Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/functions.php
changeset 15 ad5986a53197
parent 14 ce6053bb48d8
child 16 64e0d3d4cf14
equal deleted inserted replaced
14:ce6053bb48d8 15:ad5986a53197 
  1441       }
 
  1441       }
 
  1442     }
 
  1442     }
 
  1443     
  1443     
  1444   }
 
  1444   }
 
  1445   
  1445   
       
  1446   // Vulnerability from ha.ckers.org/xss.html:
 
       
  1447   // <script src="http://foo.com/xss.js"
 
       
  1448   // <
 
       
  1449   // The rule is so specific because everything else will have been filtered by now
 
       
  1450   $html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '&lt;\\1\\2src=\\3&lt;', $html);
 
       
  1451   
  1446   return $html;
 
  1452   return $html;
 
  1447   
  1453   
  1448 }
 
  1454 }
 
  1449 
  1455 
  1450 function htmlalternatives($string)
 
  1456 function htmlalternatives($string)
 
  1832  */
 
  1838  */
 
  1833 
  1839 
  1834 function sanitize_page_id($page_id)
 
  1840 function sanitize_page_id($page_id)
 
  1835 {
 
  1841 {
 
  1836   
  1842   
  1837   // First, replace spaces with underscores  
  1843   // Remove character escapes
 
  1838   $page_id = str_replace(' ', '_', $page_id);
 
  1844   $page_id = dirtify_page_id($page_id);
 
  1839   
       
  1840   preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
 
       
  1841   
       
  1842   foreach ( $matches[0] as $id => $char )
 
       
  1843   {
 
       
  1844     $char = substr($char, 1);
 
       
  1845     $char = strtolower($char);
 
       
  1846     $char = intval(hexdec($char));
 
       
  1847     $char = chr($char);
 
       
  1848     $page_id = str_replace($matches[0][$id], $char, $page_id);
 
       
  1849   }
 
       
  1850   
  1845   
  1851   $pid_clean = preg_replace('/[\w\/:;\(\)@\[\]_-]/', 'X', $page_id);
 
  1846   $pid_clean = preg_replace('/[\w\/:;\(\)@\[\]_-]/', 'X', $page_id);
 
  1852   $pid_dirty = enano_str_split($pid_clean, 1);
 
  1847   $pid_dirty = enano_str_split($pid_clean, 1);
 
  1853   
  1848   
  1854   foreach ( $pid_dirty as $id => $char )
 
  1849   foreach ( $pid_dirty as $id => $char )
 
  1885   
  1880   
  1886   return $page_id_cleaned;
 
  1881   return $page_id_cleaned;
 
  1887 }
 
  1882 }
 
  1888 
  1883 
  1889 /**
 
  1884 /**
 
       
  1885  * Removes character escapes in a page ID string
 
       
  1886  * @param string Page ID string to dirty up
 
       
  1887  * @return string
 
       
  1888  */
 
       
  1889 
       
  1890 function dirtify_page_id($page_id)
 
       
  1891 {
 
       
  1892   // First, replace spaces with underscores  
       
  1893   $page_id = str_replace(' ', '_', $page_id);
 
       
  1894   
       
  1895   preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
 
       
  1896   
       
  1897   foreach ( $matches[0] as $id => $char )
 
       
  1898   {
 
       
  1899     $char = substr($char, 1);
 
       
  1900     $char = strtolower($char);
 
       
  1901     $char = intval(hexdec($char));
 
       
  1902     $char = chr($char);
 
       
  1903     $page_id = str_replace($matches[0][$id], $char, $page_id);
 
       
  1904   }
 
       
  1905   
       
  1906   return $page_id;
 
       
  1907 }
 
       
  1908 
       
  1909 /**
 
  1890  * Inserts commas into a number to make it more human-readable. Floating point-safe.
 
  1910  * Inserts commas into a number to make it more human-readable. Floating point-safe.
 
  1891  * @param int The number to process
 
  1911  * @param int The number to process
 
  1892  * @return string Input number with commas added
 
  1912  * @return string Input number with commas added
 
  1893  */
 
  1913  */
 
  1894 
  1914
Enano CMS (1.1.x)