mirror of
https://github.com/Dolibarr/dolibarr.git
synced 2026-01-03 15:42:29 +01:00
Clean code
This commit is contained in:
Laurent Destailleur
@@ -1582,6 +1582,7 @@ function dol_escape_json($stringtoescape)
|
||||
|
||||
/**
|
||||
* Returns text escaped for inclusion in HTML alt or title or value tags, or into values of HTML input fields.
|
||||
* When we output string on pages, we use dol_string_onlythesehtmltags(dol_htmlentitiesbr()) for notes, and use dol_escape_htmltag() for simple labels.
|
||||
*
|
||||
* @param string $stringtoescape String to escape
|
||||
* @param int $keepb 1=Keep b tags, 0=remove them completely
|
||||
@@ -7099,21 +7100,29 @@ function dol_string_nohtmltag($stringtoclean, $removelinefeed = 1, $pagecodeto =
|
||||
* @param int $cleanalsojavascript Remove also occurence of 'javascript:'.
|
||||
* @param int $allowiframe Allow iframe tags.
|
||||
* @param array $allowed_tags List of allowed tags to replace the default list
|
||||
* @param int $allowlink Allow link tags.
|
||||
* @return string String cleaned
|
||||
*
|
||||
* @see dol_escape_htmltag() strip_tags() dol_string_nohtmltag() dol_string_neverthesehtmltags()
|
||||
*/
|
||||
function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0, $allowed_tags = array())
|
||||
function dol_string_onlythesehtmltags($stringtoclean, $cleanalsosomestyles = 1, $removeclassattribute = 1, $cleanalsojavascript = 0, $allowiframe = 0, $allowed_tags = array(), $allowlink = 0)
|
||||
{
|
||||
if (empty($allowed_tags)) {
|
||||
$allowed_tags = array(
|
||||
"html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li", "link",
|
||||
"html", "head", "meta", "body", "article", "a", "abbr", "b", "blockquote", "br", "cite", "div", "dl", "dd", "dt", "em", "font", "img", "ins", "hr", "i", "li",
|
||||
"ol", "p", "q", "s", "section", "span", "strike", "strong", "title", "table", "tr", "th", "td", "u", "ul", "sup", "sub", "blockquote", "pre", "h1", "h2", "h3", "h4", "h5", "h6"
|
||||
);
|
||||
}
|
||||
$allowed_tags[] = "comment"; // this tags is added to manage comment <!--...--> that are replaced into <comment>...</comment>
|
||||
if ($allowiframe) {
|
||||
$allowed_tags[] = "iframe";
|
||||
if (!in_array('iframe', $allowed_tags)) {
|
||||
$allowed_tags[] = "iframe";
|
||||
}
|
||||
}
|
||||
if ($allowlink) {
|
||||
if (!in_array('link', $allowed_tags)) {
|
||||
$allowed_tags[] = "link";
|
||||
}
|
||||
}
|
||||
|
||||
$allowed_tags_string = join("><", $allowed_tags);
|
||||
@@ -7304,7 +7313,8 @@ function dolGetFirstLineOfText($text, $nboflines = 1, $charset = 'UTF-8')
|
||||
|
||||
/**
|
||||
* Replace CRLF in string with a HTML BR tag.
|
||||
* WARNING: The content after operation contains some HTML tags (the <br>) so be sure to also have encode the special chars of stringtoencode into HTML before.
|
||||
* WARNING: The content after operation contains some HTML tags (the <br>) so be sure to also have
|
||||
* encoded the special chars of stringtoencode into HTML before with dol_htmlentitiesbr().
|
||||
*
|
||||
* @param string $stringtoencode String to encode
|
||||
* @param int $nl2brmode 0=Adding br before \n, 1=Replacing \n by br
|
||||
@@ -7331,7 +7341,7 @@ function dol_nl2br($stringtoencode, $nl2brmode = 0, $forxml = false)
|
||||
*
|
||||
* @param string $stringtoencode String to encode
|
||||
* @param int $nouseofiframesandbox Allow use of option MAIN_SECURITY_USE_SANDBOX_FOR_HTMLWITHNOJS for html sanitizing
|
||||
* @param string $check 'restricthtmlnolink' or 'restricthtml' or 'restricthtmlallowunvalid'
|
||||
* @param string $check 'restricthtmlnolink' or 'restricthtml' or 'restricthtmlallowunvalid'
|
||||
* @return string HTML sanitized
|
||||
*/
|
||||
function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = 'restricthtml')
|
||||
@@ -7402,9 +7412,12 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
|
||||
$out = preg_replace('/'/i', "'", $out);
|
||||
} while ($oldstringtoclean != $out);
|
||||
|
||||
// Check the limit of external links in a Rich text content. We count '<img' and 'url('
|
||||
// Check the limit of external links that are automatically executed in a Rich text content. We count:
|
||||
// '<img' to avoid <img src="http...">
|
||||
// 'url(' to avoid inline style like background: url(http...
|
||||
// '<link' to avoid <link href="http...">
|
||||
$reg = array();
|
||||
preg_match_all('/(<img|url\()/i', $out, $reg);
|
||||
preg_match_all('/(<img|url\(|<link)/i', $out, $reg);
|
||||
$nbextlink = count($reg[0]);
|
||||
if ($nbextlink > getDolGlobalInt("MAIN_SECURITY_MAX_IMG_IN_HTML_CONTENT", 1000)) {
|
||||
$out = 'TooManyLinksIntoHTMLString';
|
||||
@@ -7430,13 +7443,14 @@ function dol_htmlwithnojs($stringtoencode, $nouseofiframesandbox = 0, $check = '
|
||||
* - MultiCell -> param must not be encoded into HTML.
|
||||
* Because writeHTMLCell convert also \n into <br>, if function
|
||||
* is used to build PDF, nl2brmode must be 1.
|
||||
* When we output string on pages, we use dol_string_onlythesehtmltags(dol_htmlentitiesbr()) for notes, and use dol_escape_htmltag() for simple labels.
|
||||
*
|
||||
* @param string $stringtoencode String to encode
|
||||
* @param int $nl2brmode 0=Adding br before \n, 1=Replacing \n by br (for use with FPDF writeHTMLCell function for example)
|
||||
* @param string $pagecodefrom Pagecode stringtoencode is encoded
|
||||
* @param int $removelasteolbr 1=Remove last br or lasts \n (default), 0=Do nothing
|
||||
* @return string String encoded
|
||||
* @see dolGetFirstLineOfText()
|
||||
* @see dol_escape_htmltag(), dolGetFirstLineOfText()
|
||||
*/
|
||||
function dol_htmlentitiesbr($stringtoencode, $nl2brmode = 0, $pagecodefrom = 'UTF-8', $removelasteolbr = 1)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user