Skip to content

Commit

Permalink
Implemented GLText::stripTags method to preven PHP's strip_tags from …
Browse files Browse the repository at this point in the history 
…causing an error when the argument is an array (bug #529).
  • Loading branch information
@mystralkk
mystralkk committed Jan 2, 2017
1 parent c26c12c commit 7f0b1ac
Show file tree
Hide file tree
Showing 38 changed files with 137 additions and 123 deletions.
16 changes: 8 additions & 8 deletions plugins/calendar/functions.inc
View file
Expand Up @@ -413,7 +413,7 @@ function plugin_savesubmission_calendar($A)

$retval = '';

$A['title'] = strip_tags(COM_checkWords($A['title']));
$A['title'] = GLText::stripTags(COM_checkWords($A['title']));
$A['title'] = GLText::remove4byteUtf8Chars($A['title']);
$A['start_year'] = COM_applyFilter($A['start_year'], true);
$A['start_month'] = COM_applyFilter($A['start_month'], true);
Expand Down Expand Up @@ -502,13 +502,13 @@ function plugin_savesubmission_calendar($A)
// Remove any autotags the user doesn't have permission to use
$A['description'] = PLG_replaceTags($A['description'], '', true);
$A['description'] = DB_escapeString(htmlspecialchars(GLText::remove4byteUtf8Chars(COM_checkWords($A['description']))));
$A['address1'] = DB_escapeString(GLText::remove4byteUtf8Chars(strip_tags(COM_checkWords($A['address1']))));
$A['address2'] = DB_escapeString(GLText::remove4byteUtf8Chars(strip_tags(COM_checkWords($A['address2']))));
$A['city'] = DB_escapeString(GLText::remove4byteUtf8Chars(strip_tags(COM_checkWords($A['city']))));
$A['zipcode'] = DB_escapeString(GLText::remove4byteUtf8Chars(strip_tags(COM_checkWords($A['zipcode']))));
$A['state'] = DB_escapeString(GLText::remove4byteUtf8Chars(strip_tags(COM_checkWords($A['state']))));
$A['location'] = DB_escapeString(GLText::remove4byteUtf8Chars(strip_tags(COM_checkWords($A['location']))));
$A['event_type'] = DB_escapeString(GLText::remove4byteUtf8Chars(strip_tags(COM_checkWords($A['event_type']))));
$A['address1'] = DB_escapeString(GLText::remove4byteUtf8Chars(GLText::stripTags(COM_checkWords($A['address1']))));
$A['address2'] = DB_escapeString(GLText::remove4byteUtf8Chars(GLText::stripTags(COM_checkWords($A['address2']))));
$A['city'] = DB_escapeString(GLText::remove4byteUtf8Chars(GLText::stripTags(COM_checkWords($A['city']))));
$A['zipcode'] = DB_escapeString(GLText::remove4byteUtf8Chars(GLText::stripTags(COM_checkWords($A['zipcode']))));
$A['state'] = DB_escapeString(GLText::remove4byteUtf8Chars(GLText::stripTags(COM_checkWords($A['state']))));
$A['location'] = DB_escapeString(GLText::remove4byteUtf8Chars(GLText::stripTags(COM_checkWords($A['location']))));
$A['event_type'] = DB_escapeString(GLText::remove4byteUtf8Chars(GLText::stripTags(COM_checkWords($A['event_type']))));
$A['title'] = DB_escapeString(GLText::remove4byteUtf8Chars($A['title']));

$A['url'] = DB_escapeString(COM_sanitizeUrl($A['url']));
Expand Down
4 changes: 2 additions & 2 deletions plugins/links/functions.inc
View file
Expand Up @@ -1085,7 +1085,7 @@ function plugin_save_submit_links($A)
return $retval;
}

$A['cid'] = strip_tags(COM_stripslashes($A['categorydd']));
$A['cid'] = GLText::stripTags(COM_stripslashes($A['categorydd']));

$validcat = false;
if (!empty($A['cid'])) {
Expand All @@ -1108,7 +1108,7 @@ function plugin_save_submit_links($A)
// Remove any autotags the user doesn't have permission to use
$A['description'] = PLG_replaceTags($A['description'], '', true);
$A['description'] = DB_escapeString(htmlspecialchars(COM_checkWords($A['description'])));
$A['title'] = DB_escapeString(strip_tags(COM_checkWords($A['title'])));
$A['title'] = DB_escapeString(GLText::stripTags(COM_checkWords($A['title'])));
$A['url'] = DB_escapeString(COM_sanitizeUrl($A['url']));
$A['lid'] = DB_escapeString(COM_makeSid());

Expand Down
2 changes: 1 addition & 1 deletion plugins/spamx/SLVbase.class.php
View file
Expand Up @@ -190,7 +190,7 @@ public function prepareLinks($comment)
$links = $this->getLinks($comment);

// strip all HTML, then get all the plain text links
$comment = COM_makeClickableLinks(strip_tags($comment));
$comment = COM_makeClickableLinks(GLText::stripTags($comment));
$links += $this->getLinks($comment);

if (count($links) > 0) {
Expand Down
2 changes: 1 addition & 1 deletion plugins/spamx/SNLbase.class.php
View file
Expand Up @@ -126,7 +126,7 @@ public function prepareLinks($comment)
$links = $this->getLinks($comment);

// strip all HTML, then get all the plain text links
$comment = COM_makeClickableLinks(strip_tags($comment));
$comment = COM_makeClickableLinks(GLText::stripTags($comment));
$links += $this->getLinks($comment);

return $links;
Expand Down
10 changes: 5 additions & 5 deletions plugins/staticpages/services.inc.php
View file
Expand Up @@ -395,16 +395,16 @@ function service_submit_staticpages($args, &$output, &$svc_msg)
}
$sp_content = GLText::remove4byteUtf8Chars($sp_content);

$sp_title = strip_tags($sp_title);
$sp_title = GLText::stripTags($sp_title);
$sp_title = GLText::remove4byteUtf8Chars($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_page_title = GLText::stripTags($sp_page_title);
$sp_page_title = GLText::remove4byteUtf8Chars($sp_page_title);
$sp_label = strip_tags($sp_label);
$sp_label = GLText::stripTags($sp_label);
$sp_label = GLText::remove4byteUtf8Chars($sp_label);

$meta_description = strip_tags($meta_description);
$meta_description = GLText::stripTags($meta_description);
$meta_description = GLText::remove4byteUtf8Chars($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$meta_keywords = GLText::stripTags($meta_keywords);
$meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
$sp_help = GLText::remove4byteUtf8Chars($sp_help);

Expand Down
4 changes: 2 additions & 2 deletions public_html/admin/block.php
View file
Expand Up @@ -188,7 +188,7 @@ function overridePostdata(&$A)
$A['name'] = COM_sanitizeID(Geeklog\Input::post('name'));
}
if (isset($_POST['title'])) {
$A['title'] = strip_tags(Geeklog\Input::post('title'));
$A['title'] = GLText::stripTags(Geeklog\Input::post('title'));
}
if (isset($_POST['help'])) {
$A['help'] = COM_sanitizeUrl(Geeklog\Input::post('help'), array('http', 'https'));
Expand Down Expand Up @@ -684,7 +684,7 @@ function saveblock($bid, $name, $title, $help, $type, $blockOrder, $device, $con

$retval = '';

$title = DB_escapeString(COM_stripslashes(strip_tags($title)));
$title = DB_escapeString(COM_stripslashes(GLText::stripTags($title)));
$phpBlockFn = DB_escapeString(COM_stripslashes(trim($phpBlockFn)));
if (empty($title) || !TOPIC_checkTopicSelectionControl()) {
$retval .= COM_showMessageText($LANG21[64], $LANG21[63])
Expand Down
2 changes: 1 addition & 1 deletion public_html/admin/comment.php
View file
Expand Up @@ -152,7 +152,7 @@ function ADMIN_getListField_comments($fieldName, $fieldValue, $A, $iconArray, $s
break;

case 'comment':
$fieldValue = COM_truncate(strip_tags($fieldValue), COMMENT_MAX_LENGTH, '...');
$fieldValue = COM_truncate(GLText::stripTags($fieldValue), COMMENT_MAX_LENGTH, '...');
break;

case 'uid':
Expand Down
2 changes: 1 addition & 1 deletion public_html/admin/configuration.php
View file
Expand Up @@ -479,7 +479,7 @@ function custom_validation_noTags($rule, $ruleParams)
foreach ($ruleParams[0] as $paramName => $paramValue) {
break;
}
if ($ruleParams[0][$paramName] == strip_tags($ruleParams[0][$paramName])) {
if ($ruleParams[0][$paramName] == GLText::stripTags($ruleParams[0][$paramName])) {
$ret = true;
}
}
Expand Down
8 changes: 4 additions & 4 deletions public_html/admin/mail.php
View file
Expand Up @@ -117,7 +117,7 @@ function display_mailform($vars = array())
} else {
$from = $_CONF['site_name'];
}
$from = strip_tags($from);
$from = GLText::stripTags($from);
$from = substr($from, 0, strcspn($from, "\r\n"));
$from = htmlspecialchars(trim($from), ENT_QUOTES);
$mail_templates->set_var('site_name', $from);
Expand All @@ -128,7 +128,7 @@ function display_mailform($vars = array())
} else {
$fromEmail = $_CONF['site_mail'];
}
$fromEmail = strip_tags($fromEmail);
$fromEmail = GLText::stripTags($fromEmail);
$fromEmail = substr($fromEmail, 0, strcspn($fromEmail, "\r\n"));
$fromEmail = htmlspecialchars(trim($fromEmail), ENT_QUOTES);
$mail_templates->set_var('site_mail', $fromEmail);
Expand Down Expand Up @@ -229,7 +229,7 @@ function send_messages(array $vars)

$from = array($vars['fraepost'] => $vars['fra']);
$subject = COM_stripslashes($vars['subject']);
$subject = strip_tags($subject);
$subject = GLText::stripTags($subject);
$message = COM_stripslashes($vars['message']);

if ($html) {
Expand All @@ -245,7 +245,7 @@ function send_messages(array $vars)
$message = '<html>' . PHP_EOL . $message . '</html>' . PHP_EOL;
}
} else {
$message = strip_tags($message);
$message = GLText::stripTags($message);
}

// Loop through and send the messages!
Expand Down
14 changes: 7 additions & 7 deletions public_html/admin/plugins/calendar/index.php
View file
Expand Up @@ -493,15 +493,15 @@ function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday,
$description = htmlspecialchars(COM_checkWords($description));
}
$description = DB_escapeString($description);
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$title = DB_escapeString(GLText::stripTags(COM_checkWords($title)));
$location = DB_escapeString(COM_checkHTML(COM_checkWords($location),
'calendar.edit'));
$address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
$address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
$city = DB_escapeString(strip_tags(COM_checkWords($city)));
$zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode)));
$event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
$url = DB_escapeString(strip_tags($url));
$address1 = DB_escapeString(GLText::stripTags(COM_checkWords($address1)));
$address2 = DB_escapeString(GLText::stripTags(COM_checkWords($address2)));
$city = DB_escapeString(GLText::stripTags(COM_checkWords($city)));
$zipcode = DB_escapeString(GLText::stripTags(COM_checkWords($zipcode)));
$event_type = DB_escapeString(GLText::stripTags(COM_checkWords($event_type)));
$url = DB_escapeString(GLText::stripTags($url));

if ($allday == 0) {
// Add 12 to make time on 24 hour clock if needed
Expand Down
12 changes: 6 additions & 6 deletions public_html/admin/plugins/links/category.php
View file
Expand Up @@ -353,9 +353,9 @@ function links_save_category($cid, $old_cid, $pid, $category, $description, $tid
$category = COM_checkHTML(COM_checkWords($category), 'links.edit');
$category = GLText::remove4byteUtf8Chars($category);
$category = DB_escapeString($category);
$pid = DB_escapeString(strip_tags($pid));
$cid = DB_escapeString(strip_tags($cid));
$old_cid = DB_escapeString(strip_tags($old_cid));
$pid = DB_escapeString(GLText::stripTags($pid));
$cid = DB_escapeString(GLText::stripTags($cid));
$old_cid = DB_escapeString(GLText::stripTags($old_cid));

if (empty($category) || empty($description)) {
return 7;
Expand Down Expand Up @@ -536,7 +536,7 @@ function links_delete_category($cid)
if ((($mode == $LANG_ADMIN['delete']) && !empty($LANG_ADMIN['delete'])) || ($mode == "delete")) {
$cid = Geeklog\Input::request('cid', '');
if (!empty($cid)) {
$cid = strip_tags($cid);
$cid = GLText::stripTags($cid);
}
if (empty($cid)) {
COM_errorLog('Attempted to delete empty category');
Expand Down Expand Up @@ -574,8 +574,8 @@ function links_delete_category($cid)

// edit category
} elseif ($mode === 'edit') {
$pid = strip_tags(Geeklog\Input::get('pid', ''));
$cid = strip_tags(Geeklog\Input::get('cid', ''));
$pid = GLText::stripTags(Geeklog\Input::get('pid', ''));
$cid = GLText::stripTags(Geeklog\Input::get('cid', ''));
$display .= links_edit_category($cid, $pid);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[56]));

Expand Down
2 changes: 1 addition & 1 deletion public_html/admin/plugins/links/index.php
View file
Expand Up @@ -247,7 +247,7 @@ function savelink($lid, $old_lid, $cid, $categoryDd, $url, $description, $title,
$description = COM_checkHTML(COM_checkWords($description), 'links.edit');
$description = GLText::remove4byteUtf8Chars($description);
$description = DB_escapeString($description);
$title = strip_tags(COM_checkWords($title));
$title = GLText::stripTags(COM_checkWords($title));
$title = GLText::remove4byteUtf8Chars($title);
$title = DB_escapeString($title);
$cid = GLText::remove4byteUtf8Chars($cid);
Expand Down
6 changes: 3 additions & 3 deletions public_html/admin/plugins/polls/index.php
View file
Expand Up @@ -165,9 +165,9 @@ function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $met

$topic = COM_stripslashes($topic);
$topic = COM_checkHTML($topic);
$topic_description = strip_tags(COM_stripslashes($topic_description));
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$topic_description = GLText::stripTags(COM_stripslashes($topic_description));
$meta_description = GLText::stripTags(COM_stripslashes($meta_description));
$meta_keywords = GLText::stripTags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
Expand Down
8 changes: 4 additions & 4 deletions public_html/admin/plugins/staticpages/index.php
View file
Expand Up @@ -684,16 +684,16 @@ function staticpageeditor($sp_id, $mode = '', $editor = '')

if (isset($A)) {
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
$A['sp_title'] = GLText::stripTags($A['sp_title']);
}
if (isset($A['sp_page_title'])) {
$A['sp_page_title'] = strip_tags($A['sp_page_title']);
$A['sp_page_title'] = GLText::stripTags($A['sp_page_title']);
}
if (isset($A['meta_description'])) {
$A['meta_description'] = strip_tags($A['meta_description']);
$A['meta_description'] = GLText::stripTags($A['meta_description']);
}
if (isset($A['meta_keywords'])) {
$A['meta_keywords'] = strip_tags($A['meta_keywords']);
$A['meta_keywords'] = GLText::stripTags($A['meta_keywords']);
}

$A['editor'] = $editor;
Expand Down
6 changes: 3 additions & 3 deletions public_html/admin/topic.php
View file
Expand Up @@ -464,11 +464,11 @@ function savetopic(
$imageUrl = '';
}

$topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
$topic = GLText::remove4byteUtf8Chars(GLText::stripTags($topic));
$topic = DB_escapeString($topic);
$meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
$meta_description = GLText::remove4byteUtf8Chars(GLText::stripTags($meta_description));
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
$meta_keywords = GLText::remove4byteUtf8Chars(GLText::stripTags($meta_keywords));
$meta_keywords = DB_escapeString($meta_keywords);

if ($is_default == 'on') {
Expand Down
12 changes: 6 additions & 6 deletions public_html/admin/trackback.php
View file
Expand Up @@ -651,9 +651,9 @@ function saveService($pid, $name, $site_url, $ping_url, $method, $enabled)
$method = 'weblogUpdates.ping';
}

$name = strip_tags(COM_stripslashes($name));
$site_url = strip_tags(COM_stripslashes($site_url));
$ping_url = strip_tags(COM_stripslashes($ping_url));
$name = GLText::stripTags(COM_stripslashes($name));
$site_url = GLText::stripTags(COM_stripslashes($site_url));
$ping_url = GLText::stripTags(COM_stripslashes($ping_url));

$errormsg = '';
if (empty($name)) {
Expand Down Expand Up @@ -894,7 +894,7 @@ function getHelpUrl()
$id = Geeklog\Input::fRequest('id');
if (!empty($id)) {
list($url, $title, $excerpt) = PLG_getItemInfo($type, $id, 'url,title,excerpt');
$excerpt = trim(strip_tags($excerpt));
$excerpt = trim(GLText::stripTags($excerpt));
$blog = TRB_filterBlogname($_CONF['site_name']);

$display .= trackback_editor($target, $url, $title, $excerpt, $blog);
Expand Down Expand Up @@ -1048,7 +1048,7 @@ function getHelpUrl()
$trackbackUrl = TRB_detectTrackbackUrl($url);

list($url, $title, $excerpt) = PLG_getItemInfo($type, $id, 'url,title,excerpt');
$excerpt = trim(strip_tags($excerpt));
$excerpt = trim(GLText::stripTags($excerpt));
$blog = TRB_filterBlogname($_CONF['site_name']);

if ($trackbackUrl === false) {
Expand All @@ -1070,7 +1070,7 @@ function getHelpUrl()
$type = Geeklog\Input::fRequest('type', '');
if (!empty($id) && !empty($type)) {
list($newurl, $newtitle, $newexcerpt) = PLG_getItemInfo($type, $id, 'url,title,excerpt');
$newexcerpt = trim(strip_tags($newexcerpt));
$newexcerpt = trim(GLText::stripTags($newexcerpt));

if (empty($url) && !empty($newurl)) {
$url = $newurl;
Expand Down
10 changes: 5 additions & 5 deletions public_html/admin/user.php
View file
Expand Up @@ -126,16 +126,16 @@ function edituser($uid = '', $msg = '')

// POST data can override, in case there was an error while editing a user
if (isset($_POST['username'])) {
$A['username'] = strip_tags($_POST['username']);
$A['username'] = GLText::stripTags($_POST['username']);
}
if (isset($_POST['fullname'])) {
$A['fullname'] = strip_tags($_POST['fullname']);
$A['fullname'] = GLText::stripTags($_POST['fullname']);
}
if (isset($_POST['email'])) {
$A['email'] = strip_tags($_POST['email']);
$A['email'] = GLText::stripTags($_POST['email']);
}
if (isset($_POST['homepage'])) {
$A['homepage'] = strip_tags($_POST['homepage']);
$A['homepage'] = GLText::stripTags($_POST['homepage']);
}
if (isset($_POST['userstatus'])) {
$A['status'] = COM_applyFilter($_POST['userstatus'], true);
Expand Down Expand Up @@ -1102,7 +1102,7 @@ function importusers()

list ($full_name, $u_name, $email) = explode("\t", $line);

$full_name = strip_tags($full_name);
$full_name = GLText::stripTags($full_name);
$u_name = COM_applyFilter($u_name);
$email = COM_applyFilter($email);

Expand Down

0 comments on commit 7f0b1ac

Please sign in to comment.