[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc class.data_cleaner.inc.php, 1.1.2.3 func
From: |
skwashd |
Subject: |
[Phpgroupware-cvs] phpgwapi/inc class.data_cleaner.inc.php, 1.1.2.3 functions.inc.php, 1.121.2.13.2.28 |
Date: |
Mon, 26 Sep 2005 06:09:00 +0200 |
Update of phpgwapi/inc
Modified Files:
Branch: Version-0_9_16-branch
class.data_cleaner.inc.php lines: +19 -16
functions.inc.php lines: +4 -4
Log Message:
data cleaner fixes for sitemgr
====================================================
Index: phpgwapi/inc/class.data_cleaner.inc.php
diff -u phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.2
phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.3
--- phpgwapi/inc/class.data_cleaner.inc.php:1.1.2.2 Mon Sep 5 19:30:23 2005
+++ phpgwapi/inc/class.data_cleaner.inc.php Mon Sep 26 04:09:25 2005
@@ -34,23 +34,24 @@
*/
function data_cleaner($data = '')
{
- $this->html = $data;
+ $this->data = $data;
}
/**
* Render out the currently set contents.
*
* @param String $data the raw data.
+ * @param bool $safe_redirect wrap uris in save redirect? should
normally be true
*
* @return string The cleaned data.
*/
- function clean($data = null)
+ function clean($data = null, $safe_redirect = True )
{
if ( !is_null($data) )
{
- return $this->_clean_data($data);
+ return $this->_clean_data($data, $safe_redirect);
}
- return $this->_clean_data($this->data);
+ return $this->_clean_data($this->data, $safe_redirect);
}
/**
@@ -63,7 +64,7 @@
*
* @return string The cleaned HTML data.
*/
- function _clean_data(&$data)
+ function _clean_data(&$data, $safe_redirect)
{
/* Deal with <base> tags in the HTML, since they will screw up
* our own relative paths. */
@@ -80,7 +81,7 @@
/* Recursively call this->_clean_data() to prevent
clever fiends
* from sneaking nasty things into the page via $base.
*/
- $base = $this->_clean_data($base);
+ $base = $this->_clean_data($base, $safe_redirect);
}
/* Removes HTML comments (including some scripts & styles). */
@@ -243,17 +244,19 @@
$data = preg_replace($pattern, $replace, $data);
}
- /* Try to derefer all external references. */
- //XXX external references begin with http(s) isnt'it ? what
should I do if it's not external ?? like href="/tata"
- // Just try to save a <a href="titi.org"> my site </a>
- // you get a <a href="/phpgw/redirect.php?go=titi.org"> my site
</a>
- // Save a second time and you will get :
- // <a
href="/phpgw/redirect.php?go=/phpgw/redirect.php?go=titi.org"> my site </a>
- // ....
- $data =
preg_replace_callback('/href\s*=\s*\\\\(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
+ if ( $safe_redirect )
+ {
+ /* Try to derefer all external references. */
+ //XXX external references begin with http(s) isnt'it ?
what should I do if it's not external ?? like href="/tata"
+ // Just try to save a <a href="titi.org"> my site </a>
+ // you get a <a href="/phpgw/redirect.php?go=titi.org">
my site </a>
+ // Save a second time and you will get :
+ // <a
href="/phpgw/redirect.php?go=/phpgw/redirect.php?go=titi.org"> my site </a>
+ // ....
+ $data =
preg_replace_callback('/href\s*=\s*\\\\(["\'])?((?(1)[^\1]*?|[^\s]+))(?(1)\1|)/i',
create_function('$m', 'return \'href="\' .
(strlen($m[2]) && $m[2]{0} == \'#\' ? $m[2] :
$GLOBALS[\'phpgw\']->safe_redirect($m[2])) . \'"\';'),
$data);
-
+ }
return $data;
}
}
====================================================
Index: phpgwapi/inc/functions.inc.php
diff -u phpgwapi/inc/functions.inc.php:1.121.2.13.2.27
phpgwapi/inc/functions.inc.php:1.121.2.13.2.28
--- phpgwapi/inc/functions.inc.php:1.121.2.13.2.27 Sun Sep 25 23:25:34 2005
+++ phpgwapi/inc/functions.inc.php Mon Sep 26 04:09:25 2005
@@ -42,19 +42,19 @@
return $value;
}
- function clean_vars($vars)
+ function clean_vars($vars, $safe_redirect = True)
{
if ( !is_array($vars) )
{
$data_cleaner = CreateObject('phpgwapi.data_cleaner');
- $_vars = $data_cleaner->clean($vars);
+ $_vars = $data_cleaner->clean($vars. $safe_redirect);
unset($data_cleaner);
return $_vars;
}
foreach ( $vars as $key => $val )
{
- $vars[$key] = clean_vars($val);
+ $vars[$key] = clean_vars($val, $safe_redirect);
}
return $vars;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc class.data_cleaner.inc.php, 1.1.2.3 functions.inc.php, 1.121.2.13.2.28,
skwashd <=