LotGDocker/lotgd-web/lotgd/lib/sanitize.php

<?php
// translator ready
// addnews ready
// mail ready

function sanitize($in){
	$out = preg_replace("/[`][1234567890!@#\$%^&)~QqRVvGgTtjJeElLxXyYkKpPmM?*AabicnHw]/", "", $in);
	return $out;
}

function newline_sanitize($in){
	$out = preg_replace("/`n/", "", $in);
	return $out;
}

function color_sanitize($in){
	$out = preg_replace("/[`][1234567890!@#\$%^&)~QqRVvGgTtjJeElLxXyYkKpPmM?*Aabi]/", "", $in);
	return $out;
}

function comment_sanitize($in) {
	// to keep the regexp from boinging this, we need to make sure
	// that we're not replacing in with the ` mark.
	$out=preg_replace("/[`](?=[^1234567890!@#\$%^&)~QqRVvGgTteEjJlLxXyYkKpPmM?*Aa])/", chr(1).chr(1), $in);
	$out = str_replace(chr(1),"`",$out);
	return $out;
}

function logdnet_sanitize($in)
{
	// to keep the regexp from boinging this, we need to make sure
	// that we're not replacing in with the ` mark.
	$out=preg_replace("/[`](?=[^1234567890!@#\$%^&)Qqbi])/", chr(1).chr(1), $in);
	$out = str_replace(chr(1),"`",$out);
	return $out;
}

function full_sanitize($in) {
	$out = preg_replace("/[`]./", "", $in);
	return $out;
}

function cmd_sanitize($in) {
	$out = preg_replace("'[&?]c=[[:digit:]-]+'", "", $in);
	return $out;
}

function comscroll_sanitize($in) {
	$out = preg_replace("'&c(omscroll)?=([[:digit:]]|-)*'", "", $in);
	$out = preg_replace("'\\?c(omscroll)?=([[:digit:]]|-)*'", "?", $out);
	$out = preg_replace("'&(refresh|comment)=1'", "", $out);
	$out = preg_replace("'\\?(refresh|comment)=1'", "?", $out);
	return $out;
}

function prevent_colors($in) {
	$out = str_replace("`", "&#0096;", $in);
	return $out;
}

function translator_uri($in){
	$uri = comscroll_sanitize($in);
	$uri = cmd_sanitize($uri);
	if (substr($uri,-1)=="?") $uri = substr($uri,0,-1);
	return $uri;
}

function translator_page($in){
	$page = $in;
	if (strpos($page,"?")!==false) $page=substr($page,0,strpos($page,"?"));
	//if ($page=="runmodule.php" && 0){
	//	//we should handle this in runmodule.php now that we have tlschema.
	//	$matches = array();
	//	preg_match("/[&?](module=[^&]*)/i",$in,$matches);
	//	if (isset($matches[1])) $page.="?".$matches[1];
	//}
	return $page;
}

function modulename_sanitize($in){
	return preg_replace("'[^0-9A-Za-z_]'","",$in);
}

// the following function borrowed from mike-php at emerge2 dot com's post
// to php.net documentation.
//Original post is available here: http://us3.php.net/stripslashes
function stripslashes_array( $given ) {
   return is_array( $given ) ?
	   array_map( 'stripslashes_array', $given ) : stripslashes( $given );
}

// Handle spaces in character names
function sanitize_name($spaceallowed, $inname)
{
	if ($spaceallowed)
		$expr = "([^[:alpha:] _-])";
	else
		$expr = "([^[:alpha:]])";
	return preg_replace($expr, "", $inname);
}

// Handle spaces and color in character names
function sanitize_colorname($spaceallowed, $inname, $admin = false)
{
	if ($admin && getsetting("allowoddadminrenames", 0)) return $inname;
	if ($spaceallowed)
		$expr = "([^[:alpha:]`!@#$%^&\\)12345670 _-])";
	else
		$expr = "([^[:alpha:]`!@#$%^&\\)12345670])";
	return preg_replace($expr, "", $inname);
}

// Strip out <script>...</script> blocks and other HTML tags to try and
// detect if we have any actual output.  Used by the collapse code to try
// and make sure we don't add spurious collapse boxes.
// Also used by the rename code to remove HTML that some admins try to
// insert.. Bah
function sanitize_html($str)
{
	//take out script blocks
	$str = preg_replace("/<script[^>]*>.+<\\/script[^>]*>/", "", $str);
	//take out css blocks
	$str = preg_replace("/<style[^>]*>.+<\\/style[^>]*>/", "", $str);
	//take out comments
	$str = preg_replace("/<!--.*-->/", "", $str);
	$str = strip_tags($str);
	return $str;
}

?>
Initial commit 2020-08-17 19:16:42 -04:00			`<?php`
			`// translator ready`
			`// addnews ready`
			`// mail ready`

			`function sanitize($in){`
			$out = preg_replace("/[`][1234567890!@#\$%^&)~QqRVvGgTtjJeElLxXyYkKpPmM?*AabicnHw]/", "", $in);
			`return $out;`
			`}`

			`function newline_sanitize($in){`
			$out = preg_replace("/`n/", "", $in);
			`return $out;`
			`}`

			`function color_sanitize($in){`
			$out = preg_replace("/[`][1234567890!@#\$%^&)~QqRVvGgTtjJeElLxXyYkKpPmM?*Aabi]/", "", $in);
			`return $out;`
			`}`

			`function comment_sanitize($in) {`
			`// to keep the regexp from boinging this, we need to make sure`
			// that we're not replacing in with the ` mark.
			$out=preg_replace("/[`](?=[^1234567890!@#\$%^&)~QqRVvGgTteEjJlLxXyYkKpPmM?*Aa])/", chr(1).chr(1), $in);
			$out = str_replace(chr(1),"`",$out);
			`return $out;`
			`}`

			`function logdnet_sanitize($in)`
			`{`
			`// to keep the regexp from boinging this, we need to make sure`
			// that we're not replacing in with the ` mark.
			$out=preg_replace("/[`](?=[^1234567890!@#\$%^&)Qqbi])/", chr(1).chr(1), $in);
			$out = str_replace(chr(1),"`",$out);
			`return $out;`
			`}`

			`function full_sanitize($in) {`
			$out = preg_replace("/[`]./", "", $in);
			`return $out;`
			`}`

			`function cmd_sanitize($in) {`
			`$out = preg_replace("'[&?]c=[[:digit:]-]+'", "", $in);`
			`return $out;`
			`}`

			`function comscroll_sanitize($in) {`
			`$out = preg_replace("'&c(omscroll)?=([[:digit:]]\|-)*'", "", $in);`
			`$out = preg_replace("'\\?c(omscroll)?=([[:digit:]]\|-)*'", "?", $out);`
			`$out = preg_replace("'&(refresh\|comment)=1'", "", $out);`
			`$out = preg_replace("'\\?(refresh\|comment)=1'", "?", $out);`
			`return $out;`
			`}`

			`function prevent_colors($in) {`
			$out = str_replace("`", "`", $in);
			`return $out;`
			`}`

			`function translator_uri($in){`
			`$uri = comscroll_sanitize($in);`
			`$uri = cmd_sanitize($uri);`
			`if (substr($uri,-1)=="?") $uri = substr($uri,0,-1);`
			`return $uri;`
			`}`

			`function translator_page($in){`
			`$page = $in;`
			`if (strpos($page,"?")!==false) $page=substr($page,0,strpos($page,"?"));`
			`//if ($page=="runmodule.php" && 0){`
			`// //we should handle this in runmodule.php now that we have tlschema.`
			`// $matches = array();`
			`// preg_match("/[&?](module=[^&]*)/i",$in,$matches);`
			`// if (isset($matches[1])) $page.="?".$matches[1];`
			`//}`
			`return $page;`
			`}`

			`function modulename_sanitize($in){`
			`return preg_replace("'[^0-9A-Za-z_]'","",$in);`
			`}`

			`// the following function borrowed from mike-php at emerge2 dot com's post`
			`// to php.net documentation.`
			`//Original post is available here: http://us3.php.net/stripslashes`
			`function stripslashes_array( $given ) {`
			`return is_array( $given ) ?`
			`array_map( 'stripslashes_array', $given ) : stripslashes( $given );`
			`}`

			`// Handle spaces in character names`
			`function sanitize_name($spaceallowed, $inname)`
			`{`
			`if ($spaceallowed)`
			`$expr = "([^[:alpha:] _-])";`
			`else`
			`$expr = "([^[:alpha:]])";`
			`return preg_replace($expr, "", $inname);`
			`}`

			`// Handle spaces and color in character names`
			`function sanitize_colorname($spaceallowed, $inname, $admin = false)`
			`{`
			`if ($admin && getsetting("allowoddadminrenames", 0)) return $inname;`
			`if ($spaceallowed)`
			$expr = "([^[:alpha:]`!@#$%^&\\)12345670 _-])";
			`else`
			$expr = "([^[:alpha:]`!@#$%^&\\)12345670])";
			`return preg_replace($expr, "", $inname);`
			`}`

			`// Strip out <script>...</script> blocks and other HTML tags to try and`
			`// detect if we have any actual output. Used by the collapse code to try`
			`// and make sure we don't add spurious collapse boxes.`
			`// Also used by the rename code to remove HTML that some admins try to`
			`// insert.. Bah`
			`function sanitize_html($str)`
			`{`
			`//take out script blocks`
			`$str = preg_replace("/<script[^>]>.+<\\/script[^>]>/", "", $str);`
			`//take out css blocks`
			`$str = preg_replace("/<style[^>]>.+<\\/style[^>]>/", "", $str);`
			`//take out comments`
			`$str = preg_replace("/<!--.*-->/", "", $str);`
			`$str = strip_tags($str);`
			`return $str;`
			`}`

			`?>`