mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-13 13:42:59 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
49 lines
1.2 KiB
PHP
Executable File
49 lines
1.2 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Validates an integer representation of pixels according to the HTML spec.
|
|
*/
|
|
class HTMLPurifier_AttrDef_HTML_Pixels extends HTMLPurifier_AttrDef
|
|
{
|
|
|
|
protected $max;
|
|
|
|
public function __construct($max = null) {
|
|
$this->max = $max;
|
|
}
|
|
|
|
public function validate($string, $config, $context) {
|
|
|
|
$string = trim($string);
|
|
if ($string === '0') return $string;
|
|
if ($string === '') return false;
|
|
$length = strlen($string);
|
|
if (substr($string, $length - 2) == 'px') {
|
|
$string = substr($string, 0, $length - 2);
|
|
}
|
|
if (!is_numeric($string)) return false;
|
|
$int = (int) $string;
|
|
|
|
if ($int < 0) return '0';
|
|
|
|
// upper-bound value, extremely high values can
|
|
// crash operating systems, see <http://ha.ckers.org/imagecrash.html>
|
|
// WARNING, above link WILL crash you if you're using Windows
|
|
|
|
if ($this->max !== null && $int > $this->max) return (string) $this->max;
|
|
|
|
return (string) $int;
|
|
|
|
}
|
|
|
|
public function make($string) {
|
|
if ($string === '') $max = null;
|
|
else $max = (int) $string;
|
|
$class = get_class($this);
|
|
return new $class($max);
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|