diff options
author | dave <dave@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-04-17 12:46:14 +0000 |
---|---|---|
committer | dave <dave@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2009-04-17 12:46:14 +0000 |
commit | 8f695bf25152245f97542cbd8adbd8bcbf186ca5 (patch) | |
tree | 2e9cb27c0753d6965a8e0af6cdad7cd4f5b9a9ee /engine/lib/input.php | |
parent | 8eeedce86b8a20314eaefdbdda4223f0cb038184 (diff) | |
download | elgg-8f695bf25152245f97542cbd8adbd8bcbf186ca5.tar.gz elgg-8f695bf25152245f97542cbd8adbd8bcbf186ca5.tar.bz2 |
small tweak to kses input, for now.
git-svn-id: https://code.elgg.org/elgg/trunk@3220 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib/input.php')
-rw-r--r-- | engine/lib/input.php | 168 |
1 files changed, 84 insertions, 84 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php index 5ac3ad618..a7afa834a 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -15,7 +15,7 @@ * Get some input from variables passed on the GET or POST line.
*
* @param $variable string The variable we want to return.
- * @param $default mixed A default value for the variable if it is not found. + * @param $default mixed A default value for the variable if it is not found.
* @param $filter_result If true then the result is filtered for bad tags.
*/
function get_input($variable, $default = "", $filter_result = true)
@@ -26,15 +26,15 @@ if (isset($CONFIG->input[$variable]))
return $CONFIG->input[$variable];
- if (isset($_REQUEST[$variable])) { + if (isset($_REQUEST[$variable])) {
- if (is_array($_REQUEST[$variable])) { - $var = $_REQUEST[$variable]; - } else { + if (is_array($_REQUEST[$variable])) {
+ $var = $_REQUEST[$variable];
+ } else {
$var = trim($_REQUEST[$variable]);
}
- - if ($filter_result) +
+ if ($filter_result)
$var = filter_tags($var);
return $var;
@@ -55,51 +55,51 @@ global $CONFIG;
if (!isset($CONFIG->input))
- $CONFIG->input = array(); - - if (is_array($value)) - { - foreach ($value as $key => $val) - $value[$key] = trim($val); - - $CONFIG->input[trim($variable)] = $value; - } + $CONFIG->input = array();
+
+ if (is_array($value))
+ {
+ foreach ($value as $key => $val)
+ $value[$key] = trim($val);
+
+ $CONFIG->input[trim($variable)] = $value;
+ }
else
$CONFIG->input[trim($variable)] = trim($value);
- } - - /** - * Kses filtering of tags, called on a plugin hook - * - * @param mixed $var Variable to filter - * @return mixed - */ - function kses_filter_tags($hook, $entity_type, $returnvalue, $params) - { - $return = $returnvalue; - $var = $returnvalue; - - if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") { - - global $CONFIG; - - $allowedtags = $CONFIG->allowedtags; - $allowedprotocols = $CONFIG->allowedprotocols; - - if (!is_array($var)) { - $return = ""; - $return = kses($var, $allowedtags, $allowedprotocols); - } else { - $return = array(); - - foreach($var as $key => $el) { - $return[$key] = kses($el, $allowedtags, $allowedprotocols); - } - } - } - - return $return; + }
+
+ /**
+ * Kses filtering of tags, called on a plugin hook
+ *
+ * @param mixed $var Variable to filter
+ * @return mixed
+ */
+ function kses_filter_tags($hook, $entity_type, $returnvalue, $params)
+ {
+ $return = $returnvalue;
+ $var = $returnvalue;
+
+ if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
+
+ global $CONFIG;
+
+ $allowedtags = $CONFIG->allowedtags;
+ $allowedprotocols = $CONFIG->allowedprotocols;
+
+ if (!is_array($var)) {
+ $return = "";
+ $return = kses($var, $allowedtags, $allowedprotocols);
+ } else {
+ $return = array();
+
+ foreach($var as $key => $el) {
+ $return[$key] = kses($el, $allowedtags, $allowedprotocols);
+ }
+ }
+ }
+
+ return $return;
}
/**
@@ -110,27 +110,27 @@ function filter_tags($var)
{
return trigger_plugin_hook('validate', 'input', null, $var);
- } - - /** - * Sanitise file paths for input, ensuring that they begin and end with slashes etc. - * - * @param string $path The path - * @return string - */ - function sanitise_filepath($path) - { - // Convert to correct UNIX paths - $path = str_replace('\\', '/', $path); - - // Sort trailing slash - $path = trim($path); - $path = rtrim($path, " /"); - $path = $path . "/"; - - return $path; }
- +
+ /**
+ * Sanitise file paths for input, ensuring that they begin and end with slashes etc.
+ *
+ * @param string $path The path
+ * @return string
+ */
+ function sanitise_filepath($path)
+ {
+ // Convert to correct UNIX paths
+ $path = str_replace('\\', '/', $path);
+
+ // Sort trailing slash
+ $path = trim($path);
+ $path = rtrim($path, " /");
+ $path = $path . "/";
+
+ return $path;
+ }
+
/**
* Takes a string and turns any URLs into formatted links
@@ -138,16 +138,16 @@ * @param string $text The input string
* @return string The output stirng with formatted links
**/
- function parse_urls($text) { - - return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i', - create_function( - '$matches', - ' - $url = $matches[1]; - $urltext = str_replace("/", "/<wbr />", $url); - return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>"; - ' + function parse_urls($text) {
+
+ return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i',
+ create_function(
+ '$matches',
+ '
+ $url = $matches[1];
+ $urltext = str_replace("/", "/<wbr />", $url);
+ return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>";
+ '
), $text);
}
@@ -362,7 +362,7 @@ 'longdesc' => array (),
'vspace' => array (),
'src' => array (),
-// 'style' => array (),
+ 'style' => array (),
'width' => array ()),
'ins' => array(
'datetime' => array (),
@@ -380,7 +380,7 @@ 'align' => array (),
'dir' => array(),
'lang' => array(),
-// 'style' => array (),
+ 'style' => array (),
'xml:lang' => array()),
'pre' => array(
// 'style' => array(),
@@ -494,9 +494,9 @@ $CONFIG->allowedprotocols = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'teamspeak', 'gopher', 'mms',
'color', 'callto', 'cursor', 'text-align', 'font-size', 'font-weight', 'font-style',
- 'border', 'margin', 'padding', 'float'); - - // For now, register the kses for processing + 'border', 'margin', 'padding', 'float');
+
+ // For now, register the kses for processing
register_plugin_hook('validate', 'input', 'kses_filter_tags', 1);
}
|