mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-13 05:32:46 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
45 lines
1.3 KiB
PHP
Executable File
45 lines
1.3 KiB
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* Object that provides entity lookup table from entity name to character
|
|
*/
|
|
class HTMLPurifier_EntityLookup {
|
|
|
|
/**
|
|
* Assoc array of entity name to character represented.
|
|
*/
|
|
public $table;
|
|
|
|
/**
|
|
* Sets up the entity lookup table from the serialized file contents.
|
|
* @note The serialized contents are versioned, but were generated
|
|
* using the maintenance script generate_entity_file.php
|
|
* @warning This is not in constructor to help enforce the Singleton
|
|
*/
|
|
public function setup($file = false) {
|
|
if (!$file) {
|
|
$file = HTMLPURIFIER_PREFIX . '/HTMLPurifier/EntityLookup/entities.ser';
|
|
}
|
|
$this->table = unserialize(file_get_contents($file));
|
|
}
|
|
|
|
/**
|
|
* Retrieves sole instance of the object.
|
|
* @param Optional prototype of custom lookup table to overload with.
|
|
*/
|
|
public static function instance($prototype = false) {
|
|
// no references, since PHP doesn't copy unless modified
|
|
static $instance = null;
|
|
if ($prototype) {
|
|
$instance = $prototype;
|
|
} elseif (!$instance) {
|
|
$instance = new HTMLPurifier_EntityLookup();
|
|
$instance->setup();
|
|
}
|
|
return $instance;
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|