includes/functions_cleanhtml.php

   1 <?php
   2 /*=====================================================================*\
   3 || ################################################################### ||
   4 || # [#]app[#] [#]version[#]
   5 || # --------------------------------------------------------------- # ||
   6 || # All parts of this file are ©2003-[#]year[#] Iris Studios, Inc. No     # ||
   7 || # part of this file may be reproduced in any way: part or whole.  # ||
   8 || # --------------------------------------------------------------- # ||
   9 || # ©2003 - [#]year[#] Iris Studios, Inc. | http://www.iris-studios.com   # ||
  10 || ################################################################### ||
  11 \*=====================================================================*/
  12
  13 // ###################### Start process_raw_html #####################
  14 // this cleans out all of the unsafe HTML tags
  15 function process_raw_html($text)
  16 {
  17         // remove big scripts
  18         $text = preg_replace('#<script(.*?)script>#isU', '', $text);
  19
  20         // clean tags
  21         $tagarray = array('img', 'a', 'strong', 'b', 'em', 'i', 'u', 's', 'br', 'p');
  22         foreach ($tagarray AS $tag)
  23         {
  24                 $goodtags .= '<' . $tag . '>';
  25         }
  26
  27         // remove js attributes
  28         $text = preg_replace('#href=("|\'|&quot;)javascript:(.*?)\\1#i', 'href="&#106;&#97;"', $text);
  29
  30         $text = strip_tags($text, $goodtags);
  31         return $text;
  32 }
  33
  34 // ##################### Start process_safe_html #####################
  35 // this removes any attempts to use <a href="javascript:"> type things
  36 function process_safe_html($text)
  37 {
  38         //$text = preg_replace('#javascript#i', 'java&nbsp;script', $text);
  39         $text = preg_replace('#</?(table|form|tr|td|tbody|thead) ?(.*?)?>#isU', '', $text);
  40         return $text;
  41 }
  42
  43 // ###################### Start process_all_html #####################
  44 // say goodbye to anything in a tag
  45 function process_all_html($text)
  46 {
  47         $text = preg_replace('#</?(.+?)>#', '', $text);
  48         $text = strip_tags($text);
  49         return $text;
  50 }
  51
  52 // ##################### Start process_post_html #####################
  53 function process_post_html($text, $allowraw = 0, $allowsafe = 1)
  54 {
  55         if ($allowraw)
  56         {
  57                 return $text;
  58         }
  59         if ($allowsafe)
  60         {
  61                 $text = process_raw_html($text);
  62                 return $text;
  63         }
  64         if (!$allow AND !$allowsafe)
  65         {
  66                 $text = process_raw_html($text);
  67                 $text = process_all_html($text);
  68                 return $text;
  69         }
  70 }
  71
  72 /*=====================================================================*\
  73 || ###################################################################
  74 || # $HeadURL$
  75 || # $Id$
  76 || ###################################################################
  77 \*=====================================================================*/
  78 ?>