📄 functions_filters.asp
字号:
Else
getHTMLProperty = ""
End If
End Function
'******************************************
'*** Check Images for malicious code *****
'******************************************
'Check images function
Private Function checkImages(ByVal strInputEntry)
Dim strImageFileExtension 'Holds the file extension of the image
Dim saryImageTypes 'Array holding allowed image types in the forum
Dim intExtensionLoopCounter 'Holds the loop counter for the array
Dim blnImageExtOK 'Set to true if the image extension is OK
'If there is no . in the link then there is no extenison and so can't be an image
If inStr(1, strInputEntry, ".", 1) = 0 Then
strInputEntry = ""
'Else remove malicious code and check the extension is an image extension
Else
'Initiliase variables
blnImageExtOK = false
'Get the file extension
strImageFileExtension = LCase(Mid(strInputEntry, InStrRev(strInputEntry, "."), 4))
'Get the image types allowed in the forum
strImageTypes = strImageTypes & ";jpe;gif;jpg;bmp;png"
'Place the image types into an array
saryImageTypes = Split(Trim(strImageTypes), ";")
'Loop through all the allowed extensions and see if the image has one
For intExtensionLoopCounter = 0 To UBound(saryImageTypes)
'Reformat extension to check
saryImageTypes(intExtensionLoopCounter) = "." & Trim(Mid(saryImageTypes(intExtensionLoopCounter), 1, 3))
'Check to see if the image extension is allowed
If saryImageTypes(intExtensionLoopCounter) = strImageFileExtension Then blnImageExtOK = true
Next
'If the image extension is not OK then strip it from the image link
If blnImageExtOK = false Then strInputEntry = Replace(strInputEntry, strImageFileExtension, "", 1, -1, 1)
'Chop out any anything that is not normally found in an image URL
strInputEntry = Replace(strInputEntry, "?", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ";", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "%3b", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "{", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "}", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "%7b", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "%7d", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "%0", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "^", "", 1, -1, 1)
'URL Encode to prevent malicious code
strInputEntry = Replace(strInputEntry, "(", "%28", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ")", "%29", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "[", "%5b", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "]", "%5d", 1, -1, 1)
strInputEntry = Replace(strInputEntry, " ", "%20", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "\", "%5C", 1, -1, 1)
strInputEntry = Replace(strInputEntry, Chr(9), "%09", 1, -1, 1) 'Tabs
'Remove if the user is trying to use an FTP link
strInputEntry = Replace(strInputEntry, "ftp://", "", 1, -1, 1)
End If
'Return
checkImages = strInputEntry
End Function
'********************************************
'*** Format Links *****
'********************************************
'Format links funtion
Private Function formatLink(ByVal strInputEntry)
'URL Encode malisous characters from links and images
strInputEntry = Replace(strInputEntry, """", "%22", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "'", "%27", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "(", "%28", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ")", "%29", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<", "%3c", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ">", "%3e", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "[", "%5b", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "]", "%5d", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "{", "%7b", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "}", "%7d", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "\", "%5C", 1, -1, 1)
strInputEntry = Replace(strInputEntry, " ", "%20", 1, -1, 1)
strInputEntry = Replace(strInputEntry, Chr(9), "%09", 1, -1, 1) 'Tabs
strInputEntry = Replace(strInputEntry, Chr(173), "%3c", 1, -1, 1) 'Vietmanise < tag
'Remove a few bits
strInputEntry = Replace(strInputEntry, "%0", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "^", "", 1, -1, 1)
'Return
formatLink = strInputEntry
End Function
'******************************************
'*** Format user input *****
'******************************************
'Format user input function
Private Function formatInput(ByVal strInputEntry)
'Get rid of malicous code in the message
strInputEntry = Replace(strInputEntry, Chr(9), "", 1, -1, 1) 'Remove Tabs
strInputEntry = Replace(strInputEntry, "</script>", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<script language=""javascript"">", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<script language=javascript>", "", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "SCRIPT", "SCRIPT", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Script", "Script", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "script", "script", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "MOCHA", "MOCHA", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Mocha", "Mocha", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "mocha", "mocha", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "OBJECT", "OBJECT", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Object", "Object", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "object", "object", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "APPLET", "APPLET", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Applet", "Applet", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "applet", "applet", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "ALERT", "ALERT", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Alert", "Alert", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "alert", "alert", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "EMBED", "EMBED", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Embed", "Embed", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "embed", "embed", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "EVENT", "EVENT", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Event", "Event", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "event", "event", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "DOCUMENT", "DOCUMENT", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Document", "Document", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "document", "document", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "COOKIE", "COOKIE", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Cookie", "Cookie", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "cookie", "cookie", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "FORM", "FORM", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Form", "Form", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "form", "form", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "IFRAME", "IFRAME", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Iframe", "Iframe", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "iframe", "iframe", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "TEXTAREA", "TEXTAREA", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Textarea", "Textarea", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "textarea", "textarea", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "ON", "ON", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "On", "On", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "on", "on", 1, -1, 1)
'Reformat a few bits
strInputEntry = Replace(strInputEntry, "<STRONG>", "<strong>", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<strong>", "<strong>", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "</STRONG>", "</strong>", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "</strong>", "</strong>", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "font", "font", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "FONT", "FONT", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Font", "Font", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "fOnt", "font", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "font", "font", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "mono", "mono", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "MONO", "MONO", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "Mono", "Mono", 1, -1, 0)
strInputEntry = Replace(strInputEntry, "mOno", "mono", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "mono", "mono", 1, -1, 1)
'Return
formatInput = strInputEntry
End Function
'********************************************
'*** Format SQL input *****
'********************************************
'Format SQL Query funtion
Private Function formatSQLInput(ByVal strInputEntry)
'Remove malisous charcters from sql
strInputEntry = Replace(strInputEntry, """", "", 1, -1, 1)
'If this is mySQL need to get rid of the \ escape character and escape single quotes
If strDatabaseType = "mySQL" Then
strInputEntry = Replace(strInputEntry, "\", "\\", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "'", "\'", 1, -1, 1)
'Else for Access and SQL server need to escape a single quote using two quotes
Else
strInputEntry = Replace(strInputEntry, "'", "''", 1, -1, 1)
End If
strInputEntry = Replace(strInputEntry, "[", "[", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "]", "]", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<", "<", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ">", ">", 1, -1, 1)
'Return
formatSQLInput = strInputEntry
End Function
'*********************************************
'*** Strip all tags *****
'*********************************************
'Remove all tags for text only display
Private Function removeAllTags(ByVal strInputEntry)
'Remove all HTML scripting tags etc. for plain text output
strInputEntry = Replace(strInputEntry, "&", "&", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "<", "<", 1, -1, 1)
strInputEntry = Replace(strInputEntry, ">", ">", 1, -1, 1)
strInputEntry = Replace(strInputEntry, "'", "'", 1, -1, 1)
strInputEntry = Replace(strInputEntry, """", """, 1, -1, 1)
strInputEntry = Replace(strInputEntry, "\", "\", 1, -1, 1)
'Return
removeAllTags = strInputEntry
End Function
'******************************************
'*** Non-Alphanumeric Character Strip ****
'******************************************
'Function to strip non alphanumeric characters
Private Function characterStrip(strTextInput)
'Dimension variable
Dim intLoopCounter 'Holds the loop counter
'Loop through the ASCII characters
For intLoopCounter = 0 to 47
strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0)
Next
'Loop through the ASCII characters numeric characters to lower-case characters
For intLoopCounter = 91 to 96
strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0)
Next
'Loop through the extended ASCII characters
For intLoopCounter = 58 to 64
strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0)
Next
'Loop through the extended ASCII characters
For intLoopCounter = 123 to 255
strTextInput = Replace(strTextInput, CHR(intLoopCounter), "", 1, -1, 0)
Next
'Return the string
characterStrip = strTextInput
End Function
'**********************************************
'*** Strip HTML *****
'**********************************************
'Remove HTML function
Private Function removeHTML(ByVal strMessageInput, ByVal lngReturnLength, ByVal blnRemoveBRtags)
Dim objRegExp 'Holds regulare expresions object
'Remove edit XML
strMessageInput = Replace(strMessageInput, "<editID>", "<br /><br />" & strTxtEditBy & " ", 1, -1, 1)
strMessageInput = Replace(strMessageInput, "</editID>", " ", 1, -1, 1)
strMessageInput = Replace(strMessageInput, "<editDate>", " ", 1, -1, 1)
strMessageInput = Replace(strMessageInput, "</editDate>", " ", 1, -1, 1)
'If we want <br /> tags to remain the best thing to do is remove carridge returns,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -