mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-31 03:40:37 +02:00
Code Issues Releases Wiki Activity

Fixes #895 - encoding issue on prefs.

Browse Source
This commit is contained in:
Cameron
2015-04-11 11:47:40 -07:00
parent 5fe04faba1
commit 33e7c4a1b2
1 changed files with 64 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
e107_handlers/e_parse_class.php
View File

@@ -520,10 +520,10 @@ class e_parse extends e_parser
{ {
$data = $this->cleanHtml($data); // sanitize all html. $data = $this->cleanHtml($data); // sanitize all html.
// return $data; return $data;
$data = urldecode($data); // symptom of cleaning the HTML - urlencodes src attributes containing { and } .eg. {e_BASE} $data = urldecode($data); // symptom of cleaning the HTML - urlencodes src attributes containing { and } .eg. {e_BASE}
} }
if (!check_class($core_pref->get('post_html', e_UC_MAINADMIN))) if (!check_class($core_pref->get('post_html', e_UC_MAINADMIN)))
{ {
$data = strip_tags($data); // remove tags from cleaned html. $data = strip_tags($data); // remove tags from cleaned html.
@@ -533,6 +533,8 @@ class e_parse extends e_parser
// $data = html_entity_decode($data, ENT_QUOTES, 'utf-8'); // Prevent double-entities. Fix for [code] - see bb_code.php toDB(); // $data = html_entity_decode($data, ENT_QUOTES, 'utf-8'); // Prevent double-entities. Fix for [code] - see bb_code.php toDB();
} }
if (check_class($core_pref->get('post_html'))) /*$core_pref->is('post_html') && */ if (check_class($core_pref->get('post_html'))) /*$core_pref->is('post_html') && */
{ {
$no_encode = TRUE; $no_encode = TRUE;
@@ -750,13 +752,15 @@ class e_parse extends e_parser
if(substr($text,0,6) == '[html]') if(substr($text,0,6) == '[html]')
{ {
// $text = $this->toHtml($text,true); // $text = $this->toHtml($text,true);
$search = array('"',''','&'); $search = array('"',''','\', '&',); // '&' must be last.
$replace = array('"',"'",'&'); $replace = array('"',"'","\\", '&');
// return htmlspecialchars_decode($text);
$text = str_replace($search,$replace,$text); $text = str_replace($search,$replace,$text);
// return $text; // return $text;
//$text = htmlentities($text,ENT_NOQUOTES, "UTF-8"); //$text = htmlentities($text,ENT_NOQUOTES, "UTF-8");
return $text; // return $text;
} }
// return htmlentities($text); // return htmlentities($text);
@@ -3244,19 +3248,15 @@ class e_parser
/** /**
* Perform and render XSS Test Comparison * Perform and render XSS Test Comparison
*/ */
public function test() public function test($text='',$advanced = false)
{ {
// $tp = e107::getParser(); // $tp = e107::getParser();
$sql = e107::getDb(); $sql = e107::getDb();
$tp = e107::getParser(); $tp = e107::getParser();
// -------------------- Encoding ---------------- if(empty($text))
{
echo "<h2>Encoding Test</h2>"; $text = <<<TMPL
echo"<h3>User Input from Form</h3>";
$text = <<<TMPL
[html]<p><strong>bold print</strong></p> [html]<p><strong>bold print</strong></p>
<pre class="prettyprint linenums">&lt;a href='#'&gt;Something&lt;/a&gt;</pre> <pre class="prettyprint linenums">&lt;a href='#'&gt;Something&lt;/a&gt;</pre>
<p>Some text's and things.</p> <p>Some text's and things.</p>
@@ -3266,41 +3266,73 @@ class e_parser
<p>&nbsp;</p> <p>&nbsp;</p>
[/html] [/html]
TMPL; TMPL;
}
// $text .= '[code=inline]<b class="something">Something</b>[/code]日本語 ';
// -------------------- Encoding ----------------
// $text .= '[code=inline]<b class="something">Something</b>[/code]日本語 '; echo "<h2>e107 Parser Test</h2>";
echo"<h3>User-input <small>(eg. from \$_POST)</small></h3>";
print_a($text); print_a($text);
$dbText = $tp->toDB($text,true); $dbText = $tp->toDB($text,true);
echo "<h3>Use Input &gg; toDb()</h3>"; echo "<h3>User-input &gg; toDB()</h3>";
print_a($dbText); print_a($dbText);
echo "<h3>From DB &gg; toHtml()</h3>"; echo "<h3>toDB() &gg; toHtml()</h3>";
$html = $tp->toHtml($dbText,true); $html = $tp->toHtml($dbText,true);
print_a($html); print_a($html);
echo "<h3>From DB &gg; toHtml() (rendered)</h3>"; echo "<h3>toDB &gg; toHtml() <small>(rendered)</small></h3>";
echo $html; echo $html;
echo "<h3>FromDB &gg; toForm()</h3>"; echo "<h3>toDB &gg; toForm()</h3>";
$toForm = $tp->toForm($dbText); $toForm = $tp->toForm($dbText);
echo e107::getForm()->open('test'); $toFormRender = e107::getForm()->open('test');
echo "<textarea cols='100' style='width:100%;height:300px' >".$toForm."</textarea>"; $toFormRender .= "<textarea cols='100' style='width:100%;height:300px' >".$toForm."</textarea>";
echo e107::getForm()->close(); $toFormRender .= e107::getForm()->close();
echo $toFormRender;
if(!empty($advanced))
{
echo "<h3>Converted Paths</h3>";
print_a($this->pathList);
echo "<h3>Removed Tags and Attributes</h3>";
print_a($this->removedList);
echo "<h3>Nodes to Convert</h3>";
print_a($this->nodesToConvert);
}
similar_text($text, html_entity_decode( $toForm, ENT_COMPAT, 'UTF-8'),$perc); similar_text($text, html_entity_decode( $toForm, ENT_COMPAT, 'UTF-8'),$perc);
echo "<h3>Original to compare with above (".number_format($perc)."%) - Should be over 95%</h3>"; $scoreStyle = ($perc > 98) ? 'label-success' : 'label-danger';
echo "<h3><span class='label ".$scoreStyle."'>Score: ".number_format($perc)."%</span></h3>";
echo "<table class='table table-bordered'>
<tr>
<th style='width:50%'>User-input</th>
<th style='width:50%'>toForm() output</th>
</tr>
<tr>
<td>".print_a($text,true)."</td>
<td>". $toFormRender."</td>
</tr>
</table>";
/* <tr>
<td>".print_a(json_encode($text),true)."</td>
<td>". print_a(json_encode(html_entity_decode( $toForm, ENT_COMPAT, 'UTF-8')),true)."</td>
</tr>*/
print_a($text); // print_a($text);
return; return;
@@ -3370,11 +3402,11 @@ return;
if(empty($html)){ return ''; } if(empty($html)){ return ''; }
$html = mb_convert_encoding($html, 'UTF-8'); $html = mb_convert_encoding($html, 'UTF-8');
// $html = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8'); // $html = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8');
$html = str_replace ('&nbsp;', '@nbsp;', $html); // prevent replacement of &nbsp; with spaces.
if(preg_match("/<body/i",$html)!==true) // HTML Fragment if(preg_match("/<body/i",$html)!==true) // HTML Fragment
{ {
@@ -3425,7 +3457,7 @@ return;
$path = $node->getNodePath(); $path = $node->getNodePath();
// echo "<br />Path = ".$path; // echo "<br />Path = ".$path;
// $tag = strval(basename($path)); // $tag = strval(basename($path));
$tag = preg_replace('/([a-z0-9\[\]\/]*)?\/([\w]*)(\[(\d)*\])?$/i', "$2", $path); $tag = preg_replace('/([a-z0-9\[\]\/]*)?\/([\w]*)(\[(\d)*\])?$/i', "$2", $path);
if(!in_array($tag, $this->allowedTags)) if(!in_array($tag, $this->allowedTags))
@@ -3521,8 +3553,12 @@ return;
$cleaned = $doc->saveHTML($doc->documentElement); // $doc->documentElement fixes utf-8/entities issue. @see http://stackoverflow.com/questions/8218230/php-domdocument-loadhtml-not-encoding-utf-8-correctly $cleaned = $doc->saveHTML($doc->documentElement); // $doc->documentElement fixes utf-8/entities issue. @see http://stackoverflow.com/questions/8218230/php-domdocument-loadhtml-not-encoding-utf-8-correctly
$cleaned = str_replace ('@nbsp;', '&nbsp;', $cleaned); // prevent replacement of &nbsp; with spaces. - convert back.
$cleaned = str_replace(array('<body>','</body>','<html>','</html>','<!DOCTYPE html>','<meta charset="UTF-8">','<?xml version="1.0" encoding="utf-8"?>'),'',$cleaned); // filter out tags. $cleaned = str_replace(array('<body>','</body>','<html>','</html>','<!DOCTYPE html>','<meta charset="UTF-8">','<?xml version="1.0" encoding="utf-8"?>'),'',$cleaned); // filter out tags.
// $cleaned = html_entity_decode($cleaned, ENT_QUOTES, 'UTF-8'); // $cleaned = html_entity_decode($cleaned, ENT_QUOTES, 'UTF-8');
return trim($cleaned); return trim($cleaned);