<?php
/*
* safe_html_filter.php
*
* @(#) $Id: secure_html_filter.php,v 1.5 2010/02/08 00:09:32 mlemos Exp $
*
*/
require('forms.php');
require('form_layout_vertical.php');
require('filecacheclass.php');
require('css_parser.php');
require('dtd_parser.php');
require('markup_parser.php');
require('markup_filter_validator.php');
require('markup_filter_safe_html.php');
$form = new form_class;
$form->NAME = 'filter_form';
$form->METHOD = 'POST';
$form->ACTION = '';
$form->debug = 'trigger_error';
$form->ShowAllErrors = 1;
$form->InvalidCLASS = 'invalid';
$form->AddInput(array(
'TYPE'=>'textarea',
'NAME'=>'data',
'ID'=>'data',
'ROWS'=>10,
'COLS'=>60,
'ValidateAsNotEmpty'=>1,
'ValidationErrorMessage'=>
'It was not specified any HTML to validate.',
'LABEL'=>'<u>D</u>ata',
'ACCESSKEY'=>'D'
));
$form->AddInput(array(
'TYPE'=>'radio',
'NAME'=>'as',
'ID'=>'as_html',
'VALUE'=>'html',
'LABEL'=>'As <u>H</u>TML',
'ACCESSKEY'=>'H',
'CHECKED'=>1
));
$form->AddInput(array(
'TYPE'=>'checkbox',
'NAME'=>'only_body',
'ID'=>'only_body',
'LABEL'=>'Only <u>b</u>ody',
'ACCESSKEY'=>'b'
));
$form->AddInput(array(
'TYPE'=>'radio',
'NAME'=>'as',
'ID'=>'as_css',
'VALUE'=>'css',
'LABEL'=>'As <u>C</u>SS',
'ACCESSKEY'=>'C'
));
$form->AddInput(array(
'TYPE'=>'textarea',
'NAME'=>'filtered',
'ID'=>'filtered',
'ROWS'=>10,
'COLS'=>60,
'LABEL'=>'Filtered',
));
$form->AddInput(array(
'TYPE'=>'submit',
'NAME'=>'filter',
'ID'=>'filter',
'VALUE'=>'Filter',
'ACCESSKEY'=>'F'
));
$error = $warnings = '';
$form->LoadInputValues($form->WasSubmitted('filter'));
$verify=array();
if($form->WasSubmitted('filter'))
{
if(($error_message = $form->Validate($verify)) === '')
{
$filter = new markup_filter_safe_html_class;
$filter->track_lines = 1;
$filter->safe_proprietary_css_properties = array(
'-moz-border-radius'=>array(),
'-moz-border-radius-topleft'=>array(),
'-moz-border-radius-topright'=>array(),
'-moz-border-radius-bottomleft'=>array(),
'-moz-border-radius-bottomright'=>array(),
'-webkit-border-radius'=>array(),
'-webkit-border-top-left-radius'=>array(),
'-webkit-border-top-right-radius'=>array(),
'-webkit-border-bottom-left-radius'=>array(),
'-webkit-border-bottom-right-radius'=>array(),
);
$filter->safe_css_property_functions = array(
'alpha'=>array(),
'counter'=>array(),
'counters'=>array(),
'attr'=>array(),
'rgb'=>array(),
);
$as_html = $form->GetCheckedState('as_html');
if($as_html)
{
$parameters=array(
'Data'=>$form->GetInputValue('data'),
'OnlyBody'=>$form->GetCheckedState('only_body'),
'DTDCachePath'=>'',
);
/*
$start = microtime();
*/
if(($success = $filter->StartParsing($parameters)))
{
$output = '';
do
{
if(!($success = $filter->Parse($end, $elements)))
break;
$te = count($elements);
for($e = 0; $e < $te; ++$e)
{
if(!($success = $filter->RewriteElement($elements[$e], $markup)))
break;
$output .= $markup;
}
}
while(!$end);
if($success)
$success = $filter->FinishParsing();
$done = 1;
}
/*
$end = microtime();
*/
}
else
{
$success = $filter->FilterStylesheet($form->GetInputValue('data'), $output);
$done = 1;
}
if($success)
$form->SetInputValue('filtered', $output);
else
{
$error = $filter->error.' at position '.$filter->error_position;
if($filter->track_lines
&& ($as_html ? $filter->GetPositionLine($filter->error_position, $line, $column) : $filter->GetStylesheetPositionLine($filter->error_position, $line, $column)))
$error .= ' line '.$line.' column '.$column;
}
for($warning = 0, Reset($filter->warnings); $warning < count($filter->warnings); Next($filter->warnings), $warning++)
{
$w = Key($filter->warnings);
$warnings .= $filter->warnings[$w].' at position '.$w;
if($filter->track_lines
&& ($as_html ? $filter->GetPositionLine($w, $line, $column) : $filter->GetStylesheetPositionLine($w, $line, $column)))
$warnings .= ' line '.$line.' column '.$column;
$warnings .= "\n";
}
/*
echo 'Timer: ', doubleval(strtok($end,' ')) + doubleval(strtok('')) - doubleval(strtok($start,' ')) - doubleval(strtok('')), "\n";
*/
}
else
{
$done = 0;
$error_message = HtmlEntities($error_message);
}
}
else
{
$error_message = '';
$done = 0;
}
$form->AddInput(array(
'ID'=>'layout',
'NAME'=>'layout',
'TYPE'=>'custom',
'CustomClass'=>'form_layout_vertical_class',
'Inputs'=>array(
'data',
'as_html',
'only_body',
'as_css',
'error',
'warnings',
'filtered',
'filter',
),
'Data'=>array(
'error'=>'<tr><td>Error:</td><td class="invalid">'.HtmlSpecialChars($error).'</td></tr>',
'warnings'=>'<tr><td>Warnings:</td><td class="invalid">'.nl2br(HtmlSpecialChars($warnings)).'</td></tr>'
),
'Properties'=>array(
'filtered'=>array(
'Visible'=>$done,
),
'error'=>array(
'Visible'=>(strlen($error) && $done),
),
'warnings'=>array(
'Visible'=>(strlen($warnings) && $done),
),
'as_html'=>array(
'SwitchedPosition'=>1,
),
'as_css'=>array(
'SwitchedPosition'=>1,
),
'only_body'=>array(
'SwitchedPosition'=>1,
),
),
'InvalidMark'=>'[Verify]',
));
if(!$done)
{
if(strlen($error_message))
{
Reset($verify);
$focus=Key($verify);
}
else
$focus='data';
$form->ConnectFormToInput($focus, 'ONLOAD', 'Focus', array());
}
$onload=HtmlSpecialChars($form->PageLoad());
?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Test for Secure HTML and CSS parser and filter class</title>
<style type="text/css"><!--
.invalid { border-color: #ff0000; background-color: #ffcccc }
// --></style>
</head>
<body onload="<?php echo $onload; ?>" bgcolor="#cccccc">
<center><h1>Test for Secure HTML and CSS parser and filter class</h1></center>
<div align="center">
<?php
$form->StartLayoutCapture();
$form->AddInputPart('layout');
$form->EndLayoutCapture();
$form->DisplayOutput();
?>
</div>
</body>
</html>
|