update lib_filter

straup · Mar 2, 2014 · 0f08997 · 0f08997
1 parent 860ce7c
commit 0f08997
Showing 1 changed file with 31 additions and 10 deletions.
diff --git a/www/include/lib_filter.php b/www/include/lib_filter.php
@@ -17,6 +17,9 @@
 	# Thanks to Dan Bogan for dealing with entity decoding outside attributes
 	#
 
+
+	$filter = new lib_filter();
+
 	class lib_filter {
 
 		var $tag_counts = array();
@@ -67,6 +70,7 @@ class lib_filter {
 
 		var $allowed_protocols = array(
 			'http',
+			'https',
 			'ftp',
 			'mailto',
 		);
@@ -161,11 +165,15 @@ function go($data){
 
 		function escape_comments($data){
 
-			$data = preg_replace("/<!--(.*?)-->/se", "'<!--'.HtmlSpecialChars(\$this->StripSingle('\\1')).'-->'", $data);
+			$data = preg_replace_callback("/<!--(.*?)-->/s", array($this, 'escape_comments_inner'), $data);
 
 			return $data;
 		}
 
+		function escape_comments_inner($m){
+			return '<!--'.HtmlSpecialChars($this->StripSingle($m[1])).'-->';
+		}
+
 
 		#####################################################################################
 
@@ -211,7 +219,7 @@ function balance_html($data){
 
 		function check_tags($data){
 
-			$data = preg_replace("/<(.*?)>/se", "\$this->process_tag(\$this->StripSingle('\\1'))",	$data);
+			$data = preg_replace_callback("/<(.*?)>/s", array($this, 'check_tags_inner'), $data);
 
 			foreach(array_keys($this->tag_counts) as $tag){
 				for($i=0; $i<$this->tag_counts[$tag]; $i++){
@@ -222,6 +230,10 @@ function check_tags($data){
 			return $data;
 		}
 
+		function check_tags_inner($m){
+
+			return $this->process_tag($this->StripSingle($m[1]));
+		}
 
 		#####################################################################################
 
@@ -232,7 +244,7 @@ function process_tag($data){
 				$name = StrToLower($matches[1]);
 				if (in_array($name, array_keys($this->allowed))){
 					if (!in_array($name, $this->no_close)){
-						if ($this->tag_counts[$name]){
+						if (isset($this->tag_counts[$name])){
 							$this->tag_counts[$name]--;
 							return '</'.$name.'>';
 						}
@@ -327,11 +339,16 @@ function process_param_protocol($data){
 
 		function process_remove_blanks($data){
 
-			foreach($this->remove_blanks as $tag){
+			if (count($this->remove_blanks)){
 
-				$data = preg_replace("/<{$tag}(\s[^>]*)?><\\/{$tag}>/", '', $data);
-				$data = preg_replace("/<{$tag}(\s[^>]*)?\\/>/", '', $data);
+				$tags = implode('|', $this->remove_blanks);
+				while (1){
+					$len = strlen($data);
+					$data = preg_replace("/<({$tags})(\s[^>]*)?(><\\/\\1>|\\/>)/", '', $data);
+					if ($len == strlen($data)) break;
+				}
 			}
+
 			return $data;
 		}
 
@@ -439,15 +456,19 @@ function validate_entities($data, $in_attribute){
 			# it).
 			#
 
-			$data = preg_replace(
-				'!&([^&;]*)(?=(;|&|$))!e',
-				"\$this->check_entity(\$this->StripSingle('\\1'), \$this->StripSingle('\\2'))",
+			$data = preg_replace_callback(
+				'!&([^&;]*)(?=(;|&|$))!',
+				array($this, 'validate_entities_inner'),
 				$data
 			);
 
 			return $data;
 		}
 
+		function validate_entities_inner($m){
+			return $this->check_entity($this->StripSingle($m[1]), $this->StripSingle($m[2]));
+		}
+
 
 		#####################################################################################
 
@@ -639,4 +660,4 @@ function StripSingle($data){
 
 	}
 
-?>
+?>