本文整理匯總了PHP中IPSText::xssMakeJavascriptSafe方法的典型用法代碼示例。如果您正苦於以下問題:PHP IPSText::xssMakeJavascriptSafe方法的具體用法?PHP IPSText::xssMakeJavascriptSafe怎麽用?PHP IPSText::xssMakeJavascriptSafe使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類IPSText的用法示例。
在下文中一共展示了IPSText::xssMakeJavascriptSafe方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: checkXss
/**
* Check against XSS
*
* NOTE: When this function is updated, please also update classIncomingEmail::cleanMessage()
*
* @access public
* @param string Original string
* @param boolean Fix script HTML tags
* @return string "Cleaned" text
*/
public function checkXss($txt = '', $fixScript = false, $tag = '')
{
//-----------------------------------------
// Opening script tags...
// Check for spaces and new lines...
//-----------------------------------------
if ($fixScript) {
$txt = preg_replace('#<(\\s+?)?s(\\s+?)?c(\\s+?)?r(\\s+?)?i(\\s+?)?p(\\s+?)?t#is', "<script", $txt);
$txt = preg_replace('#<(\\s+?)?/(\\s+?)?s(\\s+?)?c(\\s+?)?r(\\s+?)?i(\\s+?)?p(\\s+?)?t#is', "</script", $txt);
}
/* got a tag? */
if ($tag) {
$tag = strip_tags($tag, '<br>');
switch ($tag) {
case 'entry':
case 'blog':
case 'topic':
case 'post':
$test = str_replace(array('"', "'", '"', '''), "", $txt);
if (!is_numeric($test)) {
$txt = false;
}
break;
case 'acronym':
$test = str_replace(array('"', "'", '"', '''), "", $txt);
$test1 = str_replace(array('<', ">", '[', ']'), "", $test);
//IPSText::alphanumericalClean( $test, '.+&#; ' );
if ($test != $test1) {
$txt = false;
}
break;
case 'email':
$test = str_replace(array('"', "'", '"', '''), "", $txt);
$test = IPSText::checkEmailAddress($test) ? $txt : FALSE;
break;
case 'font':
/* Make sure it's clean */
$test = str_replace(array('"', "'", '"', '''), "", $txt);
$test1 = IPSText::alphanumericalClean($test, '#.+, ');
if ($test != $test1) {
$txt = false;
}
break;
case 'background':
case 'color':
/* Make sure it's clean */
$test = str_replace(array('"', "'", '"', '''), "", $txt);
/* Make rgb() safe */
$test = preg_replace('#rgb(a)?\\(([^\\)]+?)\\)#i', '', $test);
$test1 = IPSText::alphanumericalClean($test, '#.+, ');
if ($test != $test1) {
$txt = false;
}
break;
default:
$_regex = null;
$_bbcodes = $this->cache->getCache('bbcode');
$_regex = $_bbcodes[$tag]['bbcode_custom_regex'];
if ($_regex) {
$test = str_replace(array('"', "'", '"', '''), "", $txt);
if (!preg_match($_regex, $test)) {
$txt = false;
}
}
break;
}
/* If we didn't actually get any option data, then return false */
$test = str_replace(array('"', "'", '"', '''), "", $txt);
if (strlen($txt) and strlen($test) < 1) {
$txt = false;
}
if ($txt === false) {
return false;
}
/* Still here? Safety, then */
$txt = strip_tags($txt, '<br>');
if (strpos($txt, '[') !== false or strpos($txt, ']') !== false) {
$txt = str_replace(array('[', ']'), array('[', ']'), $txt);
}
}
/* Attempt to make JS safe */
$txt = IPSText::xssMakeJavascriptSafe($txt);
return $txt;
}示例2: _buildOutput
/**
* Build the actual output to show
*
* @access protected
* @param array $content Image URL to link to
* @return string Content to replace bbcode with
*/
protected function _buildOutput($content)
{
$content = trim($content);
//-----------------------------------------
// Too many images?
//-----------------------------------------
$existing = $this->cache->getCache('_tmp_bbcode_images', false);
$existing = intval($existing) + 1;
if ($this->settings['max_images'] and $this->caches['_tmp_section'] != 'signatures') {
if ($existing > $this->settings['max_images']) {
$this->error = 'too_many_img';
return $content;
}
}
$this->cache->updateCacheWithoutSaving('_tmp_bbcode_images', $existing);
//-----------------------------------------
// Some security checking
//-----------------------------------------
$content = preg_replace('#(https|http|ftp)&\\#(058|58);//#', '\\1://', $content);
if (IPSText::xssCheckUrl($content) !== TRUE) {
return $content;
}
foreach ($this->cache->getCache('bbcode') as $bbcode) {
$_tags = $this->_retrieveTags();
foreach ($_tags as $tag) {
if (stripos($content, '[' . $tag) !== false) {
return $content;
}
}
}
//-----------------------------------------
// Allowed type?
//-----------------------------------------
/* Load parser */
$classToLoad = IPSLib::loadLibrary(IPS_ROOT_PATH . 'sources/classes/text/parser.php', 'classes_text_parser');
$parser = new $classToLoad();
if (!$parser->isAllowedImgUrl($content)) {
$this->error = 'invalid_ext';
return $content;
}
//-----------------------------------------
// URL filtering?
//-----------------------------------------
if (!$parser->isAllowedUrl($content)) {
$this->error = 'domain_not_allowed';
return $content;
}
if (stristr($content, $this->settings['board_url'] . '/' . PUBLIC_DIRECTORY . '/style_emoticons/')) {
return "<img src='" . IPSText::xssMakeJavascriptSafe($content) . "' alt='{$this->lang->words['bbcode_img_alt']}' class='bbc_emoticon' />";
} else {
/* @link http://community.invisionpower.com/resources/bugs.html/_/ip-board/img-tag-no-http-r40534 */
if (substr($content, 0, 4) != 'http') {
$content = 'http://' . $content;
}
return "<img src='" . IPSText::xssMakeJavascriptSafe($content) . "' alt='{$this->lang->words['bbcode_img_alt']}' class='bbc_img' />";
}
}示例3: _buildOutput
/**
* Build the actual output to show
*
* @access protected
* @param array $content Image URL to link to
* @return string Content to replace bbcode with
*/
protected function _buildOutput($content)
{
$content = trim($content);
//-----------------------------------------
// Too many images?
//-----------------------------------------
$existing = $this->cache->getCache('_tmp_bbcode_images', false);
$existing = intval($existing) + 1;
if ($this->settings['max_images'] and $this->caches['_tmp_section'] != 'signatures') {
if ($existing > $this->settings['max_images']) {
$this->error = 'too_many_img';
return $content;
}
}
$this->cache->updateCacheWithoutSaving('_tmp_bbcode_images', $existing);
//-----------------------------------------
// Some security checking
//-----------------------------------------
if (IPSText::xssCheckUrl($content) !== TRUE) {
return $content;
}
foreach ($this->cache->getCache('bbcode') as $bbcode) {
$_tags = $this->_retrieveTags();
foreach ($_tags as $tag) {
if (stripos($content, '[' . $tag) !== false) {
return $content;
}
}
}
//-----------------------------------------
// Allowed type?
//-----------------------------------------
if ($this->settings['img_ext']) {
$path = @parse_url(html_entity_decode($content), PHP_URL_PATH);
$pieces = explode('.', $path);
$ext = array_pop($pieces);
$ext = strtolower($ext);
if (!in_array($ext, explode(',', str_replace('.', '', strtolower($this->settings['img_ext']))))) {
$this->error = 'invalid_ext';
return $content;
}
}
//-----------------------------------------
// URL filtering?
//-----------------------------------------
if ($this->settings['ipb_use_url_filter']) {
$list_type = $this->settings['ipb_url_filter_option'] == "black" ? "blacklist" : "whitelist";
if ($this->settings['ipb_url_' . $list_type]) {
$list_values = array();
$list_values = explode("\n", str_replace("\r", "", $this->settings['ipb_url_' . $list_type]));
if ($list_type == 'whitelist') {
$list_values[] = "http://{$_SERVER['HTTP_HOST']}/*";
}
if (count($list_values)) {
$good_url = 0;
foreach ($list_values as $my_url) {
if (!trim($my_url)) {
continue;
}
$my_url = preg_quote($my_url, '/');
$my_url = str_replace('\\*', "(.*?)", $my_url);
if ($list_type == "blacklist") {
if (preg_match('/' . $my_url . '/i', $content)) {
$this->error = 'domain_not_allowed';
return $content;
}
} else {
if (preg_match('/' . $my_url . '/i', $content)) {
$good_url = 1;
}
}
}
if (!$good_url and $list_type == "whitelist") {
$this->error = 'domain_not_allowed';
return $content;
}
}
}
}
return "<span rel='lightbox'><img src='" . IPSText::xssMakeJavascriptSafe($content) . "' alt='{$this->lang->words['bbcode_img_alt']}' class='bbc_img' /></span>";
}示例4: _viewModern
//.........這裏部分代碼省略.........
$visitors[] = $_visitor_info[$_id];
if (count($visitors) == 5) {
break;
}
}
}
}
//-----------------------------------------
// Online location
//-----------------------------------------
$member = IPSMember::getLocation($member);
//-----------------------------------------
// Add profile view
//-----------------------------------------
$this->DB->insert('profile_portal_views', array('views_member_id' => $member['member_id']), true);
//-----------------------------------------
// Grab default tab...
//-----------------------------------------
$tab_html = '';
if ($tab) {
if (@is_file(IPSLib::getAppDir($tabs[$tab]['app']) . '/extensions/profileTabs/' . $tab . '.php')) {
require IPSLib::getAppDir('members') . '/sources/tabs/pluginParentClass.php';
/*noLibHook*/
$classToLoad = IPSLib::loadLibrary(IPSLib::getAppDir($tabs[$tab]['app']) . '/extensions/profileTabs/' . $tab . '.php', 'profile_' . $tab, $tabs[$tab]['app']);
$plugin = new $classToLoad($this->registry);
$tab_html = $plugin->return_html_block($member);
}
}
//-----------------------------------------
// Set description tag
//-----------------------------------------
$_desc = $member['pp_about_me'] ? $member['pp_about_me'] : $member['signature'];
if ($_desc) {
$this->registry->output->addMetaTag('description', $member['members_display_name'] . ': ' . IPSText::xssMakeJavascriptSafe(IPSText::getTextClass('bbcode')->stripAllTags($_desc)));
}
/* Reputation */
if ($this->settings['reputation_protected_groups']) {
if (in_array($member['member_group_id'], explode(",", $this->settings['reputation_protected_groups']))) {
$this->settings['reputation_show_profile'] = false;
}
}
//-----------------------------------------
// Try to "fix" empty custom field groups
//-----------------------------------------
foreach ($member['custom_fields'] as $group => $mdata) {
if ($group != 'profile_info' and $group != 'contact') {
if (is_array($member['custom_fields'][$group]) and count($member['custom_fields'][$group])) {
$_count = 0;
foreach ($member['custom_fields'][$group] as $key => $value) {
if ($value) {
$_count++;
}
}
if (!$_count) {
unset($member['custom_fields'][$group]);
}
}
} else {
if ($group == 'contact') {
$show_contact = false;
foreach ($member['custom_fields'][$group] as $key => $value) {
$_val = preg_replace('/<!--(.|\\s)*?-->/', '', $value);
if ($_val) {
$show_contact = true;
break;
}示例5: show
/**
* Shows the editor
* print $editor->show( 'message', 'reply-topic-1244' );
* @param string Field
* @param array Options: Auto save key, a unique key for the page. If supplied, editor will auto-save at regular intervals. Works for logged in members only
* @param string Optional content
*/
public function show($fieldName, $options = array(), $content = '')
{
$showEditor = TRUE;
/* Have we forced RTE? */
if (!empty($this->request['isRte'])) {
$options['isRte'] = intval($this->request['isRte']);
}
$_autoSaveKeyOrig = !empty($options['autoSaveKey']) ? $options['autoSaveKey'] : '';
$options['editorName'] = !empty($options['editorName']) ? $options['editorName'] : $this->_fetchEditorName();
$options['autoSaveKey'] = $_autoSaveKeyOrig && $this->memberData['member_id'] ? $this->_generateAutoSaveKey($_autoSaveKeyOrig) : '';
$options['type'] = !empty($options['type']) && $options['type'] == 'mini' ? 'mini' : 'full';
$options['minimize'] = intval($options['minimize']);
$options['height'] = intval($options['height']);
$options['isTypingCallBack'] = !empty($options['isTypingCallBack']) ? $options['isTypingCallBack'] : '';
$options['noSmilies'] = !empty($options['noSmilies']) ? true : false;
$options['delayInit'] = !empty($options['delayInit']) ? 1 : 0;
$options['smilies'] = $this->fetchEmoticons();
$options['bypassCKEditor'] = !empty($options['bypassCKEditor']) ? 1 : ($this->getRteEnabled() ? 0 : 1);
$options['legacyMode'] = !empty($options['legacyMode']) ? $options['legacyMode'] : 'on';
$html = '';
/* Fetch disabled tags */
$parser = $this->_newParserObject();
$options['disabledTags'] = $parser->getDisabledTags();
$this->setLegacyMode($options['legacyMode'] == 'on' ? true : false);
if (isset($options['recover'])) {
$content = IPSText::xssMakeJavascriptSafe($_POST['Post']);
}
/* Try and sniff out entered HTML */
if (IN_ACP and empty($options['isHtml'])) {
$options['isHtml'] = intval($this->_tryAndDetermineHtmlStatusTheHackyWay($content ? $content : $this->getContent()));
}
if (!empty($options['isHtml'])) {
$this->setIsHtml(true);
if (IN_ACP) {
$options['type'] = 'ipsacp';
}
} else {
if ($this->getIsHtml()) {
$options['isHtml'] = 1;
}
}
/* inline content */
if ($content) {
$this->setContent($this->getLegacyMode() ? str_replace('\\\'', '\'', $content) : $content);
}
/* Is this legacy bbcode? If we are using RTE, we need to send HTML.
@link http://community.invisionpower.com/resources/bugs.html/_/ip-board/old-style-image-links-do-not-parse-in-editor-r42078 */
if ($parser->isBBCode($this->getContent())) {
$this->setContent($parser->htmlToEditor($this->getContent()));
}
/* Store last editor ID in case calling scripts need it */
$this->settings['_lastEditorId'] = $options['editorName'];
if (IN_ACP) {
$html = $this->registry->getClass('output')->global_template->editor($fieldName, $this->getContent(), $options, $this->getAutoSavedContent($_autoSaveKeyOrig));
} else {
$warningInfo = '';
$acknowledge = FALSE;
//-----------------------------------------
// Warnings
//-----------------------------------------
if (isset($options['warnInfo']) and $this->memberData['member_id']) {
$message = '';
/* Have they been restricted from posting? */
if ($this->memberData['restrict_post']) {
$data = IPSMember::processBanEntry($this->memberData['restrict_post']);
if ($data['date_end']) {
if (time() >= $data['date_end']) {
IPSMember::save($this->memberData['member_id'], array('core' => array('restrict_post' => 0)));
} else {
$message = sprintf($this->lang->words['warnings_restrict_post_temp'], $this->lang->getDate($data['date_end'], 'JOINED'));
}
} else {
$message = $this->lang->words['warnings_restrict_post_perm'];
}
if ($this->memberData['unacknowledged_warnings']) {
$warn = ipsRegistry::DB()->buildAndFetch(array('select' => '*', 'from' => 'members_warn_logs', 'where' => "wl_member={$this->memberData['member_id']} AND wl_rpa<>0", 'order' => 'wl_date DESC', 'limit' => 1));
if ($warn['wl_id']) {
$moredetails = "<a href='javascript:void(0);' onclick='warningPopup( this, {$warn['wl_id']} )'>{$this->lang->words['warnings_moreinfo']}</a>";
}
}
if ($options['warnInfo'] == 'full') {
$this->registry->getClass('output')->showError("{$message} {$moredetails}", 103126, null, null, 403);
} else {
$showEditor = FALSE;
}
}
/* Nope? - Requires a new if in case time restriction got just removed */
if (empty($message)) {
/* Do they have any warnings they have to acknowledge? */
if ($this->memberData['unacknowledged_warnings']) {
$unAcknowledgedWarns = ipsRegistry::DB()->buildAndFetch(array('select' => '*', 'from' => 'members_warn_logs', 'where' => "wl_member={$this->memberData['member_id']} AND wl_acknowledged=0", 'order' => 'wl_date DESC', 'limit' => 1));
if ($unAcknowledgedWarns['wl_id']) {
if ($options['warnInfo'] == 'full') {
//.........這裏部分代碼省略.........