functions_filters.asp

快速、可设定管理权限等级的论坛程序

'******************************************
'***  		Format user input     *****
'******************************************

'Format user input function
Private Function formatInput(ByVal strInputEntry)

	'Get rid of malicous code in the message
	strInputEntry = Replace(strInputEntry, "</script>", "", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "<script language=""javascript"">", "", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "<script language=javascript>", "", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "script", "&#115;cript", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "SCRIPT", "&#083;CRIPT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Script", "&#083;cript", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "script", "&#083;cript", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "object", "&#111;bject", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "OBJECT", "&#079;BJECT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Object", "&#079;bject", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "object", "&#079;bject", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "applet", "&#097;pplet", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "APPLET", "&#065;PPLET", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Applet", "&#065;pplet", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "applet", "&#065;pplet", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "embed", "&#101;mbed", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "EMBED", "&#069;MBED", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Embed", "&#069;mbed", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "embed", "&#069;mbed", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "event", "&#101;vent", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "EVENT", "&#069;VENT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Event", "&#069;vent", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "event", "&#069;vent", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "document", "&#100;ocument", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "DOCUMENT", "&#068;OCUMENT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Document", "&#068;ocument", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "document", "&#068;ocument", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "cookie", "&#099;ookie", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "COOKIE", "&#067;OOKIE", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Cookie", "&#067;ookie", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "cookie", "&#067;ookie", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "form", "&#102;orm", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "FORM", "&#070;ORM", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Form", "&#070;orm", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "form", "&#070;orm", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "iframe", "i&#102;rame", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "IFRAME", "I&#070;RAME", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Iframe", "I&#102;rame", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "iframe", "i&#102;rame", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "textarea", "&#116;extarea", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "TEXTAREA", "&#84;EXTAREA", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "Textarea", "&#84;extarea", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "textarea", "&#84;extarea", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "on", "&#111;n", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "ON", "&#079;N", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "On", "&#079;n", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "on", "&#111;n", 1, -1, 1)


	'Reformat a few bits
	strInputEntry = Replace(strInputEntry, "<STR&#079;NG>", "<strong>", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "<str&#111;ng>", "<strong>", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "</STR&#079;NG>", "</strong>", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "</str&#111;ng>", "</strong>", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "f&#111;nt", "font", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "F&#079;NT", "FONT", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "F&#111;nt", "Font", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "f&#079;nt", "font", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "f&#111;nt", "font", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "m&#111;no", "mono", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "M&#079;NO", "MONO", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "M&#079;no", "Mono", 1, -1, 0)
	strInputEntry = Replace(strInputEntry, "m&#079;no", "mono", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "m&#111;no", "mono", 1, -1, 1)

	'Return
	formatInput = strInputEntry
End Function






'********************************************
'*** 		 Format SQL input	*****
'********************************************

'Format SQL Query funtion
Private Function formatSQLInput(ByVal strInputEntry)

	'Remove malisous charcters from links and images
	strInputEntry = Replace(strInputEntry, "<", "&lt;")
	strInputEntry = Replace(strInputEntry, ">", "&gt;")
	strInputEntry = Replace(strInputEntry, "[", "&#091;")
	strInputEntry = Replace(strInputEntry, "]", "&#093;")
	strInputEntry = Replace(strInputEntry, """", "", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "=", "&#061;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "'", "''", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "select", "sel&#101;ct", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "join", "jo&#105;n", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "union", "un&#105;on", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "where", "wh&#101;re", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "insert", "ins&#101;rt", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "delete", "del&#101;te", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "update", "up&#100;ate", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "like", "lik&#101;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "drop", "dro&#112;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "create", "cr&#101;ate", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "modify", "mod&#105;fy", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "rename", "ren&#097;me", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "alter", "alt&#101;r", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "cast", "ca&#115;t", 1, -1, 1)

	'Return
	formatSQLInput = strInputEntry
End Function





'*********************************************
'***  		Strip all tags		 *****
'*********************************************

'Remove all tags for text only display (mainly for subject lines)
Private Function removeAllTags(ByVal strInputEntry)

	'Remove all HTML scripting tags etc. for plain text output
	strInputEntry = Replace(strInputEntry, "&", "&amp;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "<", "&lt;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, ">", "&gt;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, "'", "&#146;", 1, -1, 1)
	strInputEntry = Replace(strInputEntry, """", "&quot;", 1, -1, 1)

	'Return
	removeAllTags = strInputEntry
End Function





'******************************************
'***  Non-Alphanumeric Character Strip ****
'******************************************

'Function to strip non alphanumeric characters
Private Function characterStrip(strTextInput)

	'Dimension variable
	Dim intLoopCounter 	'Holds the loop counter
	
	'Loop through the ASCII characters
	For intLoopCounter = 0 to 47
		strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0) 
	Next
	
	'Loop through the ASCII characters numeric characters to lower-case characters
	For intLoopCounter = 91 to 96
		strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0) 
	Next
	
	'Loop through the extended ASCII characters
	For intLoopCounter = 58 to 64
		strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0) 
	Next
	
	'Loop through the extended ASCII characters
	For intLoopCounter = 123 to 255
		strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0) 
	Next
	
	
	'Return the string
	characterStrip = strTextInput
	
End Function





'**********************************************
'*** 		 Strip HTML 		  *****
'**********************************************

'Remove HTML function
Private Function removeHTML(ByVal strMessageInput)

	Dim lngMessagePosition		'Holds the message position
	Dim intHTMLTagLength		'Holds the length of the HTML tags
	Dim strHTMLMessage		'Holds the HTML message
	Dim strTempMessageInput		'Temp store for the message input


	'Place the message input into a temp store
	strTempMessageInput = strMessageInput

	'Loop through each character in the post message
	For lngMessagePosition = 1 to CLng(Len(strMessageInput))

		'If this is the end of the message then save some process time and jump out the loop
		If Mid(strMessageInput, lngMessagePosition, 1) = "" Then Exit For
		
		'If an HTML tag is found then jump to the end so we can strip it
		If Mid(strMessageInput, lngMessagePosition, 1) = "<" Then

			'Get the length of the HTML tag
			intHTMLTagLength = (InStr(lngMessagePosition, strMessageInput, ">", 1) - lngMessagePosition)
			
			'If the end of the HTML string is in error then set it to the number of characters being passed
			If intHTMLTagLength < 0 Then intHTMLTagLength = CLng(Len(strTempMessageInput))

			'Place the HTML tag back into the temporary message store
			strHTMLMessage = Mid(strMessageInput, lngMessagePosition, intHTMLTagLength + 1)


			'Strip the HTML from the temp message store
			strTempMessageInput = Replace(strTempMessageInput, strHTMLMessage, "", 1, -1, 0)
			
		End If
	Next
	
	'Replace a few characters in the remaining text
	strTempMessageInput = Replace(strTempMessageInput, "<", "&lt;", 1, -1, 1)
	strTempMessageInput = Replace(strTempMessageInput, ">", "&gt;", 1, -1, 1)
	strTempMessageInput = Replace(strTempMessageInput, "'", "&#039;", 1, -1, 1)
	strTempMessageInput = Replace(strTempMessageInput, """", "&#034;", 1, -1, 1)
	strTempMessageInput = Replace(strTempMessageInput, "&nbsp;", "", 1, -1, 1)

	'Return the function
	removeHTML = strTempMessageInput
End Function





'******************************************
'***     Split long text strings	***
'******************************************

'Function to strip out long words, long rows of chars, and long text lines from text
Private Function removeLongText(ByVal strMessageInput)

	Dim lngMessagePosition		'Holds the message position
	Dim intHTMLTagLength		'Holds the length of the HTML tags
	Dim strHTMLMessage		'Holds the HTML message
	Dim strTempMessageText		'Temp store for the message input
	Dim strTempPlainTextWord	'Holds the plain text word
	Dim saryPlainTextWord		'Array holding the plain text words
	Dim sarySplitTextWord()		'Array holding the plain text word that has been split
	Dim lngSplitPlainTextWordLoop	'Loop counter for looping through the pain text split word
	Dim strTempOutputMessage	'Outputted string
	Dim intWordSartPos		'Holds the location in the word to start the split
	Dim saryHTMLlinks()		'Holds links from the message and thier corrisponding code
	Dim strHTMLlinksCode		'Holds the code that is replaced the links with
	Dim lngLoopCounter		'loop counter to count the number of HTML links in meesage
	Dim blnHTMLlink			'Set to true if there is a link in the message body
	Dim strTempFlashMsg		'Temp store for the falsh forum code
	Dim lngStartPos
	Dim lngEndPos
	Const intMaxWordLength = 60	'Holds the max word lentgh (can't be below 22 or will mess up the link code placed into messages)
	
	
	'Initliase variables
	lngLoopCounter = 0
	blnHTMLlink = False
	
	'Place the message input into a temp store
	strTempMessageText = strMessageInput