mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-10-10 20:12:22 +02:00
8f797be836
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
40 lines
975 B
PHP
Executable File
40 lines
975 B
PHP
Executable File
<?php
|
|
|
|
/**
|
|
* This is in almost every respect equivalent to an array except
|
|
* that it keeps track of which keys were accessed.
|
|
*
|
|
* @warning For the sake of backwards compatibility with early versions
|
|
* of PHP 5, you must not use the $hash[$key] syntax; if you do
|
|
* our version of offsetGet is never called.
|
|
*/
|
|
class HTMLPurifier_StringHash extends ArrayObject
|
|
{
|
|
protected $accessed = array();
|
|
|
|
/**
|
|
* Retrieves a value, and logs the access.
|
|
*/
|
|
public function offsetGet($index) {
|
|
$this->accessed[$index] = true;
|
|
return parent::offsetGet($index);
|
|
}
|
|
|
|
/**
|
|
* Returns a lookup array of all array indexes that have been accessed.
|
|
* @return Array in form array($index => true).
|
|
*/
|
|
public function getAccessed() {
|
|
return $this->accessed;
|
|
}
|
|
|
|
/**
|
|
* Resets the access array.
|
|
*/
|
|
public function resetAccessed() {
|
|
$this->accessed = array();
|
|
}
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|