[pLog-svn] r6801 - plog/branches/lifetype-1.2/class/data

Tue Feb 17 16:14:52 EST 2009

Author: jondaley
Date: 2009-02-17 16:14:52 -0500 (Tue, 17 Feb 2009)
New Revision: 6801

Modified:
   plog/branches/lifetype-1.2/class/data/textfilter.class.php
Log:
use inputfilter for filtering javascript.  Eventually, I'll have it filter everything

Modified: plog/branches/lifetype-1.2/class/data/textfilter.class.php
===================================================================

--- plog/branches/lifetype-1.2/class/data/textfilter.class.php	2009-02-17 21:14:24 UTC (rev 6800)
+++ plog/branches/lifetype-1.2/class/data/textfilter.class.php	2009-02-17 21:14:52 UTC (rev 6801)
@@ -47,25 +47,10 @@
 		 */
         function filterJavaScript( $text )
         {
-                // convert text first, to get "hidden" javascript
-            $text = Textfilter::htmlDecode($text);
-            
-                // Strip all of the Javascript in script tags out...
-                $text = preg_replace('/<SCRIPT.*?<\/SCRIPT>/ims',"",$text);
-
-				/** copied from the original function **/
-                /* The following matches any on* events, followed by any amount of space, a
-                 *' or " some script and then the matching ' or " (the \\2 matches the
-                 *single or double quote).  Note that this regex is
-                 * in single quotes to alleviate the problem of double quoting special
-                 * chars, otherwise the backreferenced 2 would be \\\\2
-                 * -- which is just silly...
-				 */
-                $text = preg_replace('/on(abort|blur|change|click|dblclick|dragstart|error|focus|keydown|keypress|keyup|load|mousedown|mousemove|mouseout|mouseover|mouseup|reset|resize|scroll|selectstart|select|submit|unload)\s*=\s*(\'|").*?\\2/smi',"",$text);
-                
-                $text = preg_replace('/(\'|")Javascript:.*?\\1/smi','',$text);
-
-                return $text;
+            lt_include( PLOG_CLASS_PATH."class/data/class.inputfilter.php" );		      
+            $if = new InputFilter(Array(), Array(), 1, 1);
+            $text = $if->process($text);
+            return $text;
         }
 
 		/**
@@ -500,17 +485,12 @@
             lt_include( PLOG_CLASS_PATH."class/config/config.class.php" );
             $config =& Config::getConfig();
             if( $config->getValue( "xhtml_converter_enabled" )) {
-               	lt_include( PLOG_CLASS_PATH."class/data/kses.class.php" );		      
+                lt_include( PLOG_CLASS_PATH."class/data/kses.class.php" );
                 $kses = new kses( true, $config->getValue( "xhtml_converter_aggresive_mode_enabled"));
-                $result = $kses->Parse( $string );
-                
-                    // if balanceTags wasn't broken, we could use it...
-                    //$result = Textfilter::balanceTags( $result );		          
+                $string = $kses->Parse( $string );
             }
-            else
-                $result = $string;
             
-            return $result;
+            return $string;
 		}
 
 

