Procedural File: htmlfilter.php
Source Location: /core/PHPMailer/extras/htmlfilter.php
Page Details
htmlfilter.inc
--------------- This set of functions allows you to filter html in order to remove any malicious tags from it. Useful in cases when you need to filter user input for any cross-site-scripting attempts. Copyright (C) 2002-2004 by Duke University This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Functions
HTMLFilter [line 730]
void HTMLFilter(
$body, $trans_image_path, [ $block_external_images = false]
)
|
|
Parameters:
|
$body: |
|
|
$trans_image_path: |
|
|
$block_external_images: |
|
tln_casenormalize [line 68]
void tln_casenormalize(
&$val, string $val
)
|
|
A small helper function to use with array_walk. Modifies a by-ref value and makes it lowercase.
Parameters:
string |
$val: |
a value passed by-ref. |
|
&$val: |
|
API Tags:
Return: | since it modifies a by-ref value. |
tln_deent [line 442]
boolean tln_deent(
&$attvalue, string $regex, [boolean $hex = false], string $attvalue
)
|
|
Translates entities into literal values so they can be checked.
Parameters:
string |
$attvalue: |
the by-ref value to check. |
string |
$regex: |
the regular expression to check against. |
boolean |
$hex: |
whether the entites are hexadecimal. |
|
&$attvalue: |
|
API Tags:
Return: | True or False depending on whether there were matches. |
tln_defang [line 469]
Void, tln_defang(
&$attvalue, string $attvalue
)
|
|
This function checks attribute values for entity-encoded values and returns them translated into 8-bit strings so we can run checks on them.
Parameters:
string |
$attvalue: |
A string to run entity check against. |
|
&$attvalue: |
|
API Tags:
Return: | modifies a reference value. |
tln_findnxreg [line 126]
array|boolean tln_findnxreg(
string $body, integer $offset, string $reg
)
|
|
This function takes a PCRE-style regexp and tries to match it within the string.
Parameters:
string |
$body: |
The string to look for needle in. |
integer |
$offset: |
Start looking from here. |
string |
$reg: |
A PCRE-style regex to match. |
API Tags:
Return: | Returns a false if no matches found, or an array with the following members: - integer with the location of the match within $body
- string with whatever content between offset and the match
- string with whatever it is we matched
|
tln_findnxstr [line 104]
integer tln_findnxstr(
string $body, integer $offset, string $needle
)
|
|
This function looks for the next character within a string. It's really just a glorified "strpos", except it catches the failures nicely.
Parameters:
string |
$body: |
The string to look for needle in. |
integer |
$offset: |
Start looking from this position. |
string |
$needle: |
The character/string to look for. |
API Tags:
Return: | location of the next occurrence of the needle, or strlen($body) if needle wasn't found. |
tln_fixatts [line 517]
Array tln_fixatts(
string $tagname, array $attary, array $rm_attnames, array $bad_attvals, array $add_attr_to_tag
)
|
|
This function runs various checks against the attributes.
Parameters:
string |
$tagname: |
String with the name of the tag. |
array |
$attary: |
Array with all tag attributes. |
array |
$rm_attnames: |
See description for tln_sanitize |
array |
$bad_attvals: |
See description for tln_sanitize |
array |
$add_attr_to_tag: |
See description for tln_sanitize |
API Tags:
Return: | with modified attributes. |
tln_getnxtag [line 156]
array|boolean tln_getnxtag(
string $body, integer $offset
)
|
|
This function looks for the next tag.
Parameters:
string |
$body: |
String where to look for the next tag. |
integer |
$offset: |
Start looking from here. |
API Tags:
Return: | false if no more tags exist in the body, or an array with the following members: - string with the name of the tag
- array with attributes and their values
- integer with tag type (1, 2, or 3)
- integer where the tag starts (starting "<")
- integer where the tag ends (ending ">")
first three members will be false, if the tag is invalid. |
tln_sanitize [line 592]
string tln_sanitize(
string $body, array $tag_list, array $rm_tags_with_content, array $self_closing_tags, boolean $force_tag_closing, array $rm_attnames, array $bad_attvals, array $add_attr_to_tag
)
|
|
Parameters:
string |
$body: |
The HTML you wish to filter |
array |
$tag_list: |
see description above |
array |
$rm_tags_with_content: |
see description above |
array |
$self_closing_tags: |
see description above |
boolean |
$force_tag_closing: |
see description above |
array |
$rm_attnames: |
see description above |
array |
$bad_attvals: |
see description above |
array |
$add_attr_to_tag: |
see description above |
API Tags:
Return: | Sanitized html safe to show on your pages. |
tln_skipspace [line 83]
integer tln_skipspace(
string $body, integer $offset
)
|
|
This function skips any whitespace from the current position within a string and to the next non-whitespace value.
Parameters:
string |
$body: |
the string |
integer |
$offset: |
the offset within the string where we should start looking for the next non-whitespace character. |
API Tags:
Return: | the location within the $body where the next non-whitespace char is located. |
tln_tagprint [line 40]
string tln_tagprint(
string $tagname, array $attary, integer $tagtype
)
|
|
This function returns the final tag out of the tag name, an array of attributes, and the type of the tag. This function is called by tln_sanitize internally.
Parameters:
string |
$tagname: |
the name of the tag. |
array |
$attary: |
the array of attributes and their values |
integer |
$tagtype: |
The type of the tag (see in comments). |
API Tags:
Return: | A string with the final tag representation. |
tln_unspace [line 496]
Void, tln_unspace(
&$attvalue, string $attvalue
)
|
|
Kill any tabs, newlines, or carriage returns. Our friends the makers of the browser with 95% market value decided that it'd be funny to make "java[tab]script" be just as good as "javascript".
Parameters:
string |
$attvalue: |
The attribute value before extraneous spaces removed. |
|
&$attvalue: |
|
API Tags:
Return: | modifies a reference value. |
|
|