php4.class.kses.php

完美的在线教育系统

<?php
	/*
	 * ==========================================================================================
	 *
	 * This program is free software and open source software; you can redistribute
	 * it and/or modify it under the terms of the GNU General Public License as
	 * published by the Free Software Foundation; either version 2 of the License,
	 * or (at your option) any later version.
	 *
	 * This program is distributed in the hope that it will be useful, but WITHOUT
	 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
	 * more details.
	 *
	 * You should have received a copy of the GNU General Public License along
	 * with this program; if not, write to the Free Software Foundation, Inc.,
	 * 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA  or visit
	 * http://www.gnu.org/licenses/gpl.html
	 *
	 * ==========================================================================================
	 */

	/**
	*	Class file for PHP4 OOP version of kses
	*
	*	This is an updated version of kses to work with PHP4 that works under E_STRICT.
	*
	*	This upgrade provides the following:
	*	+ Version number synced to procedural version number
	*	+ PHPdoc style documentation has been added to the class.  See http://www.phpdoc.org/ for more info.
	*	+ Some methods are now deprecated due to nomenclature style change.  See method documentation for specifics.
	*	+ Kses4 now works in E_STRICT
	*	+ Addition of methods AddProtocols(), filterKsestextHook(), RemoveProtocol() and RemoveProtocols()
	*	+ Deprecated _hook(), Protocols()
	*	+ Integrated code from kses 0.2.2 into class.
	*	+ Added methods DumpProtocols(), DumpMethods()
	*
	*	@package    kses
	*	@subpackage kses4
	*/

	if(substr(phpversion(), 0, 1) < 4)
	{
		die("Class kses requires PHP 4 or higher.");
	}

	/**
	*	Only install KSES4 once
	*/
	if(!defined('KSES_CLASS_PHP4'))
	{
		define('KSES_CLASS_PHP4', true);

	/**
	*	Kses strips evil scripts!
	*
	*	This class provides the capability for removing unwanted HTML/XHTML, attributes from
	*	tags, and protocols contained in links.  The net result is a much more powerful tool
	*	than the PHP internal strip_tags()
	*
	*	This is a fork of a slick piece of procedural code called 'kses' written by Ulf Harnhammar
	*	The entire set of functions was wrapped in a PHP object with some internal modifications
	*	by Richard Vasquez (http://www.chaos.org/) 7/25/2003
	*
	*	This upgrade provides the following:
	*	+ Version number synced to procedural version number
	*	+ PHPdoc style documentation has been added to the class.  See http://www.phpdoc.org/ for more info.
	*	+ Some methods are now deprecated due to nomenclature style change.  See method documentation for specifics.
	*	+ Kses4 now works in E_STRICT
	*	+ Addition of methods AddProtocols(), filterKsestextHook(), RemoveProtocol(), RemoveProtocols() and SetProtocols()
	*	+ Deprecated _hook(), Protocols()
	*	+ Integrated code from kses 0.2.2 into class.
	*
	*	@author     Richard R. V锟絪quez, Jr. (Original procedural code by Ulf H锟絩nhammar)
	*	@link       http://sourceforge.net/projects/kses/ Home Page for Kses
	*	@link       http://chaos.org/contact/ Contact page with current email address for Richard Vasquez
	*	@copyright  Richard R. V锟絪quez, Jr. 2003-2005
	*	@version    PHP4 OOP 0.2.2
	*	@license    http://www.gnu.org/licenses/gpl.html GNU Public License
	*	@package    kses
	*/
		class kses4
		{
			/**#@+
			 *	@access private
			 *	@var array
			 */
			var $allowed_protocols = array();
			var $allowed_html      = array();
			/**#@-*/

			/**
			 *	Constructor for kses.
			 *
			 *	This sets a default collection of protocols allowed in links, and creates an
			 *	empty set of allowed HTML tags.
			 *	@since PHP4 OOP 0.0.1
			 */
			function kses4()
			{
				/**
				 *	You could add protocols such as ftp, new, gopher, mailto, irc, etc.
				 *
				 *	The base values the original kses provided were:
				 *		'http', 'https', 'ftp', 'news', 'nntp', 'telnet', 'gopher', 'mailto'
				 */
				$this->allowed_protocols = array('http', 'ftp', 'mailto');
				$this->allowed_html      = array();
			}

			/**
			 *	Basic task of kses - parses $string and strips it as required.
			 *
			 *	This method strips all the disallowed (X)HTML tags, attributes
			 *	and protocols from the input $string.
			 *
			 *	@access public
			 *	@param string $string String to be stripped of 'evil scripts'
			 *	@return string The stripped string
			 *	@since PHP4 OOP 0.2.1
			 */
			function Parse($string = "")
			{
				if (get_magic_quotes_gpc())
				{
					$string = stripslashes($string);
				}
				$string = $this->_no_null($string);
				$string = $this->_js_entities($string);
				$string = $this->_normalize_entities($string);
				$string = $this->filterKsesTextHook($string);
				return    $this->_split($string);
			}

			/**
			 *	Allows for single/batch addition of protocols
			 *
			 *	This method accepts one argument that can be either a string
			 *	or an array of strings.  Invalid data will be ignored.
			 *
			 *	The argument will be processed, and each string will be added
			 *	via AddProtocol().
			 *
			 *	@access public
			 *	@param mixed , A string or array of protocols that will be added to the internal list of allowed protocols.
			 *	@return bool Status of adding valid protocols.
			 *	@see AddProtocol()
			 *	@since PHP4 OOP 0.2.1
			 */
			function AddProtocols()
			{
				$c_args = func_num_args();
				if($c_args != 1)
				{
					trigger_error("kses4::AddProtocols() did not receive an argument.", E_USER_WARNING);
					return false;
				}

				$protocol_data = func_get_arg(0);

				if(is_array($protocol_data) && count($protocol_data) > 0)
				{
					foreach($protocol_data as $protocol)
					{
						$this->AddProtocol($protocol);
					}
					return true;
				}
				elseif(is_string($protocol_data))
				{
					$this->AddProtocol($protocol_data);
					return true;
				}
				else
				{
					trigger_error("kses4::AddProtocols() did not receive a string or an array.", E_USER_WARNING);
					return false;
				}
			}

			/**
			 *	Allows for single/batch addition of protocols
			 *
			 *	@deprecated Use AddProtocols()
			 *	@see AddProtocols()
			 *	@return bool
			 *	@since PHP4 OOP 0.0.1
			 */
			function Protocols()
			{
				$c_args = func_num_args();
				if($c_args != 1)
				{
					trigger_error("kses4::Protocols() did not receive an argument.", E_USER_WARNING);
					return false;
				}

				return $this->AddProtocols(func_get_arg(0));
			}

			/**
			 *	Adds a single protocol to $this->allowed_protocols.
			 *
			 *	This method accepts a string argument and adds it to
			 *	the list of allowed protocols to keep when performing
			 *	Parse().
			 *
			 *	@access public
			 *	@param string $protocol The name of the protocol to be added.
			 *	@return bool Status of adding valid protocol.
			 *	@since PHP4 OOP 0.0.1
			 */
			function AddProtocol($protocol = "")
			{
				if(!is_string($protocol))
				{
					trigger_error("kses4::AddProtocol() requires a string.", E_USER_WARNING);
					return false;
				}

				$protocol = strtolower(trim($protocol));
				if($protocol == "")
				{
					trigger_error("kses4::AddProtocol() tried to add an empty/NULL protocol.", E_USER_WARNING);
					return false;
				}

				// Remove any inadvertent ':' at the end of the protocol.
				if(substr($protocol, strlen($protocol) - 1, 1) == ":")
				{
					$protocol = substr($protocol, 0, strlen($protocol) - 1);
				}

				if(!in_array($protocol, $this->allowed_protocols))
				{
					array_push($this->allowed_protocols, $protocol);
					sort($this->allowed_protocols);
				}
				return true;
			}

			/**
			 *	Allows for single/batch replacement of protocols
			 *
			 *	This method accepts one argument that can be either a string
			 *	or an array of strings.  Invalid data will be ignored.
			 *
			 *	Existing protocols will be removed, then the argument will be
			 *	processed, and each string will be added via AddProtocol().
			 *
			 *	@access public
			 *	@param mixed , A string or array of protocols that will be the new internal list of allowed protocols.
			 *	@return bool Status of replacing valid protocols.
			 *	@since PHP4 OOP 0.2.2
			 *	@see AddProtocol()
			 */
			function SetProtocols()
			{
				$c_args = func_num_args();
				if($c_args != 1)
				{
					trigger_error("kses4::SetProtocols() did not receive an argument.", E_USER_WARNING);
					return false;
				}

				$protocol_data = func_get_arg(0);

				if(is_array($protocol_data) && count($protocol_data) > 0)
				{
					$this->allowed_protocols = array();
					foreach($protocol_data as $protocol)
					{
						$this->AddProtocol($protocol);
					}
					return true;
				}
				elseif(is_string($protocol_data))
				{
					$this->allowed_protocols = array();
					$this->AddProtocol($protocol_data);
					return true;
				}
				else
				{
					trigger_error("kses4::SetProtocols() did not receive a string or an array.", E_USER_WARNING);
					return false;
				}
			}

			/**
			 *	Raw dump of allowed protocols
			 *
			 *	This returns an indexed array of allowed protocols for a particular KSES
			 *	instantiation.
			 *
			 *	@access public
			 *	@return array The list of allowed protocols.
			 *	@since PHP4 OOP 0.2.2
			 */
			function DumpProtocols()
			{
				return $this->allowed_protocols;
			}

			/**
			 *	Raw dump of allowed (X)HTML elements
			 *
			 *	This returns an indexed array of allowed (X)HTML elements and attributes
			 *	for a particular KSES instantiation.
			 *
			 *	@access public
			 *	@return array The list of allowed elements.
			 *	@since PHP4 OOP 0.2.2
			 */
			function DumpElements()
			{
				return $this->allowed_html;
			}

			/**
			 *	Adds valid (X)HTML with corresponding attributes that will be kept when stripping 'evil scripts'.
			 *
			 *	This method accepts one argument that can be either a string
			 *	or an array of strings.  Invalid data will be ignored.
			 *
			 *	@access public
			 *	@param string $tag (X)HTML tag that will be allowed after stripping text.
			 *	@param array $attribs Associative array of allowed attributes - key => attribute name - value => attribute parameter
			 *	@return bool Status of Adding (X)HTML and attributes.
			 *	@since PHP4 OOP 0.0.1
			 */
			function AddHTML($tag = "", $attribs = array())
			{
				if(!is_string($tag))
				{
					trigger_error("kses4::AddHTML() requires the tag to be a string", E_USER_WARNING);
					return false;
				}

				$tag = strtolower(trim($tag));
				if($tag == "")
				{
					trigger_error("kses4::AddHTML() tried to add an empty/NULL tag", E_USER_WARNING);
					return false;
				}

				if(!is_array($attribs))
				{
					trigger_error("kses4::AddHTML() requires an array (even an empty one) of attributes for '$tag'", E_USER_WARNING);
					return false;
				}

				$new_attribs = array();
				if(is_array($attribs) && count($attribs) > 0)
				{
					foreach($attribs as $idx1 => $val1)
					{
						$new_idx1 = strtolower($idx1);
						$new_val1 = $attribs[$idx1];

						if(is_array($new_val1) && count($new_val1) > 0)
						{
							$tmp_val = array();
							foreach($new_val1 as $idx2 => $val2)
							{
								$new_idx2 = strtolower($idx2);
								$tmp_val[$new_idx2] = $val2;
							}
							$new_val1 = $tmp_val;
						}

						$new_attribs[$new_idx1] = $new_val1;
					}
				}

				$this->allowed_html[$tag] = $new_attribs;
				return true;
			}

			/**
			 *	Removes a single protocol from $this->allowed_protocols.
			 *
			 *	This method accepts a string argument and removes it from
			 *	the list of allowed protocols to keep when performing
			 *	Parse().
			 *
			 *	@access public
			 *	@param string $protocol The name of the protocol to be removed.