[mirrors/Kyberia-bloodline.git] / wwwroot / inc / htmlparse.inc

<?php

class htmlparse {

public static function htmlparse($data)
{
	echo 'fooooook\n';
   /*
   if function finds anything unsafe,it will return
   FALSE and saves a reason info global variable $htmlparse
   */

   global $htmlparse;

   $data = StrToLower(" ".$data);

   // tags, I don\14 need to close
   $unpaired = Array('br'=>1,
                     'br/'=>1, // fix later ;)
                     'li'=>1,
                     'hr'=>1,
                     '/tr'=>1,
                     'img'=>1,
                     'p'=>1
                     );

   // allowed tags
   $allowed = Array('b'=>1,
                    'i'=>1,
                    'u'=>1,
                    'a'=>1,
                    'img'=>1,
                    'sup'=>1,
                    'sub'=>1,
                    'table'=>1,
                    'tr'=>1,
                    'td'=>1,
                    'font'=>1,
                    'ul'=>1,
                    'ol'=>1,
                    'li'=>1,
                    'tt'=>1,
                    'address'=>1,
		    'code'=>1,
                    'small'=>1,
                    'big'=>1,
                    'caption'=>1,
                    'thead'=>1,
                    'tfoot'=>1,
                    'col'=>1,
                    'colgroup'=>1,
                    'th'=>1,
                    'br'=>1,
                    'br/'=>1, // fix later
                    'hr'=>1,
                    'em'=>1,
                    'th'=>1,
                    'center'=>1,
                    'pre'=>1,
                    'xmp'=>1,
                    's'=>1,
                    'strong'=>1,
                    'legend'=>1,
                    'h1'=>1,
                    'h2'=>1,
                    'h3'=>1,
                    'h4'=>1,
                    'h5'=>1,
                    'h6'=>1,
                    'p'=>1,
                    'blockquote'=>1,
                    'div'=>1,
                    'span'=>1,
                    'fieldset'=>1
                    );

   /*
   this part will go trought string and will ensure, if all tags are closed
   */

   $tok = StrTok($data, '<');
   $tok = StrTok('<');
   while(!($tok === FALSE)){
      if(!StrStr($tok,'>')):
         $htmlparse = 'Chyba HTML syntaxe!';
         //$htmlparse = 'Wrong HTML syntax!';
         return 0;
      elseif(StrStr($tok,"<")):
         $htmlparse = 'Chyba HTML syntaxe!';
         //$htmlparse = 'Wrong HTML syntax!';
         return 0;
      endif;
      $tok = StrTok('<');
   }

   /*
   main part of the function - it will check allowed tags, some parameters and so on...
   */

   $tok = StrTok($data, '<');
   $i = 0;
   $j = 0;
   while(!($tok === FALSE)):
      if($i == 1):
         $tag = Split('>',$tok,2);
         $attrib = Split("[[:space:]>]",$tag[0],2);
         if($allowed[$attrib[0]] != 1 && $allowed[SubStr($attrib[0],1)] != 1): // if tag isn\14 in allowed array
            $htmlparse = 'Zakazany tag &lt;'.$attrib[0].'&gt;!';
            //$htmlparse = 'Forbidden tag &lt;'.$attrib[0].'&gt;!';
            return 0;
         endif;
         if('/'.$tags[$j] == $attrib[0]): // closing tag for last opening tag
            if($tags[$j] == 'table' && $opened_tables > 0):
               $opened_tables--;
            endif;
            $j--;
         elseif($tags[$j] == 'xmp'): // XMP tag...ignore eny other tags between them
         else:
            if(SubStr($attrib[0],0,1) == '/' && $unpaired[$tags[$j]]): // do I need to close the tag?
               $j--;
               continue;
            elseif(SubStr($attrib[0],0,1) == '/'): // am I closing something, I didn\14 open?
               $htmlparse = 'Chyba u tagu &lt;'.$tag[0].'&gt;! Zavirate tag, ktery jste neotevrel!';
               //$htmlparse = 'Error near tag &lt;'.$tag[0].'&gt;! Closing tag, that wasn\14 opened!';
               return 0;
            elseif(Ereg(' on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn\14 suicide
               $htmlparse = 'JavaScript je na hovno!';
               //$htmlparse = 'JavaScript sux!';
               return 0;
            elseif(Ereg('/on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn\14 suicide
               $htmlparse = 'z bezpecnostnych dovodov nieje povolene vkladat do tagov retazec "/on"';
               return 0;


/*
            elseif(Ereg(' style',' '.$attrib[1])): // styles are forbidden - don\14 look at me THAT way ;)
               $htmlparse = 'Ten "style" se mi tam nezda!';
               //$htmlparse = '"styles" are forbidden!';
               return 0;
*/
            elseif(Ereg('://',' '.$attrib[1]) && $attrib[0] != "img" && $attrib[0] != "a"): // adresses in attributes (except A and IMG tags) are forbidden
               $htmlparse = 'Neco se mi tam nelibi! To je hlaska HTML validace - nejedna se o nejakou cenzuru ;)';
               //$htmlparse = 'Forbidden usage of adresses in tags!';
               return 0;
            elseif((SubStr_Count($attrib[1],'"')%2) > 0): // are quotes closed? can do mess if they aren\14
               $htmlparse = 'Neuzavrel jste uvozovky uvnitr tagu &lt;'.$attrib[0].'&gt;!';
               //$htmlparse = 'Close quotes in tag &lt;'.$tag[0].'&gt;!';
               return 0;
            elseif(Ereg('\?',$attrib[1]) && $attrib[0] == 'img'): // don\14 allow parameters in IMG tags
               $htmlparse = 'Chyba u tagu &lt;img&gt; - nejsou povoleny parametry v adrese!';
               //$htmlparse = 'Error in tag &lt;img&gt; - parameters in image adresses are forbidden!';
               return 0;
            elseif(($attrib[0] == 'td' || $attrib[0] == 'tr') && $opened_tables == 0):
               $htmlparse = 'Strkej si ty tagy do vlastni tabulky, jo?';
               return 0;
            elseif($attrib[0] == 'table'):
               $opened_tables++;
            endif;
            $j++;
            $tags[$j] = $attrib[0];
         endif;
      endif;
      $tok = StrTok('<');
      $i = 1;
   endwhile;

   /*
   just check, if all tags are properly closed
   */

   while($j > 0):
      if($unpaired[$tags[$j]]):
         $j--;
         continue;
      else:
         $htmlparse = 'Neuzavrel jste tag &lt;'.$tags[$j].'&gt;!';
         //$htmlparse = 'Tag &lt;'.$tags[$j].'&gt; wasn\14 closed correctly!';
         return 0;
      endif;
   endwhile;
return 1;
}

}
Commit	Line	Data
51ff3226	1	<?php
	2
	3	class htmlparse {
	4
32a54266	5	public static function htmlparse($data)
51ff3226	6	{
9ae34b38	7	echo 'fooooook\n';
51ff3226	8	/*
	9	if function finds anything unsafe,it will return
	10	FALSE and saves a reason info global variable $htmlparse
	11	*/
	12
	13	global $htmlparse;
	14
	15	$data = StrToLower(" ".$data);
	16
	17	// tags, I don\14 need to close
	18	$unpaired = Array('br'=>1,
	19	'br/'=>1, // fix later ;)
	20	'li'=>1,
	21	'hr'=>1,
	22	'/tr'=>1,
	23	'img'=>1,
	24	'p'=>1
	25	);
	26
	27	// allowed tags
	28	$allowed = Array('b'=>1,
	29	'i'=>1,
	30	'u'=>1,
	31	'a'=>1,
	32	'img'=>1,
	33	'sup'=>1,
	34	'sub'=>1,
	35	'table'=>1,
	36	'tr'=>1,
	37	'td'=>1,
	38	'font'=>1,
	39	'ul'=>1,
	40	'ol'=>1,
	41	'li'=>1,
	42	'tt'=>1,
	43	'address'=>1,
	44	'code'=>1,
	45	'small'=>1,
	46	'big'=>1,
	47	'caption'=>1,
	48	'thead'=>1,
	49	'tfoot'=>1,
	50	'col'=>1,
	51	'colgroup'=>1,
	52	'th'=>1,
	53	'br'=>1,
	54	'br/'=>1, // fix later
	55	'hr'=>1,
	56	'em'=>1,
	57	'th'=>1,
	58	'center'=>1,
	59	'pre'=>1,
	60	'xmp'=>1,
	61	's'=>1,
	62	'strong'=>1,
	63	'legend'=>1,
	64	'h1'=>1,
	65	'h2'=>1,
	66	'h3'=>1,
	67	'h4'=>1,
	68	'h5'=>1,
	69	'h6'=>1,
	70	'p'=>1,
	71	'blockquote'=>1,
72	'div'=>1,
73	'span'=>1,
74	'fieldset'=>1
75	);
76
77	/*
78	this part will go trought string and will ensure, if all tags are closed
79	*/
80
81	$tok = StrTok($data, '<');
82	$tok = StrTok('<');
83	while(!($tok === FALSE)){
84	if(!StrStr($tok,'>')):
85	$htmlparse = 'Chyba HTML syntaxe!';
86	//$htmlparse = 'Wrong HTML syntax!';
87	return 0;
88	elseif(StrStr($tok,"<")):
89	$htmlparse = 'Chyba HTML syntaxe!';
90	//$htmlparse = 'Wrong HTML syntax!';
91	return 0;
92	endif;
93	$tok = StrTok('<');
94	}
95
96	/*
97	main part of the function - it will check allowed tags, some parameters and so on...
98	*/
99
100	$tok = StrTok($data, '<');
101	$i = 0;
102	$j = 0;
103	while(!($tok === FALSE)):
104	if($i == 1):
105	$tag = Split('>',$tok,2);
106	$attrib = Split("[[:space:]>]",$tag[0],2);
107	if($allowed[$attrib[0]] != 1 && $allowed[SubStr($attrib[0],1)] != 1): // if tag isn\14 in allowed array
108	$htmlparse = 'Zakazany tag <'.$attrib[0].'>!';
109	//$htmlparse = 'Forbidden tag <'.$attrib[0].'>!';
110	return 0;
111	endif;
112	if('/'.$tags[$j] == $attrib[0]): // closing tag for last opening tag
113	if($tags[$j] == 'table' && $opened_tables > 0):
114	$opened_tables--;
115	endif;
116	$j--;
117	elseif($tags[$j] == 'xmp'): // XMP tag...ignore eny other tags between them
118	else:
119	if(SubStr($attrib[0],0,1) == '/' && $unpaired[$tags[$j]]): // do I need to close the tag?
120	$j--;
121	continue;
122	elseif(SubStr($attrib[0],0,1) == '/'): // am I closing something, I didn\14 open?
123	$htmlparse = 'Chyba u tagu <'.$tag[0].'>! Zavirate tag, ktery jste neotevrel!';
124	//$htmlparse = 'Error near tag <'.$tag[0].'>! Closing tag, that wasn\14 opened!';
125	return 0;
126	elseif(Ereg(' on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn\14 suicide
127	$htmlparse = 'JavaScript je na hovno!';
128	//$htmlparse = 'JavaScript sux!';
129	return 0;
130	elseif(Ereg('/on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn\14 suicide
131	$htmlparse = 'z bezpecnostnych dovodov nieje povolene vkladat do tagov retazec "/on"';
132	return 0;
133
134
135	/*
136	elseif(Ereg(' style',' '.$attrib[1])): // styles are forbidden - don\14 look at me THAT way ;)
137	$htmlparse = 'Ten "style" se mi tam nezda!';
138	//$htmlparse = '"styles" are forbidden!';
139	return 0;
140	*/
141	elseif(Ereg('://',' '.$attrib[1]) && $attrib[0] != "img" && $attrib[0] != "a"): // adresses in attributes (except A and IMG tags) are forbidden
142	$htmlparse = 'Neco se mi tam nelibi! To je hlaska HTML validace - nejedna se o nejakou cenzuru ;)';
143	//$htmlparse = 'Forbidden usage of adresses in tags!';
144	return 0;
145	elseif((SubStr_Count($attrib[1],'"')%2) > 0): // are quotes closed? can do mess if they aren\14
146	$htmlparse = 'Neuzavrel jste uvozovky uvnitr tagu <'.$attrib[0].'>!';
147	//$htmlparse = 'Close quotes in tag <'.$tag[0].'>!';
148	return 0;
149	elseif(Ereg('\?',$attrib[1]) && $attrib[0] == 'img'): // don\14 allow parameters in IMG tags
150	$htmlparse = 'Chyba u tagu <img> - nejsou povoleny parametry v adrese!';
151	//$htmlparse = 'Error in tag <img> - parameters in image adresses are forbidden!';
152	return 0;
153	elseif(($attrib[0] == 'td' \|\| $attrib[0] == 'tr') && $opened_tables == 0):
154	$htmlparse = 'Strkej si ty tagy do vlastni tabulky, jo?';
155	return 0;
156	elseif($attrib[0] == 'table'):
157	$opened_tables++;
158	endif;
159	$j++;
160	$tags[$j] = $attrib[0];
161	endif;
162	endif;
163	$tok = StrTok('<');
164	$i = 1;
165	endwhile;
166
167	/*
168	just check, if all tags are properly closed
169	*/
170
171	while($j > 0):
172	if($unpaired[$tags[$j]]):
173	$j--;
174	continue;
175	else:
176	$htmlparse = 'Neuzavrel jste tag <'.$tags[$j].'>!';
177	//$htmlparse = 'Tag <'.$tags[$j].'> wasn\14 closed correctly!';
178	return 0;
179	endif;
180	endwhile;
181	return 1;
182	}
183
32a54266	184	}