Project

General

Profile

wb-2_10_x / branches / main / framework / Sanitize.php @ 10

1
<?php
2

    
3
/*
4
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5
 *
6
 * This program is free software: you can redistribute it and/or modify
7
 * it under the terms of the GNU General Public License as published by
8
 * the Free Software Foundation, either version 3 of the License, or
9
 * (at your option) any later version.
10
 *
11
 * This program is distributed in the hope that it will be useful,
12
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14
 * GNU General Public License for more details.
15
 *
16
 * You should have received a copy of the GNU General Public License
17
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18
 *
19
 * Sanitize.php
20
 *
21
 * @category     Security
22
 * @package      Security_Sanitize
23
 * @subpackage   Name of the subpackage if needed
24
 * @copyright    Manuela v.d.Decken <manuela@isteam.de>
25
 * @author       Manuela v.d.Decken <manuela@isteam.de>
26
 * @license      http://www.gnu.org/licenses/gpl.html   GPL License
27
 * @version      0.0.1
28
 * @revision     $Revision: 2 $
29
 * @link         $HeadURL: svn://isteam.dynxs.de/wb/2.10.x/branches/main/framework/Sanitize.php $
30
 * @lastmodified $Date: 2017-07-02 17:14:29 +0200 (Sun, 02 Jul 2017) $
31
 * @since        File available since 10.03.2016
32
 * @description  this class provides several methods for sanitizing.
33
 */
34
class Sanitize {
35

    
36
    /* constants for StripFromText */
37
    const REMOVE_PHP     =  1;    // BIT #0 - remove all PHP-Code
38
    const REMOVE_DROPLET =  2;    // BIT #1 - remove Droplet tags
39
    const REMOVE_COMMENT =  4;    // BIT #2 - remove HTML Comments
40
    const REMOVE_SCRIPT  =  8;    // BIT #3 - remove external and internal Javascript (no inline events)
41
    const REMOVE_STYLES  = 16;    // BIT #4 - remove external and internal style sheets (no inline)
42
    const REMOVE_DEFAULT = 26;    // a combination of BITS #1 + #3 + #4
43

    
44
    /** constructor */
45
    protected function __construct() {
46
        ;
47
    }
48
/**
49
 * remove complex elements from strings
50
 * @param mixed $mText string or array of strings
51
 * @param integer $iFlags all flags of needed functions
52
 * @return mixed
53
 */
54
    public static function StripFromText($mText, $iFlags = self::REMOVE_PHP)
55
    {
56
        if (is_string($mText) || is_array($mText)) {
57
            $aPatterns = array(
58
                self::REMOVE_PHP     => '/<\?php\s+.*\?>/si',
59
                self::REMOVE_DROPLET => '/\[\[.*?\]\]/si',
60
                self::REMOVE_COMMENT => '/<!--\s+.*?-->/si',
61
                self::REMOVE_SCRIPT  => '/<script[^>]*?\/>|<script[^>]*?>.*?<\/script>/si',
62
                self::REMOVE_STYLES  =>
63
                    '/<style[^>]*?\/>|<style[^>]*?>.*?<\/style>|'.
64
                    '<link[^>]*?(\"text\/css\")?(\"stylesheet\")?[^>]*?\/?>|<link[^>]*?(\"text\/css\")?(\"stylesheet\")?[^>]*?>.*?<\/style>/si',
65
            );
66
            $iFlags = intval($iFlags);
67
            $aSearches = array();
68
            for ($i = 0; $i < sizeof($aPatterns); $i++) {
69
                if ((pow(2, $i) & $iFlags) != 0) {
70
                    $aSearches[] = $aPatterns[pow(2, $i)];
71
                }
72
            }
73
            $mText = preg_replace($aSearches, '', $mText);
74
        }
75
        return $mText;
76
    }
77

    
78
}
79

    
80
// end of class Sanitize