User filter fixes

2025-08-18 12:21:45 +02:00 · 2011-11-29 23:37:44 +00:00
parent 5945062962
commit 076f03b696
4 changed files with 85 additions and 14 deletions
--- a/e107_handlers/e_parse_class.php
+++ b/e107_handlers/e_parse_class.php
@@ -564,12 +564,14 @@ class e_parse
 	 *	Checks a string for potentially dangerous HTML tags, including malformed tags
 	 *
 	 */
-	public function dataFilter($data)
+	public function dataFilter($data,$mode='bbcode')
 	{
 		$ans = '';
-		$vetWords = array('<applet', '<body', '<embed', '<frame', '<script', '<frameset', '<html', '<iframe',
-					'<style', '<layer', '<link', '<ilayer', '<meta', '<object', '<plaintext', 'javascript:', 'vbscript:');
-
+		$vetWords = array('<applet', '<body', '<embed', '<frame', '<script','%3Cscript',
+						 '<frameset', '<html', '<iframe', '<style', '<layer', '<link',
+						 '<ilayer', '<meta', '<object', '<plaintext', 'javascript:',
+						 'vbscript:','data:text/html');
+		
 		$ret = preg_split('#(\[code.*?\[/code.*?])#mis', $data, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE );

 		foreach ($ret as $s)
@@ -605,6 +607,12 @@ class e_parse
 			$s = preg_replace_callback('#base64([,\(])(.+?)([\)\'\"])#mis', array($this, 'proc64'), $s);
 			$ans .= $s;
 		}
+		
+		if($mode == 'link' && count($vl))
+		{
+			return "#sanitized";
+		}
+		
 		return $ans;
 	}