📄 php4.class.kses.php
字号:
* @return bool Status of removing valid protocol.
* @since PHP4 OOP 0.2.1
*/
function RemoveProtocol($protocol = "")
{
if(!is_string($protocol))
{
trigger_error("kses4::RemoveProtocol() requires a string.", E_USER_WARNING);
return false;
}
// Remove any inadvertent ':' at the end of the protocol.
if(substr($protocol, strlen($protocol) - 1, 1) == ":")
{
$protocol = substr($protocol, 0, strlen($protocol) - 1);
}
$protocol = strtolower(trim($protocol));
if($protocol == "")
{
trigger_error("kses4::RemoveProtocol() tried to remove an empty/NULL protocol.", E_USER_WARNING);
return false;
}
// Ensures that the protocol exists before removing it.
if(in_array($protocol, $this->allowed_protocols))
{
$this->allowed_protocols = array_diff($this->allowed_protocols, array($protocol));
sort($this->allowed_protocols);
}
return true;
}
/**
* Allows for single/batch removal of protocols
*
* This method accepts one argument that can be either a string
* or an array of strings. Invalid data will be ignored.
*
* The argument will be processed, and each string will be removed
* via RemoveProtocol().
*
* @access public
* @param mixed , A string or array of protocols that will be removed from the internal list of allowed protocols.
* @return bool Status of removing valid protocols.
* @see RemoveProtocol()
* @since PHP5 OOP 0.2.1
*/
function RemoveProtocols()
{
$c_args = func_num_args();
if($c_args != 1)
{
return false;
}
$protocol_data = func_get_arg(0);
if(is_array($protocol_data) && count($protocol_data) > 0)
{
foreach($protocol_data as $protocol)
{
$this->RemoveProtocol($protocol);
}
}
elseif(is_string($protocol_data))
{
$this->RemoveProtocol($protocol_data);
return true;
}
else
{
trigger_error("kses4::RemoveProtocols() did not receive a string or an array.", E_USER_WARNING);
return false;
}
}
/**
* This method removes any NULL or characters in $string.
*
* @access private
* @param string $string
* @return string String without any NULL/chr(173)
* @since PHP4 OOP 0.0.1
*/
function _no_null($string)
{
$string = preg_replace('/\0+/', '', $string);
$string = preg_replace('/(\\\\0)+/', '', $string);
return $string;
}
/**
* This function removes the HTML JavaScript entities found in early versions of
* Netscape 4.
*
* @access private
* @param string $string
* @return string String without any NULL/chr(173)
* @since PHP4 OOP 0.0.1
*/
function _js_entities($string)
{
return preg_replace('%&\s*\{[^}]*(\}\s*;?|$)%', '', $string);
}
/**
* Normalizes HTML entities
*
* This function normalizes HTML entities. It will convert "AT&T" to the correct
* "AT&T", ":" to ":", "&#XYZZY;" to "&#XYZZY;" and so on.
*
* @access private
* @param string $string
* @return string String with normalized entities
* @since PHP4 OOP 0.0.1
*/
function _normalize_entities($string)
{
# Disarm all entities by converting & to &
$string = str_replace('&', '&', $string);
# Change back the allowed entities in our entity white list
$string = preg_replace('/&([A-Za-z][A-Za-z0-9]{0,19});/', '&\\1;', $string);
$string = preg_replace('/&#0*([0-9]{1,5});/e', '\$this->_normalize_entities2("\\1")', $string);
$string = preg_replace('/&#([Xx])0*(([0-9A-Fa-f]{2}){1,2});/', '&#\\1\\2;', $string);
return $string;
}
/**
* Helper method used by normalizeEntites()
*
* This method helps normalizeEntities() to only accept 16 bit values
* and nothing more for &#number; entities.
*
* This method helps normalize_entities() during a preg_replace()
* where a &#(0)*XXXXX; occurs. The '(0)*XXXXXX' value is converted to
* a number and the result is returned as a numeric entity if the number
* is less than 65536. Otherwise, the value is returned 'as is'.
*
* @access private
* @param string $i
* @return string Normalized numeric entity
* @see _normalize_entities()
* @since PHP4 OOP 0.0.1
*/
function _normalize_entities2($i)
{
return (($i > 65535) ? "&#$i;" : "&#$i;");
}
/**
* Allows for additional user defined modifications to text.
*
* @deprecated use filterKsesTextHook()
* @param string $string
* @see filterKsesTextHook()
* @return string
* @since PHP4 OOP 0.0.1
*/
function _hook($string)
{
return $this->filterKsesTextHook($string);
}
/**
* Allows for additional user defined modifications to text.
*
* This method allows for additional modifications to be performed on
* a string that's being run through Parse(). Currently, it returns the
* input string 'as is'.
*
* This method is provided for users to extend the kses class for their own
* requirements.
*
* @access public
* @param string $string String to perfrom additional modifications on.
* @return string User modified string.
* @see Parse()
* @since PHP5 OOP 1.0.0
*/
function filterKsesTextHook($string)
{
return $string;
}
/**
* This method goes through an array, and changes the keys to all lower case.
*
* @access private
* @param array $in_array Associative array
* @return array Modified array
* @since PHP4 OOP 0.0.1
*/
function _array_lc($inarray)
{
$outarray = array();
if(is_array($inarray) && count($inarray) > 0)
{
foreach ($inarray as $inkey => $inval)
{
$outkey = strtolower($inkey);
$outarray[$outkey] = array();
if(is_array($inval) && count($inval) > 0)
{
foreach ($inval as $inkey2 => $inval2)
{
$outkey2 = strtolower($inkey2);
$outarray[$outkey][$outkey2] = $inval2;
}
}
}
}
return $outarray;
}
/**
* This method searched for HTML tags, no matter how malformed. It also
* matches stray ">" characters.
*
* @access private
* @param string $string
* @return string HTML tags
* @since PHP4 OOP 0.0.1
*/
function _split($string)
{
return preg_replace(
'%(<'. # EITHER: <
'[^>]*'. # things that aren't >
'(>|$)'. # > or end of string
'|>)%e', # OR: just a >
"\$this->_split2('\\1')",
$string);
}
/**
* This method strips out disallowed and/or mangled (X)HTML tags along with assigned attributes.
*
* This method does a lot of work. It rejects some very malformed things
* like <:::>. It returns an empty string if the element isn't allowed (look
* ma, no strip_tags()!). Otherwise it splits the tag into an element and an
* allowed attribute list.
*
* @access private
* @param string $string
* @return string Modified string minus disallowed/mangled (X)HTML and attributes
* @since PHP4 OOP 0.0.1
*/
function _split2($string)
{
$string = $this->_stripslashes($string);
if (substr($string, 0, 1) != '<')
{
# It matched a ">" character
return '>';
}
if (!preg_match('%^<\s*(/\s*)?([a-zA-Z0-9]+)([^>]*)>?$%', $string, $matches))
{
# It's seriously malformed
return '';
}
$slash = trim($matches[1]);
$elem = $matches[2];
$attrlist = $matches[3];
if (
!isset($this->allowed_html[strtolower($elem)]) ||
!is_array($this->allowed_html[strtolower($elem)])
)
{
# They are using a not allowed HTML element
return '';
}
if ($slash != '')
{
return "<$slash$elem>";
}
# No attributes are allowed for closing elements
return $this->_attr("$slash$elem", $attrlist);
}
/**
* This method strips out disallowed attributes for (X)HTML tags.
*
* This method removes all attributes if none are allowed for this element.
* If some are allowed it calls $this->_hair() to split them further, and then it
* builds up new HTML code from the data that $this->_hair() returns. It also
* removes "<" and ">" characters, if there are any left. One more thing it
* does is to check if the tag has a closing XHTML slash, and if it does,
* it puts one in the returned code as well.
*
* @access private
* @param string $element (X)HTML tag to check
* @param string $attr Text containing attributes to check for validity.
* @return string Resulting valid (X)HTML or ''
* @see _hair()
* @since PHP4 OOP 0.0.1
*/
function _attr($element, $attr)
{
# Is there a closing XHTML slash at the end of the attributes?
$xhtml_slash = '';
if (preg_match('%\s/\s*$%', $attr))
{
$xhtml_slash = ' /';
}
# Are any attributes allowed at all for this element?
if (
!isset($this->allowed_html[strtolower($element)]) ||
count($this->allowed_html[strtolower($element)]) == 0
)
{
return "<$element$xhtml_slash>";
}
# Split it
$attrarr = $this->_hair($attr);
# Go through $attrarr, and save the allowed attributes for this element
# in $attr2
$attr2 = '';
if(is_array($attrarr) && count($attrarr) > 0)
{
foreach ($attrarr as $arreach)
{
if(!isset($this->allowed_html[strtolower($element)][strtolower($arreach['name'])]))
{
continue;
}
$current = $this->allowed_html[strtolower($element)][strtolower($arreach['name'])];
if ($current == '')
{
# the attribute is not allowed
continue;
}
if (!is_array($current))
{
# there are no checks
$attr2 .= ' '.$arreach['whole'];
}
else
{
# there are some checks
$ok = true;
if(is_array($current) && count($current) > 0)
{
foreach ($current as $currkey => $currval)
{
if (!$this->_check_attr_val($arreach['value'], $arreach['vless'], $currkey, $currval))
{
$ok = false;
break;
}
}
if ($ok)
{
# it passed them
$attr2 .= ' '.$arreach['whole'];
}
}
}
}
}
# Remove any "<" or ">" characters
$attr2 = preg_replace('/[<>]/', '', $attr2);
return "<$element$attr2$xhtml_slash>";
}
/**
* This method combs through an attribute list string and returns an associative array of attributes and values.
*
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -