LotGDocker/lotgd-web/lotgd/lib/sanitize.php

131 lines
3.6 KiB
PHP
Raw Permalink Normal View History

2020-08-17 19:16:42 -04:00
<?php
// translator ready
// addnews ready
// mail ready
function sanitize($in){
$out = preg_replace("/[`][1234567890!@#\$%^&)~QqRVvGgTtjJeElLxXyYkKpPmM?*AabicnHw]/", "", $in);
return $out;
}
function newline_sanitize($in){
$out = preg_replace("/`n/", "", $in);
return $out;
}
function color_sanitize($in){
$out = preg_replace("/[`][1234567890!@#\$%^&)~QqRVvGgTtjJeElLxXyYkKpPmM?*Aabi]/", "", $in);
return $out;
}
function comment_sanitize($in) {
// to keep the regexp from boinging this, we need to make sure
// that we're not replacing in with the ` mark.
$out=preg_replace("/[`](?=[^1234567890!@#\$%^&)~QqRVvGgTteEjJlLxXyYkKpPmM?*Aa])/", chr(1).chr(1), $in);
$out = str_replace(chr(1),"`",$out);
return $out;
}
function logdnet_sanitize($in)
{
// to keep the regexp from boinging this, we need to make sure
// that we're not replacing in with the ` mark.
$out=preg_replace("/[`](?=[^1234567890!@#\$%^&)Qqbi])/", chr(1).chr(1), $in);
$out = str_replace(chr(1),"`",$out);
return $out;
}
function full_sanitize($in) {
$out = preg_replace("/[`]./", "", $in);
return $out;
}
function cmd_sanitize($in) {
$out = preg_replace("'[&?]c=[[:digit:]-]+'", "", $in);
return $out;
}
function comscroll_sanitize($in) {
$out = preg_replace("'&c(omscroll)?=([[:digit:]]|-)*'", "", $in);
$out = preg_replace("'\\?c(omscroll)?=([[:digit:]]|-)*'", "?", $out);
$out = preg_replace("'&(refresh|comment)=1'", "", $out);
$out = preg_replace("'\\?(refresh|comment)=1'", "?", $out);
return $out;
}
function prevent_colors($in) {
$out = str_replace("`", "&#0096;", $in);
return $out;
}
function translator_uri($in){
$uri = comscroll_sanitize($in);
$uri = cmd_sanitize($uri);
if (substr($uri,-1)=="?") $uri = substr($uri,0,-1);
return $uri;
}
function translator_page($in){
$page = $in;
if (strpos($page,"?")!==false) $page=substr($page,0,strpos($page,"?"));
//if ($page=="runmodule.php" && 0){
// //we should handle this in runmodule.php now that we have tlschema.
// $matches = array();
// preg_match("/[&?](module=[^&]*)/i",$in,$matches);
// if (isset($matches[1])) $page.="?".$matches[1];
//}
return $page;
}
function modulename_sanitize($in){
return preg_replace("'[^0-9A-Za-z_]'","",$in);
}
// the following function borrowed from mike-php at emerge2 dot com's post
// to php.net documentation.
//Original post is available here: http://us3.php.net/stripslashes
function stripslashes_array( $given ) {
return is_array( $given ) ?
array_map( 'stripslashes_array', $given ) : stripslashes( $given );
}
// Handle spaces in character names
function sanitize_name($spaceallowed, $inname)
{
if ($spaceallowed)
$expr = "([^[:alpha:] _-])";
else
$expr = "([^[:alpha:]])";
return preg_replace($expr, "", $inname);
}
// Handle spaces and color in character names
function sanitize_colorname($spaceallowed, $inname, $admin = false)
{
if ($admin && getsetting("allowoddadminrenames", 0)) return $inname;
if ($spaceallowed)
$expr = "([^[:alpha:]`!@#$%^&\\)12345670 _-])";
else
$expr = "([^[:alpha:]`!@#$%^&\\)12345670])";
return preg_replace($expr, "", $inname);
}
// Strip out <script>...</script> blocks and other HTML tags to try and
// detect if we have any actual output. Used by the collapse code to try
// and make sure we don't add spurious collapse boxes.
// Also used by the rename code to remove HTML that some admins try to
// insert.. Bah
function sanitize_html($str)
{
//take out script blocks
$str = preg_replace("/<script[^>]*>.+<\\/script[^>]*>/", "", $str);
//take out css blocks
$str = preg_replace("/<style[^>]*>.+<\\/style[^>]*>/", "", $str);
//take out comments
$str = preg_replace("/<!--.*-->/", "", $str);
$str = strip_tags($str);
return $str;
}
?>