Enano CMS (1.1.x): comparison includes/functions.php

equal deleted inserted replaced

-:e1a22031b5bd
+:ad00dc1f8706
 * @return string cleaned HTML
 */
 function sanitize_html($html, $filter_php = true)
 {
+// Random seed for substitution
+$rand_seed = md5( sha1(microtime()) . mt_rand() );
+// Strip out comments that are already escaped
+preg_match_all('/&lt;!--(.*?)--&gt;/', $html, $comment_match);
+$i = 0;
+foreach ( $comment_match[0] as $comment )
+{
+$html = str_replace_once($comment, "{HTMLCOMMENT:$i:$rand_seed}", $html);
+$i++;
+}
+// Strip out code sections that will be postprocessed by Text_Wiki
+preg_match_all(';^<code(\s[^>]*)?>((?:(?R)|.)*?)\n</code>(\s|$);msi', $html, $code_match);
+$i = 0;
+foreach ( $code_match[0] as $code )
+{
+$html = str_replace_once($code, "{TW_CODE:$i:$rand_seed}", $html);
+$i++;
+}
 $html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>(.*?)</\\1>#is', '&lt;\\1\\2\\3javascript:\\59&gt;\\60&lt;/\\1&gt;', $html);
 $html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>#is', '&lt;\\1\\2\\3javascript:\\59&gt;', $html);
 if($filter_php)
 // The rule is so specific because everything else will have been filtered by now
 $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 // Unstrip comments
 $html = preg_replace('/&lt;!--([^>]*?)--&gt;/i', '', $html);
+// Restore stripped comments
+$i = 0;
+foreach ( $comment_match[0] as $comment )
+{
+$html = str_replace_once("{HTMLCOMMENT:$i:$rand_seed}", $comment, $html);
+$i++;
+}
+// Restore stripped code
+$i = 0;
+foreach ( $code_match[0] as $code )
+{
+$html = str_replace_once("{TW_CODE:$i:$rand_seed}", $code, $html);
+$i++;
+}
 return $html;
 }

changeset 163	ad00dc1f8706
parent 145	6f0bbf88c325
child 164	54c79adfb694