GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Kyberia v1.0
[mirrors/Kyberia-bloodline.git] / inc / htmlparse.inc
1 <?php
2
3 class htmlparse {
4
5 function htmlparse($data)
6 {
7 /*
8 if function finds anything unsafe,it will return
9 FALSE and saves a reason info global variable $htmlparse
10 */
11
12 global $htmlparse;
13
14 $data = StrToLower(" ".$data);
15
16 // tags, I don\14 need to close
17 $unpaired = Array('br'=>1,
18 'br/'=>1, // fix later ;)
19 'li'=>1,
20 'hr'=>1,
21 'img'=>1,
22 'p'=>1
23 );
24
25 // allowed tags
26 $allowed = Array('b'=>1,
27 'i'=>1,
28 'u'=>1,
29 'a'=>1,
30 'img'=>1,
31 'sup'=>1,
32 'sub'=>1,
33 'table'=>1,
34 'tr'=>1,
35 'td'=>1,
36 'font'=>1,
37 'ul'=>1,
38 'ol'=>1,
39 'li'=>1,
40 'tt'=>1,
41 'code'=>1,
42 'small'=>1,
43 'big'=>1,
44 'caption'=>1,
45 'thead'=>1,
46 'tfoot'=>1,
47 'col'=>1,
48 'colgroup'=>1,
49 'th'=>1,
50 'br'=>1,
51 'br/'=>1, // fix later
52 'hr'=>1,
53 'em'=>1,
54 'th'=>1,
55 'center'=>1,
56 'pre'=>1,
57 'xmp'=>1,
58 's'=>1,
59 'strong'=>1,
60 'legend'=>1,
61 'h1'=>1,
62 'h2'=>1,
63 'h3'=>1,
64 'h4'=>1,
65 'h5'=>1,
66 'h6'=>1,
67 'p'=>1,
68 'blockquote'=>1,
69 'div'=>1,
70 'span'=>1,
71 'fieldset'=>1
72 );
73
74 /*
75 this part will go trought string and will ensure, if all tags are closed
76 */
77
78 $tok = StrTok($data, '<');
79 $tok = StrTok('<');
80 while(!($tok === FALSE)){
81 if(!StrStr($tok,'>')):
82 $htmlparse = 'Chyba HTML syntaxe!';
83 //$htmlparse = 'Wrong HTML syntax!';
84 return 0;
85 elseif(StrStr($tok,"<")):
86 $htmlparse = 'Chyba HTML syntaxe!';
87 //$htmlparse = 'Wrong HTML syntax!';
88 return 0;
89 endif;
90 $tok = StrTok('<');
91 }
92
93 /*
94 main part of the function - it will check allowed tags, some parameters and so on...
95 */
96
97 $tok = StrTok($data, '<');
98 $i = 0;
99 $j = 0;
100 while(!($tok === FALSE)):
101 if($i == 1):
102 $tag = Split('>',$tok,2);
103 $attrib = Split("[[:space:]>]",$tag[0],2);
104 if($allowed[$attrib[0]] != 1 && $allowed[SubStr($attrib[0],1)] != 1): // if tag isn\14 in allowed array
105 $htmlparse = 'Zakazany tag &lt;'.$attrib[0].'&gt;!';
106 //$htmlparse = 'Forbidden tag &lt;'.$attrib[0].'&gt;!';
107 return 0;
108 endif;
109 if('/'.$tags[$j] == $attrib[0]): // closing tag for last opening tag
110 if($tags[$j] == 'table' && $opened_tables > 0):
111 $opened_tables--;
112 endif;
113 $j--;
114 elseif($tags[$j] == 'xmp'): // XMP tag...ignore eny other tags between them
115 else:
116 if(SubStr($attrib[0],0,1) == '/' && $unpaired[$tags[$j]]): // do I need to close the tag?
117 $j--;
118 continue;
119 elseif(SubStr($attrib[0],0,1) == '/'): // am I closing something, I didn\14 open?
120 $htmlparse = 'Chyba u tagu &lt;'.$tag[0].'&gt;! Zavirate tag, ktery jste neotevrel!';
121 //$htmlparse = 'Error near tag &lt;'.$tag[0].'&gt;! Closing tag, that wasn\14 opened!';
122 return 0;
123 elseif(Ereg(' on',' '.$attrib[1])): // temporary solution for pernament problem...and it isn\14 suicide
124 $htmlparse = 'JavaScript je na hovno!';
125 //$htmlparse = 'JavaScript sux!';
126 return 0;
127 elseif(Ereg(' style',' '.$attrib[1])): // styles are forbidden - don\14 look at me THAT way ;)
128 $htmlparse = 'Ten "style" se mi tam nezda!';
129 //$htmlparse = '"styles" are forbidden!';
130 return 0;
131 elseif(Ereg('://',' '.$attrib[1]) && $attrib[0] != "img" && $attrib[0] != "a"): // adresses in attributes (except A and IMG tags) are forbidden
132 $htmlparse = 'Neco se mi tam nelibi! To je hlaska HTML validace - nejedna se o nejakou cenzuru ;)';
133 //$htmlparse = 'Forbidden usage of adresses in tags!';
134 return 0;
135 elseif((SubStr_Count($attrib[1],'"')%2) > 0): // are quotes closed? can do mess if they aren\14
136 $htmlparse = 'Neuzavrel jste uvozovky uvnitr tagu &lt;'.$attrib[0].'&gt;!';
137 //$htmlparse = 'Close quotes in tag &lt;'.$tag[0].'&gt;!';
138 return 0;
139 elseif(Ereg('\?',$attrib[1]) && $attrib[0] == 'img'): // don\14 allow parameters in IMG tags
140 $htmlparse = 'Chyba u tagu &lt;img&gt; - nejsou povoleny parametry v adrese!';
141 //$htmlparse = 'Error in tag &lt;img&gt; - parameters in image adresses are forbidden!';
142 return 0;
143 elseif(($attrib[0] == 'td' || $attrib[0] == 'tr') && $opened_tables == 0):
144 $htmlparse = 'Strkej si ty tagy do vlastni tabulky, jo?';
145 return 0;
146 elseif($attrib[0] == 'table'):
147 $opened_tables++;
148 endif;
149 $j++;
150 $tags[$j] = $attrib[0];
151 endif;
152 endif;
153 $tok = StrTok('<');
154 $i = 1;
155 endwhile;
156
157 /*
158 just check, if all tags are properly closed
159 */
160
161 while($j > 0):
162 if($unpaired[$tags[$j]]):
163 $j--;
164 continue;
165 else:
166 $htmlparse = 'Neuzavrel jste tag &lt;'.$tags[$j].'&gt;!';
167 //$htmlparse = 'Tag &lt;'.$tags[$j].'&gt; wasn\14 closed correctly!';
168 return 0;
169 endif;
170 endwhile;
171 return 1;
172 }
173
174 }
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Thu, 16 May 2024 01:30:09 +0200)
This page took 0.314295 seconds and 4 git commands to generate.