Location: PHPKode > projects > Escher CMS > eschercms-0.9.2/escher/sparkplug/plugs/sparksanitizer/sparkautosanitizer.php
<?php

/*
Copyright 2009-2011 Sam Weiss
All Rights Reserved.

This file is part of Spark/Plug.

Spark/Plug is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

if (!defined('spark/plug'))
{
	header('HTTP/1.1 403 Forbidden');
	exit('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don\'t have permission to access the requested resource on this server.</p></body></html>');
}

// -----------------------------------------------------------------------------

class SparkAutoSanitizer extends SparkApplication
{
	private $_sanitizer;
	private $_sanitizer_charset;
	private $_sanitizer_params_in;
	private $_sanitizer_params_out;

	// --------------------------------------------------------------------------

	public function __construct($spark, $config = array())
	{
		parent::__construct($spark, $config);
		
		$params = $this->config->get('sanitizer');

		$this->_sanitizer_charset = isset($params['charset']) ? $params['charset'] : $this->config->get('charset', 'UTF-8');

		if (!empty($params['in']['active']))
		{
			$this->_sanitizer_params_in = $params['in'];
			unset($this->_sanitizer_params_in['active']);
		}
		if (!empty($params['out']['active']))
		{
			$this->_sanitizer_params_out = $params['out'];
			unset($this->_sanitizer_params_out['active']);
		}
	}

	// --------------------------------------------------------------------------

	protected function sanitizeString(&$item, $doStrip = false)
	{
		parent::sanitizeString($item, $doStrip);

		if ($this->_sanitizer_params_in)
		{
			if (!$this->_sanitizer)
			{
				$this->_sanitizer = $this->factory->manufacture('SparkSanitizer');
			}
	
			$item = html_entity_decode($this->_sanitizer->sanitize($item, $this->_sanitizer_params_in), ENT_QUOTES, $this->_sanitizer_charset);
		}
	}
	
	// --------------------------------------------------------------------------

	public function display($output, $contentType = 'text/html', $status = NULL, $headers = NULL)
	{
		if ($this->_sanitizer_params_out && ($contentType === 'text/html'))
		{
			if (!$this->_sanitizer)
			{
				$this->_sanitizer = $this->factory->manufacture('SparkSanitizer');
			}
			
			// htmlawed only works on the body element
			
			$doc = $this->parseHTML($output);
 			$output = $doc['doctype'] . $doc['head'] . "<body{$doc['bodyattr']}>\n" . $this->_sanitizer->sanitize($doc['body'], $this->_sanitizer_params_out) . "</body>\n</html>";
		}
		
		return parent::display($output, $contentType, $status, $headers);
	}
	
	// --------------------------------------------------------------------------

	public function parseHTML($input)
	{
		// this function adapted from Drupal...more efficient to use DomDocument?
		
		// doctype

		$regex = '/^(.*)<head>/Umsi';					// doctype (everything prior to head element)
		preg_match($regex, $input, $matches);
		$output['doctype'] = isset($matches[1]) ? $matches[1] . "\n" : '';

		// head
		
		$regex = '@(<head.*>.*</head\\s*>)@Umsi'; // head element
		preg_match($regex, $input, $matches);
		if (isset($matches[1]))
		{
			$head = trim($matches[1]);
			$replace = array("\n  ", "\n\n");
			$head = str_replace($replace, "\n", $head);
			$output['head'] = $head . "\n";
		}
		else
		{
			$output['head'] = '';
		}
		
		// body
		
		$regex = '@<body(.*)>(.*)</body\\s*>@Umsi'; 	// body element
		preg_match($regex, $input, $matches);
		$output['bodyattr'] = isset($matches[1]) ? trim($matches[1]) : '';
		if ($output['bodyattr'] !== '')
		{
			$output['bodyattr'] = ' ' . $output['bodyattr'];
		}
		$output['body'] = isset($matches[2]) ? trim($matches[2]) : '';
		
		return $output;
	}
	
	// --------------------------------------------------------------------------
}
Return current item: Escher CMS