12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166 |
- <?php
-
-
- if(substr(phpversion(), 0, 1) < 5)
- {
- die("Class kses requires PHP 5 or higher.");
- }
-
- if(!defined('KSES_CLASS_PHP5'))
- {
- define('KSES_CLASS_PHP5', true);
-
- class kses5
- {
-
- private $allowed_protocols;
- private $allowed_html;
-
-
- public function __construct()
- {
-
- $this->allowed_protocols = array('http', 'ftp', 'mailto');
- $this->allowed_html = array();
- }
-
- public function Parse($string = "")
- {
- if (get_magic_quotes_gpc())
- {
- $string = stripslashes($string);
- }
- $string = $this->removeNulls($string);
-
- $string = preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string);
- $string = $this->normalizeEntities($string);
- $string = $this->filterKsesTextHook($string);
- $string = preg_replace('%(<' . '[^>]*' . '(>|$)' . '|>)%e', "\$this->stripTags('\\1')", $string);
- return $string;
- }
-
- public function AddProtocols()
- {
- $c_args = func_num_args();
- if($c_args != 1)
- {
- trigger_error("kses5::AddProtocols() did not receive an argument.", E_USER_WARNING);
- return false;
- }
- $protocol_data = func_get_arg(0);
- if(is_array($protocol_data) && count($protocol_data) > 0)
- {
- foreach($protocol_data as $protocol)
- {
- $this->AddProtocol($protocol);
- }
- return true;
- }
- elseif(is_string($protocol_data))
- {
- $this->AddProtocol($protocol_data);
- return true;
- }
- else
- {
- trigger_error("kses5::AddProtocols() did not receive a string or an array.", E_USER_WARNING);
- return false;
- }
- }
-
- public function Protocols()
- {
- $c_args = func_num_args();
- if($c_args != 1)
- {
- trigger_error("kses5::Protocols() did not receive an argument.", E_USER_WARNING);
- return false;
- }
- return $this->AddProtocols(func_get_arg(0));
- }
-
- public function AddProtocol($protocol = "")
- {
- if(!is_string($protocol))
- {
- trigger_error("kses5::AddProtocol() requires a string.", E_USER_WARNING);
- return false;
- }
-
- if(substr($protocol, strlen($protocol) - 1, 1) == ":")
- {
- $protocol = substr($protocol, 0, strlen($protocol) - 1);
- }
- $protocol = strtolower(trim($protocol));
- if($protocol == "")
- {
- trigger_error("kses5::AddProtocol() tried to add an empty/NULL protocol.", E_USER_WARNING);
- return false;
- }
-
- if(!in_array($protocol, $this->allowed_protocols))
- {
- array_push($this->allowed_protocols, $protocol);
- sort($this->allowed_protocols);
- }
- return true;
- }
-
- public function RemoveProtocol($protocol = "")
- {
- if(!is_string($protocol))
- {
- trigger_error("kses5::RemoveProtocol() requires a string.", E_USER_WARNING);
- return false;
- }
-
- if(substr($protocol, strlen($protocol) - 1, 1) == ":")
- {
- $protocol = substr($protocol, 0, strlen($protocol) - 1);
- }
- $protocol = strtolower(trim($protocol));
- if($protocol == "")
- {
- trigger_error("kses5::RemoveProtocol() tried to remove an empty/NULL protocol.", E_USER_WARNING);
- return false;
- }
-
- if(in_array($protocol, $this->allowed_protocols))
- {
- $this->allowed_protocols = array_diff($this->allowed_protocols, array($protocol));
- sort($this->allowed_protocols);
- }
- return true;
- }
-
- public function RemoveProtocols()
- {
- $c_args = func_num_args();
- if($c_args != 1)
- {
- return false;
- }
- $protocol_data = func_get_arg(0);
- if(is_array($protocol_data) && count($protocol_data) > 0)
- {
- foreach($protocol_data as $protocol)
- {
- $this->RemoveProtocol($protocol);
- }
- }
- elseif(is_string($protocol_data))
- {
- $this->RemoveProtocol($protocol_data);
- return true;
- }
- else
- {
- trigger_error("kses5::RemoveProtocols() did not receive a string or an array.", E_USER_WARNING);
- return false;
- }
- }
-
- public function SetProtocols()
- {
- $c_args = func_num_args();
- if($c_args != 1)
- {
- trigger_error("kses5::SetProtocols() did not receive an argument.", E_USER_WARNING);
- return false;
- }
- $protocol_data = func_get_arg(0);
- if(is_array($protocol_data) && count($protocol_data) > 0)
- {
- $this->allowed_protocols = array();
- foreach($protocol_data as $protocol)
- {
- $this->AddProtocol($protocol);
- }
- return true;
- }
- elseif(is_string($protocol_data))
- {
- $this->allowed_protocols = array();
- $this->AddProtocol($protocol_data);
- return true;
- }
- else
- {
- trigger_error("kses5::SetProtocols() did not receive a string or an array.", E_USER_WARNING);
- return false;
- }
- }
-
- public function DumpProtocols()
- {
- return $this->allowed_protocols;
- }
-
- public function DumpElements()
- {
- return $this->allowed_html;
- }
-
- public function AddHTML($tag = "", $attribs = array())
- {
- if(!is_string($tag))
- {
- trigger_error("kses5::AddHTML() requires the tag to be a string", E_USER_WARNING);
- return false;
- }
- $tag = strtolower(trim($tag));
- if($tag == "")
- {
- trigger_error("kses5::AddHTML() tried to add an empty/NULL tag", E_USER_WARNING);
- return false;
- }
- if(!is_array($attribs))
- {
- trigger_error("kses5::AddHTML() requires an array (even an empty one) of attributes for '$tag'", E_USER_WARNING);
- return false;
- }
- $new_attribs = array();
- if(is_array($attribs) && count($attribs) > 0)
- {
- foreach($attribs as $idx1 => $val1)
- {
- $new_idx1 = strtolower($idx1);
- $new_val1 = $attribs[$idx1];
- if(is_array($new_val1) && count($attribs) > 0)
- {
- $tmp_val = array();
- foreach($new_val1 as $idx2 => $val2)
- {
- $new_idx2 = strtolower($idx2);
- $tmp_val[$new_idx2] = $val2;
- }
- $new_val1 = $tmp_val;
- }
- $new_attribs[$new_idx1] = $new_val1;
- }
- }
- $this->allowed_html[$tag] = $new_attribs;
- return true;
- }
-
- private function removeNulls($string)
- {
- $string = preg_replace('/\0+/', '', $string);
- $string = preg_replace('/(\\\\0)+/', '', $string);
- return $string;
- }
-
- private function normalizeEntities($string)
- {
-
- $string = str_replace('&', '&', $string);
-
-
- $string = preg_replace(
- '/&([A-Za-z][A-Za-z0-9]{0,19});/',
- '&\\1;',
- $string
- );
-
- $string = preg_replace(
- '/&#0*([0-9]{1,5});/e',
- '\$this->normalizeEntities16bit("\\1")',
- $string
- );
-
- $string = preg_replace(
- '/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/',
- '&#\\1\\2;',
- $string
- );
- return $string;
- }
-
- private function normalizeEntities16bit($i)
- {
- return (($i > 65535) ? "&#$i;" : "&#$i;");
- }
-
- private function filterKsesTextHook($string)
- {
- return $string;
- }
-
- private function _hook($string)
- {
- return $this->filterKsesTextHook($string);
- }
-
- private function makeArrayKeysLowerCase($in_array)
- {
- $out_array = array();
- if(is_array($in_array) && count($in_array) > 0)
- {
- foreach ($in_array as $in_key => $in_val)
- {
- $out_key = strtolower($in_key);
- $out_array[$out_key] = array();
- if(is_array($in_val) && count($in_val) > 0)
- {
- foreach ($in_val as $in_key2 => $in_val2)
- {
- $out_key2 = strtolower($in_key2);
- $out_array[$out_key][$out_key2] = $in_val2;
- }
- }
- }
- }
- return $out_array;
- }
-
- private function stripTags($string)
- {
- $string = preg_replace('%\\\\"%', '"', $string);
- if (substr($string, 0, 1) != '<')
- {
-
- return '>';
- }
- if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches))
- {
-
- return '';
- }
- $slash = trim($matches[1]);
- $elem = $matches[2];
- $attrlist = $matches[3];
- if (
- !isset($this->allowed_html[strtolower($elem)]) ||
- !is_array($this->allowed_html[strtolower($elem)]))
- {
-
- return '';
- }
- if ($slash != '')
- {
- return "<$slash$elem>";
- }
-
- return $this->stripAttributes("$slash$elem", $attrlist);
- }
-
- private function stripAttributes($element, $attr)
- {
-
- $xhtml_slash = '';
- if (preg_match('%\s/\s*$%', $attr))
- {
- $xhtml_slash = ' /';
- }
-
- if (
- !isset($this->allowed_html[strtolower($element)]) ||
- count($this->allowed_html[strtolower($element)]) == 0
- )
- {
- return "<$element$xhtml_slash>";
- }
-
- $attrarr = $this->combAttributes($attr);
-
-
- $attr2 = '';
- if(is_array($attrarr) && count($attrarr) > 0)
- {
- foreach ($attrarr as $arreach)
- {
- if(!isset($this->allowed_html[strtolower($element)][strtolower($arreach['name'])]))
- {
- continue;
- }
- $current = $this->allowed_html[strtolower($element)][strtolower($arreach['name'])];
- if (!is_array($current))
- {
-
- $attr2 .= ' '.$arreach['whole'];
- }
- else
- {
-
- $ok = true;
- if(is_array($current) && count($current) > 0)
- {
- foreach ($current as $currkey => $currval)
- {
- if (!$this->checkAttributeValue($arreach['value'], $arreach['vless'], $currkey, $currval))
- {
- $ok = false;
- break;
- }
- }
- }
- if ($ok)
- {
-
- $attr2 .= ' '.$arreach['whole'];
- }
- }
- }
- }
-
- $attr2 = preg_replace('/[<>]/', '', $attr2);
- return "<$element$attr2$xhtml_slash>";
- }
-
- private function combAttributes($attr)
- {
- $attrarr = array();
- $mode = 0;
- $attrname = '';
-
- while (strlen($attr) != 0)
- {
-
- $working = 0;
- switch ($mode)
- {
- case 0:
- if (preg_match('/^([-a-zA-Z]+)/', $attr, $match))
- {
- $attrname = $match[1];
- $working = $mode = 1;
- $attr = preg_replace('/^[-a-zA-Z]+/', '', $attr);
- }
- break;
- case 1:
- if (preg_match('/^\s*=\s*/', $attr))
- {
- $working = 1;
- $mode = 2;
- $attr = preg_replace('/^\s*=\s*/', '', $attr);
- break;
- }
- if (preg_match('/^\s+/', $attr))
- {
- $working = 1;
- $mode = 0;
- $attrarr[] = array(
- 'name' => $attrname,
- 'value' => '',
- 'whole' => $attrname,
- 'vless' => 'y'
- );
- $attr = preg_replace('/^\s+/', '', $attr);
- }
- break;
- case 2:
- if (preg_match('/^"([^"]*)"(\s+|$)/', $attr, $match))
- {
- $thisval = $this->removeBadProtocols($match[1]);
- $attrarr[] = array(
- 'name' => $attrname,
- 'value' => $thisval,
- 'whole' => $attrname . '="' . $thisval . '"',
- 'vless' => 'n'
- );
- $working = 1;
- $mode = 0;
- $attr = preg_replace('/^"[^"]*"(\s+|$)/', '', $attr);
- break;
- }
- if (preg_match("/^'([^']*)'(\s+|$)/", $attr, $match))
- {
- $thisval = $this->removeBadProtocols($match[1]);
- $attrarr[] = array(
- 'name' => $attrname,
- 'value' => $thisval,
- 'whole' => "$attrname='$thisval'",
- 'vless' => 'n'
- );
- $working = 1;
- $mode = 0;
- $attr = preg_replace("/^'[^']*'(\s+|$)/", '', $attr);
- break;
- }
- if (preg_match("%^([^\s\"']+)(\s+|$)%", $attr, $match))
- {
- $thisval = $this->removeBadProtocols($match[1]);
- $attrarr[] = array(
- 'name' => $attrname,
- 'value' => $thisval,
- 'whole' => $attrname . '="' . $thisval . '"',
- 'vless' => 'n'
- );
-
- $working = 1;
- $mode = 0;
- $attr = preg_replace("%^[^\s\"']+(\s+|$)%", '', $attr);
- }
- break;
- }
- if ($working == 0)
- {
- $attr = preg_replace('/^("[^"]*("|$)|\'[^\']*(\'|$)|\S)*\s*/', '', $attr);
- $mode = 0;
- }
- }
-
-
- if ($mode == 1)
- {
- $attrarr[] = array(
- 'name' => $attrname,
- 'value' => '',
- 'whole' => $attrname,
- 'vless' => 'y'
- );
- }
- return $attrarr;
- }
-
- private function removeBadProtocols($string)
- {
- $string = $this->RemoveNulls($string);
- $string = preg_replace('/\xad+/', '', $string);
- $string2 = $string . 'a';
- $string2 = preg_split('/:|:|:/i', $string, 2);
- if(isset($string2[1]) && !preg_match('%/\?%',$string2[0]))
- {
- $string = $this->filterProtocols($string2[0]).trim($string2[1]);
- }
- return $string;
- }
-
- private function filterProtocols($string)
- {
- $string = $this->decodeEntities($string);
- $string = preg_replace('/\s/', '', $string);
- $string = $this->removeNulls($string);
- $string = preg_replace('/\xad+/', '', $string2);
- $string = strtolower($string);
- if(is_array($this->allowed_protocols) && count($this->allowed_protocols) > 0)
- {
- foreach ($this->allowed_protocols as $one_protocol)
- {
- if (strtolower($one_protocol) == $string)
- {
- return "$string:";
- }
- }
- }
- return '';
- }
-
- private function checkAttributeValue($value, $vless, $checkname, $checkvalue)
- {
- $ok = true;
- $check_attribute_method_name = 'checkAttributeValue' . ucfirst(strtolower($checkname));
- if(method_exists($this, $check_attribute_method_name))
- {
- $ok = $this->$check_attribute_method_name($value, $checkvalue, $vless);
- }
- return $ok;
- }
-
- private function checkAttributeValueMaxlen($value, $checkvalue)
- {
- if (strlen($value) > intval($checkvalue))
- {
- return false;
- }
- return true;
- }
-
- private function checkAttributeValueMinlen($value, $checkvalue)
- {
- if (strlen($value) < intval($checkvalue))
- {
- return false;
- }
- return true;
- }
-
- private function checkAttributeValueMaxval($value, $checkvalue)
- {
- if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
- {
- return false;
- }
- if (intval($value) > intval($checkvalue))
- {
- return false;
- }
- return true;
- }
-
- private function checkAttributeValueMinval($value, $checkvalue)
- {
- if (!preg_match('/^\s{0,6}[0-9]{1,6}\s{0,6}$/', $value))
- {
- return false;
- }
- if (intval($value) < ($checkvalue))
- {
- return false;
- }
- return true;
- }
-
- private function checkAttributeValueValueless($value, $checkvalue, $vless)
- {
- if (strtolower($checkvalue) != $vless)
- {
- return false;
- }
- return true;
- }
-
- private function decodeEntities($string)
- {
- $string = preg_replace('/&#([0-9]+);/e', 'chr("\\1")', $string);
- $string = preg_replace('/&#[Xx]([0-9A-Fa-f]+);/e', 'chr(hexdec("\\1"))', $string);
- return $string;
- }
-
- public function Version()
- {
- return 'PHP5 OOP 1.0.2';
- }
- }
- }
- ?>
|