phpgroupware-cvs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-cvs] phpgwapi/inc class.data_cleaner.inc.php, 1.1.2.3 func

From: skwashd
Subject: [Phpgroupware-cvs] phpgwapi/inc class.data_cleaner.inc.php, 1.1.2.3 functions.inc.php, 1.121.2.13.2.28
Date: Mon, 26 Sep 2005 06:09:00 +0200 
Update of phpgwapi/inc

Modified Files:
     Branch: Version-0_9_16-branch
            class.data_cleaner.inc.php lines: +19 -16
            functions.inc.php lines: +4 -4

Log Message:
data cleaner fixes for sitemgr

====================================================
Index: phpgwapi/inc/class.data_cleaner.inc.php
diff -u phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.2 
phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.3
--- phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.2     Mon Sep  5 19:30:23 2005
+++ phpgwapi/inc/class.data_cleaner.inc.php     Mon Sep 26 04:09:25 2005
@@ -34,23 +34,24 @@
        */
        function data_cleaner($data = '')
        {
-               $this->html = $data;
+               $this->data = $data;
        }

        /**
         * Render out the currently set contents.
         *
         * @param String $data the raw data.
+        * @param bool $safe_redirect wrap uris in save redirect? should 
normally be true
         *
         * @return string  The cleaned data.
         */
-       function clean($data = null)
+       function clean($data = null, $safe_redirect = True )
        {
                if ( !is_null($data) )
                {
-                       return $this->_clean_data($data);
+                       return $this->_clean_data($data, $safe_redirect);
                }
-               return $this->_clean_data($this->data);
+               return $this->_clean_data($this->data, $safe_redirect);
        }

        /**
@@ -63,7 +64,7 @@
         *
         * @return string  The cleaned HTML data.
         */
-       function _clean_data(&$data)
+       function _clean_data(&$data, $safe_redirect)
        {
                /* Deal with <base> tags in the HTML, since they will screw up
                 * our own relative paths. */
@@ -80,7 +81,7 @@

                        /* Recursively call this->_clean_data() to prevent 
clever fiends
                         * from sneaking nasty things into the page via $base. 
*/
-                       $base = $this->_clean_data($base);
+                       $base = $this->_clean_data($base, $safe_redirect);
                }

                /* Removes HTML comments (including some scripts & styles). */
@@ -243,17 +244,19 @@
                        $data = preg_replace($pattern, $replace, $data);
                }

-               /* Try to derefer all external references. */
-               //XXX external references begin with http(s) isnt'it ? what 
should I do if it's not external ?? like href="/tata"
-               // Just try to save a <a href="titi.org"> my site </a>
-               // you get a <a href="/phpgw/redirect.php?go=titi.org"> my site 
</a>
-               // Save a second time and you will get :
-               // <a 
href="/phpgw/redirect.php?go=/phpgw/redirect.php?go=titi.org"> my site </a>
-               // ....
-               $data = 
preg_replace_callback('/href\s*=\s*\\\\(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
+               if ( $safe_redirect )
+               {
+                       /* Try to derefer all external references. */
+                       //XXX external references begin with http(s) isnt'it ? 
what should I do if it's not external ?? like href="/tata"
+                       // Just try to save a <a href="titi.org"> my site </a>
+                       // you get a <a href="/phpgw/redirect.php?go=titi.org"> 
my site </a>
+                       // Save a second time and you will get :
+                       // <a 
href="/phpgw/redirect.php?go=/phpgw/redirect.php?go=titi.org"> my site </a>
+                       // ....
+                       $data = 
preg_replace_callback('/href\s*=\s*\\\\(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
                                create_function('$m', 'return \'href="\' . 
(strlen($m[2]) && $m[2]{0} == \'#\' ? $m[2] : 
$GLOBALS[\'phpgw\']->safe_redirect($m[2])) . \'"\';'),
                                $data);
-
+               }
                return $data;
        }
 }

====================================================
Index: phpgwapi/inc/functions.inc.php
diff -u phpgwapi/inc/functions.inc.php:1.121.2.13.2.27 
phpgwapi/inc/functions.inc.php:1.121.2.13.2.28
--- phpgwapi/inc/functions.inc.php:1.121.2.13.2.27      Sun Sep 25 23:25:34 2005
+++ phpgwapi/inc/functions.inc.php      Mon Sep 26 04:09:25 2005
@@ -42,19 +42,19 @@
                return $value;
        }

-       function clean_vars($vars)
+       function clean_vars($vars, $safe_redirect = True)
        {
                if ( !is_array($vars) )
                {
                        $data_cleaner = CreateObject('phpgwapi.data_cleaner');
-                       $_vars = $data_cleaner->clean($vars);
+                       $_vars = $data_cleaner->clean($vars. $safe_redirect);
                        unset($data_cleaner);
                        return $_vars;
                }

                foreach ( $vars as $key => $val )
                {
-                       $vars[$key] = clean_vars($val);
+                       $vars[$key] = clean_vars($val, $safe_redirect);
                }
                return $vars;
        }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]