X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=banana%2Fmisc.inc.php;h=d90ba5681661fa99e1a0f6fe44723756e23f59e3;hb=8f6f50fb9b1a940a7a067b889179a2763eea31db;hp=3258ef1b5bf61323af8da9ffa188632d8a0928f0;hpb=d43ebde4a90bf788da0af009fa5361f6c68d000a;p=banana.git diff --git a/banana/misc.inc.php b/banana/misc.inc.php index 3258ef1..d90ba56 100644 --- a/banana/misc.inc.php +++ b/banana/misc.inc.php @@ -20,6 +20,45 @@ function to_entities($str) { function is_utf8($s) { return iconv('utf-8', 'utf-8', $s) == $s; } +function textFormat_translate($format) +{ + switch (strtolower($format)) { + case 'plain': return _b_('Texte brut'); + case 'richtext': return _b_('Texte enrichi'); + case 'html': return _b_('HTML'); + default: return $format; + } +} + +/******************************************************************************** + * HTML STUFF + * Taken from php.net + */ + + /** + * @return string + * @param string + * @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes() + */ +function removeEvilTags($source) +{ + $allowedTags = '
'; + $source = strip_tags($source, $allowedTags); + return preg_replace('/<(.*?)>/ie', "'<'.removeEvilAttributes('\\1').'>'", $source); +} + +/** + * @return string + * @param string + * @desc Strip forbidden attributes from a tag + */ +function removeEvilAttributes($tagSource) +{ + $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'. + 'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup'; + return stripslashes(preg_replace("/$stripAttrib/i", '', $tagSource)); +} + /******************************************************************************** * HEADER STUFF */ @@ -216,12 +255,21 @@ function wrap($text, $_prefix="") return $_prefix.join("\n$_prefix", $result).($_prefix ? '' : $sign); } -function formatbody($_text) { - $res = "\n\n" . to_entities(wrap($_text, ""))."\n\n"; +function formatbody($_text, $format='plain') +{ + if ($format == 'html') { + $res = '
'.removeEvilTags(html_entity_decode(to_entities($_text))).'
'; + } else { + $res = "\n\n" . to_entities(wrap($_text, ""))."\n\n"; + } $res = preg_replace("/(<|>|")/", " \\1 ", $res); $res = preg_replace('/(["\[])?((https?|ftp|news):\/\/[a-z@0-9.~%$£µ&i#\-+=_\/\?]*)(["\]])?/i', "\\1\\2\\4", $res); $res = preg_replace("/ (<|>|") /", "\\1", $res); - + + if ($format == 'html') { + return $res; + } + $parts = preg_split("/\n-- ?\n/", $res); if (count($parts) > 1) {