| [ PHPXref.com ] | [ Generated: Sun Jul 20 18:53:27 2008 ] | [ myPHPNuke 1.8.8_8 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 3 @( (bool)FALSE === strpos( $_SERVER['REQUEST_URI'], basename( __FILE__ ) ) ) OR exit( '!! ACCESS DENIED !!' ); 4 //error_reporting( _E_VALUE ); 5 6 /* vim: set expandtab tabstop=4 shiftwidth=4: */ 7 8 // ***** BEGIN LICENSE BLOCK ( DO NOT REMOVE ) ***** 9 10 // +----------------------------------------------------------------------+ 11 // | Nested Page Project (NPP) For MPN 188_8 | 12 // | -> Base Class | 13 // +----------------------------------------------------------------------+ 14 // | VERSION: 0.1 Alpha | 15 // +----------------------------------------------------------------------+ 16 // | LICENSE: GPL 2.0 (see docs/LICENSE_GPL) | 17 // | | 18 // | This file is part of The Nested Page Project For MPN 188_8. | 19 // | | 20 // | The Nested Page Project For MPN 188_8 is free software; you can | 21 // | redistribute it and/or modify it under the terms of the GNU | 22 // | General Public License as published by the Free Software Foundation; | 23 // | either version 2 of the License, or (at your option) any | 24 // | later version. | 25 // | | 26 // | The Nested Page Project For MPN 188_8 is distributed in the hope | 27 // | that it will be useful, but WITHOUT ANY WARRANTY; without even the | 28 // | implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR. | 29 // | PURPOSE. See the GNU General Public License for more details. | 30 // | | 31 // | You should have received a copy of the GNU General Public License | 32 // | along with The Nested Page Project For MPN 188_8; if not, write to | 33 // | the | 34 // | | 35 // | Free Software Foundation, Inc. | 36 // | 59 Temple Place, Suite 330 | 37 // | Boston, MA 02111-1307 USA | 38 // +----------------------------------------------------------------------+ 39 // | AUTHOR(s): | 40 // | | 41 // | The Original Code is The Nested Page Project For MPN 188_8. | 42 // | The Initial Developer of the Original Code is Eric Haddix. | 43 // | | 44 // | Portions created by Eric Haddix or Kiril Threndor | 45 // | <support@mpn.illearth.net> are | 46 // | Copyright (C) 2003 Eric Haddix. All Rights Reserved. | 47 // +----------------------------------------------------------------------+ 48 // | CONTRIBUTOR(s): | 49 // | | 50 // | | 51 // +----------------------------------------------------------------------+ 52 // | MODIFICATIONS: | 53 // | | 54 // | | 55 // +----------------------------------------------------------------------+ 56 // | NOTES: | 57 // | This IS alpha code, so code may or may not change at any time | 58 // | I recommend you don't spend alot of time working with this class | 59 // | unless you want to do it again. This is WORK IN PROGRESS !! | 60 // | Complete Code comments and a readme will be completed for | 61 // | the first full release. | 62 // | | 63 // +----------------------------------------------------------------------+ 64 // | Required Files: | 65 // | -> core_Snoopy.class.php vs. 1.01a ( Modified For N_P_P ) | 66 // | * Snoopy vs. 1.01 ( http://sourceforge.net/projects/snoopy/ ) | 67 // | -> core_Sanitize.class.php | 68 // | -> core_Sanitize.param.php | 69 // | -> core_SSP_DefaultFormat.param.php | 70 // | -> your custom child class(es) and supporting files | 71 // +----------------------------------------------------------------------+ 72 // | SUPPORT: | 73 // | WEB: http://myphpnuke.com/ | 74 // | EMAIL: support@mpn.illearth.net | 75 // +----------------------------------------------------------------------+ 76 77 /** 78 * MPN_188_8_Modules 79 * 80 * @package MPN_188_8_Modules 81 * @subpackage Nested Page Project 82 * @version $Id: core_NestedPageProject.sparam.php,v 1.2.2.4.4.1 2004/12/01 13:52:02 kirilt Exp $ 83 * 84 * @author Kiril Threndor <support@mpn.illearth.net> 85 * @copyright Copyright (C) 2003 Eric Haddix 86 * @license http://www.gnu.org/licenses/gpl.html GPL 2.0 87 * @support http://myphpnuke.com/ 88 * @todo commenting 89 * @todo add code for NPP Partner 90 * @todo get alpha 2 together 91 * 92 * @tutorial 93 * @filesource 94 */ 95 96 // ***** END LICENSE BLOCK ( DO NOT REMOVE ) ***** 97 98 /** 99 * The Array Comments Below Taken Directly From htmlfilter.inc 100 * 101 * $tag_list 102 * ---------- 103 * This is a simple one-dimentional array of strings, except for the 104 * very first one. The first member should be einter false or true. 105 * In case it's FALSE, the following list will be considered a list of 106 * tags that should be explicitly REMOVED from the body, and all 107 * others that did not match the list will be allowed. If the first 108 * member is TRUE, then the list is the list of tags that should be 109 * explicitly ALLOWED -- any tag not matching this list will be 110 * discarded. 111 * 112 * Examples: 113 * $tag_list = Array( 114 * false, 115 * "blink", 116 * "link", 117 * "object", 118 * "meta", 119 * "marquee", 120 * "html" 121 * ); 122 * 123 * This will allow all tags except for blink, link, object, meta, marquee, 124 * and html. 125 * 126 * $tag_list = Array( 127 * true, 128 * "b", 129 * "a", 130 * "i", 131 * "img", 132 * "strong", 133 * "em", 134 * "p" 135 * ); 136 * 137 * This will remove all tags from the body except b, a, i, img, strong, em and 138 * p. 139 * 140 * $rm_tags_with_content 141 * --------------------- 142 * This is a simple one-dimentional array of strings, which specifies the 143 * tags to be removed with any and all content between the beginning and 144 * the end of the tag. 145 * Example: 146 * $rm_tags_with_content = Array( 147 * "script", 148 * "style", 149 * "applet", 150 * "embed" 151 * ); 152 * 153 * This will remove the following structure: 154 * <script> 155 * window.alert("Isn't cross-site-scripting fun?!"); 156 * </script> 157 * 158 * $self_closing_tags 159 * ------------------ 160 * This is a simple one-dimentional array of strings, which specifies which 161 * tags contain no content and should not be forcefully closed if this option 162 * is turned on (see further). 163 * Example: 164 * $self_closing_tags = Array( 165 * "img", 166 * "br", 167 * "hr", 168 * "input" 169 * ); 170 * 171 * $force_tag_closing 172 * ------------------ 173 * Set it to true to forcefully close any tags opened within the document. 174 * This is good if you want to take care of people who like to screw up 175 * the pages by leaving unclosed tags like <a>, <b>, <i>, etc. 176 * 177 * $rm_attnames 178 * ------------- 179 * Now we come to parameters that are more obscure. This parameter is 180 * a nested array which is used to specify which attributes should be 181 * removed. It goes like so: 182 * 183 * $rm_attnames = Array( 184 * "PCRE regex to match tag name" => 185 * Array( 186 * "PCRE regex to match attribute name" 187 * ) 188 * ); 189 * 190 * Example: 191 * $rm_attnames = Array( 192 * "|.*|" => 193 * Array( 194 * "|target|i", 195 * "|^on.*|i" 196 * ) 197 * ); 198 * 199 * This will match all attributes (.*), and specify that all attributes 200 * named "target" and starting with "on" should be removed. This will take 201 * care of the following problem: 202 * <em onmouseover="window.alert('muahahahaha')"> 203 * The "onmouseover" will be removed. 204 * 205 * $bad_attvals 206 * ------------ 207 * This is where it gets ugly. This is a nested array with many levels. 208 * It goes like so: 209 * 210 * $bad_attvals = Array( 211 * "pcre regex to match tag name" => 212 * Array( 213 * "pcre regex to match attribute name" => 214 * Array( 215 * "pcre regex to match attribute value" 216 * ) 217 * Array( 218 * "pcre regex replace a match from above with" 219 * ) 220 * ) 221 * ); 222 * 223 * An extensive example: 224 * 225 * $bad_attvals = Array( 226 * "|.*|" => 227 * Array( 228 * "/^src|background|href|action/i" => 229 * Array( 230 * Array( 231 * "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si" 232 * ), 233 * Array( 234 * "\\1http://veryfunny.com/\\2" 235 * ) 236 * ), 237 * "/^style/i" => 238 * Array( 239 * Array( 240 * "/expression/si", 241 * "/url\(([\'\"])\s*https*:.*([\'\"])\)/si", 242 * "/url\(([\'\"])\s*\S+script:.*([\'\"])\)/si" 243 * ), 244 * Array( 245 * "idiocy", 246 * "url(\\1http://veryfunny.com/\\2)", 247 * "url(\\1http://veryfynny.com/\\2)" 248 * ) 249 * ) 250 * ) 251 * ); 252 * 253 * This will take care of nearly all known cross-site scripting exploits, 254 * plus some (see my filter sample at 255 * http://www.mricon.com/html/phpfilter.html for a working version). 256 * 257 * 258 */ 259 260 // Allowed / Disallowed Tags 261 262 $tag_list = array 263 ( 264 FALSE 265 , 'head' 266 , 'meta' 267 , 'link' 268 , 'base' 269 , 'frameset' 270 , 'frame' 271 , 'blink' 272 , 'object' 273 , 'font' 274 , 'iframe' 275 , 'layer' 276 , 'ilayer' 277 , 'script' 278 , 'plaintext' 279 , 'img' 280 ); 281 282 // Cleanup Tags Unconditionally ( Do Not Change ) 283 284 $rm_tags_with_content = array 285 ( 286 'script' 287 , 'style' 288 , 'applet' 289 , 'embed' 290 , 'frameset' 291 , 'frame' 292 , 'xml' 293 ); 294 295 // Remove All Attributes From These Tags Unconditionally 296 // This array should contain tags that are allowed, but you want 297 // the attributes to go away 298 299 $rm_all_att = array 300 ( 301 'script' 302 , 'style' 303 , 'applet' 304 , 'embed' 305 , 'xml' 306 , 'body' 307 , 'font' 308 ); 309 310 // Fix Bad HTML 311 312 $self_closing_tags = array 313 ( 314 'br' 315 , 'hr' 316 , 'input' 317 , 'li' 318 , 'addsig' 319 , 'img' 320 ); 321 322 323 // Disallowed Attributes 324 325 $rm_attnames = array 326 ( 327 '/.*/' => array 328 ( 329 '/target/i' 330 , '/^on.*/i' 331 , '/^dynsrc/i' 332 , '/^datasrc/i' 333 , '/^data.*/i' 334 , '/^lowsrc/i' 335 , '/color/i' 336 , '/bgcolor/i' 337 , '/font/i' 338 , '/alt/i' 339 , '/summary/i' 340 , '/width/i' 341 , '/cellspacing/i' 342 , '/cellpadding/i' 343 , '/border/i' 344 ) 345 ); 346 347 $bad_attvals = array 348 ( 349 '/.*/' => array 350 ( 351 '/.*/' => array 352 ( 353 array 354 ( 355 '/^([\'\"])\s*\S+\s*script\s*:*(.*)([\'\"])/si' 356 , '/^([\'\"])\s*https*\s*:(.*)([\'\"])/si' 357 , '/^([\'\"])\s*mocha\s*:*(.*)([\'\"])/si' 358 , '/^([\'\"])\s*about\s*:(.*)([\'\"])/si' 359 ) 360 361 ,array 362 ( 363 '\\1oddjob:\\2\\1' 364 , '\\1uucp:\\2\\1' 365 , '\\1amaretto:\\2\\1' 366 , '\\1round:\\2\\1' 367 ) 368 ) 369 370 ,'/^style/i' => array 371 ( 372 array 373 ( 374 '/expression/i' 375 , '/behaviou*r/i' 376 , '/binding/i' 377 , '/include-source/i' 378 , '/url\s*\(\s*([\'\"]*)\s*https*:.*([\'\"]*)\s*\)/si' 379 , '/url\s*\(\s*([\'\"]*)\s*\S+\s*script:.*([\'\"]*)\s*\)/si' 380 ) 381 382 ,array 383 ( 384 'idiocy' 385 , 'idiocy' 386 , 'idiocy' 387 , 'idiocy' 388 , 'url(\\1http://securityfocus.com/\\1)' 389 , 'url(\\1http://securityfocus.com/\\1)' 390 ) 391 ) 392 393 ,'/^method/i' => array 394 ( 395 array( '/get/i' ) 396 ,array( 'post' ) 397 ) 398 ) 399 ); 400 401 // Fix Bad Type 4 Attributes 402 // $tagname -> array( $attname => replacment ) 403 404 $fix_bad_attr_vals = array 405 ( 406 'option' => 'selected' 407 , 'input' => 'checked' 408 ); 409 410 411 // Allowed Http Type Attribute Values Tags 412 // Tagname => attribute name 413 414 $allow_http_attr_vals = array 415 ( 416 'a' => array( 'href' ) 417 , 'img' => array( 'src' ) 418 , 'form' => array( 'action' ) 419 ); 420 421 // Add Attributes To Tags 422 423 $add_attr_to_tag = array 424 ( 425 '/^table$/i' => array( 'summary' => '"N_P_P table"' 426 , 'class' => '"remotetbl"' 427 ) 428 ); 429 430 431 /** 432 * New Arrays That Extend htmlfilter.inc Functionality 433 */ 434 435 /** 436 * Replacement Tag Array 437 * 438 * This array can be used for attempting to convert HTML -> XHTML 439 * And For Replacing Tags With Your Own Tags 440 * 441 * The First Value Must Be Bool And Is Used To Enable/Disable Replacements 442 */ 443 444 445 $rpltag_list = array 446 ( 447 TRUE 448 , 'open' => array( 'html' => '!-- START N_P_P CONTENT --' 449 , 'title' => 'h1' 450 , 'body' => 'div id="npp"' 451 , 'center' => 'div class="center"' 452 , 'font' => 'span class="font3"' 453 , 'hr' => 'hr class="w80"' 454 ) 455 456 , 'close' => array( 'html' => '!-- END N_P_P CONTENT --' 457 , 'title' => 'h1' 458 , 'body' => 'div' 459 , 'center' => 'div' 460 , 'font' => 'span' 461 , 'hr' => '' 462 ) 463 ); 464 465 466 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| [ Powered by PHPXref - Served by Debian GNU/Linux ] |