {
     $user_id = intval($user_id);
     $mails = [];
     $sql = "SELECT * FROM mails WHERE recipient = {$user_id} ORDER BY unread DESC, send_date DESC LIMIT 30";
     $req = Db::query($sql);
     if ($req->rowCount() > 0) {
         $result = $req->fetchAll(PDO::FETCH_ASSOC);
         foreach ($result as $mail) {
             $mails[$mail['id']] = $mail;
             $mails[$mail['id']]['content'] = nl2br(clean_html($mail['content']));
             $mails[$mail['id']]['topic'] = htmlentities($mail['topic']);
             if ($mail['author'] == 0) {
                 $mails[$mail['id']]['author'] = 'admin';
             } else {
                 $sender = new User($mail['author']);
                 $mails[$mail['id']]['author'] = htmlentities($sender->pseudo);
             }
         }
     }
     return $mails;
 }