本文整理汇总了PHP中kses函数的典型用法代码示例。如果您正苦于以下问题:PHP kses函数的具体用法?PHP kses怎么用?PHP kses使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了kses函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的PHP代码示例。
示例1: comment_save
function comment_save(&$page)
{
// check if we need to save a comment
if (!isset($_POST['comment'])) {
return;
}
global $__FROG_CONN__;
if ($page->comment_status != Comment::OPEN) {
return;
}
$data = $_POST['comment'];
if (is_null($data)) {
return;
}
if (!isset($data['author_name']) or trim($data['author_name']) == '') {
return;
}
if (!isset($data['author_email']) or trim($data['author_email']) == '') {
return;
}
if (!isset($data['body']) or trim($data['body']) == '') {
return;
}
use_helper('Kses');
$allowed_tags = array('a' => array('href' => array(), 'title' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array());
// get the setting for comments moderations
//$sql = 'SELECT value FROM '.TABLE_PREFIX.'setting WHERE name=\'auto_approve_comment\'';
//$stmt = $__FROG_CONN__->prepare($sql);
//$stmt->execute();
//$auto_approve_comment = (int) $stmt->fetchColumn();
$auto_approve_comment = 1;
$sql = 'INSERT INTO ' . TABLE_PREFIX . 'comment (page_id, author_name, author_email, author_link, body, is_approved, created_on) VALUES (' . '\'' . $page->id . '\', ' . $__FROG_CONN__->quote(strip_tags($data['author_name'])) . ', ' . $__FROG_CONN__->quote(strip_tags($data['author_email'])) . ', ' . $__FROG_CONN__->quote(strip_tags($data['author_link'])) . ', ' . $__FROG_CONN__->quote(kses($data['body'], $allowed_tags)) . ', ' . $__FROG_CONN__->quote($auto_approve_comment) . ', ' . $__FROG_CONN__->quote(date('Y-m-d H:i:s')) . ')';
$__FROG_CONN__->exec($sql);
Observer::notify('comment_after_add');
}
开发者ID:albertobraschi,项目名称:toad,代码行数:35,代码来源:index.php
示例2: update_event
public function update_event()
{
if (!isset($_POST['save'])) {
Flash::set('error', __('Could not update this event!'));
} else {
use_helper('Kses');
/* Prepare the data */
$data = $_POST['event'];
if (isset($data['id'])) {
$data['id'] = kses(trim($data['id']), array());
}
$event = new CalendarEvent();
if (isset($data['id'])) {
$event->id = $data['id'];
$event->created_by_id = $data['created_by_id'];
}
$event->title = $data['title'];
$event->date_from = $data['date_from'];
$event->date_to = $data['date_to'];
$event->description = $data['description'];
/* Check data and, if correct, save to DB */
if ($event->checkData() && $event->save()) {
if (isset($data['id'])) {
Flash::set('success', __('The event has been updated.'));
} else {
Flash::set('success', __('A new event has been created.'));
}
redirect(get_url('plugin/calendar/events'));
} else {
Flash::setNow('error', __('There are errors in the form.'));
$this->display(CALENDAR_VIEWS . '/update', array('event' => $event));
}
}
}
开发者ID:hoglaeser,项目名称:wolfcms-calendar-plugin,代码行数:34,代码来源:CalendarController.php
示例3: _save
/**
* Saves the settings.
*/
private final function _save()
{
$data = $_POST['setting'];
// CSRF checks
if (isset($_POST['csrf_token'])) {
$csrf_token = $_POST['csrf_token'];
if (!SecureToken::validateToken($csrf_token, BASE_URL . 'setting')) {
Flash::set('error', __('Invalid CSRF token found!'));
Observer::notify('csrf_token_invalid', AuthUser::getUserName());
redirect(get_url('setting'));
}
} else {
Flash::set('error', __('No CSRF token found!'));
Observer::notify('csrf_token_not_found', AuthUser::getUserName());
redirect(get_url('setting'));
}
if (!isset($data['allow_html_title'])) {
$data['allow_html_title'] = 'off';
}
use_helper('Kses');
$allowed = array('img' => array('src' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array());
$data['admin_title'] = kses(trim($data['admin_title']), $allowed);
Setting::saveFromData($data);
Flash::set('success', __('Settings have been saved!'));
redirect(get_url('setting'));
}
开发者ID:sindotnet,项目名称:cona,代码行数:29,代码来源:SettingController.php
示例4: __mobile_strip_images
function __mobile_strip_images($i)
{
static $allowed;
if (!$allowed) {
$allowed = getConfig('rss.input.allowed');
if (isset($allowed['img'])) {
unset($allowed['img']);
}
}
$i->description = kses($i->description, $allowed);
return $i;
}
开发者ID:jphpsf,项目名称:gregarius,代码行数:12,代码来源:plugins.php
示例5: onetest
function onetest($htmlbefore, $htmlafter, &$score, &$max, $allowed)
{
$max++;
$htmlkses = kses($htmlbefore, $allowed);
# echo "htmlkses --".htmlspecialchars($htmlkses)."--<br>\n";
if ($htmlkses == $htmlafter) {
echo 'OK';
$score++;
} else {
echo 'not OK';
}
echo "<br>\n";
}
开发者ID:portokallidis,项目名称:Metamorphosis-Meducator,代码行数:13,代码来源:test.php
示例6: ConvertToPlain_UTF8
function ConvertToPlain_UTF8(&$html)
{
//$string = strip_tags($html);
// replace numeric entities
//$string = preg_replace('~&#x([0-9a-f]+);~ei', 'chr(hexdec("\\1"))', $string);
//$string = preg_replace('~&#([0-9]+);~e', 'chr("\\1")', $string);
// replace literal entities
//return strtr($string, $this->utf8_trans_tbl);
$tags = array();
$res = kses($html, $tags);
// strip all tags
$res = str_replace('&', '&', $res);
return $res;
}
开发者ID:abhinay100,项目名称:forma_app,代码行数:14,代码来源:lib.mailer.php
示例7: kses_filter
function kses_filter($text, $hook)
{
$allowed_html = array('b' => array(), 'i' => array(), 'a' => array('href' => array('maxlen' => 100), 'title' => 1), 'p' => array('align' => 1), 'font' => array('size' => array('maxval' => 20)), 'br' => array());
if (get_magic_quotes_gpc()) {
$text = stripslashes($text);
}
if ($text != "gettags") {
return kses($text, $allowed_html);
} else {
foreach ($allowed_html as $tag => $null) {
$kses_printtags .= "<{$tag}>, ";
}
return $kses_printtags;
}
}
开发者ID:BackupTheBerlios,项目名称:ajfork-svn,代码行数:15,代码来源:kses.php
示例8: smarty_modifier_kses
function smarty_modifier_kses($in, $allowedtags = FALSE)
{
if ($allowedtags == 'nolinks') {
/* need some way to specify a multi dimentional array via a smarty modifer paramater. e.g. {$var|kses:"a(href,title),b,i,blockquote(cite)"}. How to do that?
$tags = array(explode(',',$allowedtags));
$allowed_html = array();
foreach($tags as $tag) {
$allowed_html[] = array($tag=>array());
}
.. for the mean time we'll just have a 'safe' list of things for unapproved comments
*/
$allowed_html = array('b' => array(), 'i' => array(), 'strong' => array(), 'code' => array(), 'acronym' => array('title'), 'abbr' => array('title'), 'blockquote' => array('cite' => array()));
} else {
$allowed_html = array('b' => array(), 'i' => array(), 'strong' => array(), 'code' => array(), 'acronym' => array('title'), 'abbr' => array('title'), 'a' => array('href' => array('maxlen' => 300), 'title', 'rel' => array('minlen' => 3, 'maxlen' => 250)), 'blockquote' => array('cite' => array()));
}
return kses($in, $allowed_html, array('http', 'https', 'ftp', 'mailto'));
}
开发者ID:BackupTheBerlios,项目名称:bblog-svn,代码行数:19,代码来源:modifier.kses.php
示例9: kses_filter_tags
/**
* Kses filtering of tags, called on a plugin hook
*
* @param mixed $var Variable to filter
* @return mixed
*/
function kses_filter_tags($hook, $entity_type, $returnvalue, $params)
{
$return = $returnvalue;
$var = $returnvalue;
if (@(include_once dirname(dirname(dirname(__FILE__))) . "/vendors/kses/kses.php")) {
global $CONFIG;
$allowedtags = $CONFIG->allowedtags;
$allowedprotocols = $CONFIG->allowedprotocols;
if (!is_array($var)) {
$return = "";
$return = kses($var, $allowedtags, $allowedprotocols);
} else {
$return = array();
foreach ($var as $key => $el) {
$return[$key] = kses($el, $allowedtags, $allowedprotocols);
}
}
}
return $return;
}
开发者ID:eokyere,项目名称:elgg,代码行数:26,代码来源:input.php
示例10: OpenTable
OpenTable();
echo "<div align=center class=title>" . _ENTRYADDED . "</div><br><br>";
echo "<div align=center> [ <a href=\"modules.php?name={$module_name}&file=edit\">" . _RETURNJOURNAL . "</a> ]</div>";
CloseTable();
$username = $cookie[1];
$user = filter($user, "nohtml");
$username = filter($username, "nohtml");
$sitename = filter($sitename, "nohtml");
$title = filter($title, "nohtml");
$title = addslashes($title);
if (isset($mood)) {
$mood = filter($mood, "nohtml");
} else {
$mood = "";
}
$jbodytext = kses(ADVT_stripslashes($jbodytext), $allowed);
$jbodytext = addslashes($jbodytext);
$sql = "INSERT INTO " . $prefix . "_journal (jid,aid,title,bodytext,mood,pdate,ptime,status,mtime,mdate) VALUES (NULL,'{$username}','{$title}','{$jbodytext}','{$mood}','{$pdate}','{$ptime}','{$status}','{$mtime}','{$ndate}')";
$db->sql_query($sql);
update_points(1);
$sql = "SELECT * FROM " . $prefix . "_journal_stats WHERE joid = '{$username}'";
$result = $db->sql_query($sql);
$row_count = $db->sql_numrows($result);
if ($row_count == 0) {
$query = "INSERT INTO " . $prefix . "_journal_stats (id,joid,nop,ldp,ltp,micro) VALUES ('','{$username}','1',now(),'{$mtime}',now())";
$db->sql_query($query);
} else {
$row = $db->sql_fetchrow($result);
$nnop = $row['nop'];
$nnnop = $nnop + 1;
$micro = date("U");
开发者ID:rotvulpix,项目名称:php-nuke,代码行数:31,代码来源:savenew.php
示例11: html_filter
/**
* Cleans HTML text filter
* @param string $html HTML to clean
* @param int $mode (optional)
* @return string The cleaned HTML
*/
function html_filter($html, $mode = NO_HTML)
{
$allowed_tags = HTML_QuickForm_Rule_HTML::get_allowed_tags($mode);
$cleaned_html = kses($html, $allowed_tags);
return $cleaned_html;
}
开发者ID:secuencia24,项目名称:chamilo-lms,代码行数:12,代码来源:FormValidator.class.php
示例12: rmsViewHistory
function rmsViewHistory($id, $pp, $lenght = 10, $offset = 0)
{
global $sock;
$result = array();
$cmd = "HISTORY " . $id . "." . $pp . " " . $lenght . " " . $offset . "\r\n";
sendData($cmd);
$packet = socket_read($sock, 1024, PHP_NORMAL_READ);
if (substr($packet, 0, 3) >= 400) {
return false;
}
// kses input filtering
$allowed = array('b' => array(),
'i' => array(),
'a' => array('href' => 1, 'title' => 1),
'p' => array('align' => 1),
'br' => array(),
'font' => array('size' => 1, 'color' => 1, 'face' => 1)
);
while (!preg_match("/^231 /", $packet))
{
$msg = "";
preg_match("/from (.*)/", $packet, $header);
$from = $header[1];
$packet = socket_read($sock, 1024, PHP_NORMAL_READ);
$snttime = substr($packet, 12);
$packet = socket_read($sock, 1024, PHP_NORMAL_READ);
$packet = socket_read($sock, 1024, PHP_NORMAL_READ);
while (!preg_match("/^223 /", $packet))
{
$msg .= (($msg!="")?"<br/>":"").$packet;
$packet = socket_read($sock, 1024, PHP_NORMAL_READ);
}
if (get_magic_quotes_gpc())
$msg = stripslashes($msg);
$result[] = array('msg' => kses($msg, $allowed), 'time' => trim($snttime), 'from' => trim($from));
$packet = socket_read($sock, 1024, PHP_NORMAL_READ);
}
return $result;
}
开发者ID:root42,项目名称:licq,代码行数:48,代码来源:rms.php
示例13: _edit
private function _edit($id)
{
$data = $_POST['page'];
$page = Record::findByIdFrom('Page', $id);
$old_parts = PagePart::findByPageId($id);
// need to do this because the use of a checkbox
$data['is_protected'] = !empty($data['is_protected']) ? 1 : 0;
/**
* Make sure the title doesn't contain HTML
*
* @todo Replace this by HTML Purifier?
*/
if (Setting::get('allow_html_title') == 'off') {
use_helper('Kses');
$data['title'] = kses(trim($data['title']), array());
}
$page->setFromData($data);
if ($page->save()) {
// update parts
$page->parts = $_POST['part'];
// save tags
$page->setTags($_POST['page_tag']['tags']);
Flash::set('success', __('Page has been saved!'));
} else {
Flash::set('error', __('Page has not been saved!'));
redirect(get_url('page/edit/' . $id));
}
// save and quit or save and continue editing ?
if (isset($_POST['commit'])) {
redirect(get_url('page'));
} else {
redirect(get_url('page/edit/' . $id));
}
}
开发者ID:julpi,项目名称:FreshCMS,代码行数:34,代码来源:PageController.php
示例14: htmlize_comment_text
public static function htmlize_comment_text($text)
{
global $ratatoeskr_settings;
return kses(textprocessor_apply($text, $ratatoeskr_settings["comment_textprocessor"]), array("a" => array("href" => 1, "hreflang" => 1, "title" => 1, "rel" => 1, "rev" => 1), "b" => array(), "i" => array(), "u" => array(), "strong" => array(), "em" => array(), "p" => array("align" => 1), "br" => array(), "abbr" => array(), "acronym" => array(), "code" => array(), "pre" => array(), "blockquote" => array("cite" => 1), "h1" => array(), "h2" => array(), "h3" => array(), "h4" => array(), "h5" => array(), "h6" => array(), "img" => array("src" => 1, "alt" => 1, "width" => 1, "height" => 1), "s" => array(), "q" => array("cite" => 1), "samp" => array(), "ul" => array(), "ol" => array(), "li" => array(), "del" => array(), "ins" => array(), "dl" => array(), "dd" => array(), "dt" => array(), "dfn" => array(), "div" => array(), "dir" => array(), "kbd" => array("prompt" => 1), "strike" => array(), "sub" => array(), "sup" => array(), "table" => array("style" => 1), "tbody" => array(), "thead" => array(), "tfoot" => array(), "tr" => array(), "td" => array("colspan" => 1, "rowspan" => 1), "th" => array("colspan" => 1, "rowspan" => 1), "tt" => array(), "var" => array()));
}
开发者ID:ratatoeskr-cms,项目名称:ratatoeskr-cms,代码行数:5,代码来源:models.php
示例15: update
function update($id)
{
$kses_allowed = getConfig('rss.input.allowed');
//getAllowedTags();
$updatedIds = array();
$sql = "select id, url, title, mode from " . getTable("channels");
if ($id != "" && is_numeric($id)) {
$sql .= " where id={$id}";
$sql .= " and not(mode & " . RSS_MODE_DELETED_STATE . ") ";
} else {
$sql .= " where not(mode & " . RSS_MODE_DELETED_STATE . ") ";
}
if (getConfig('rss.config.absoluteordering')) {
$sql .= " order by parent, position";
} else {
$sql .= " order by parent, title";
}
$res = rss_query($sql);
while (list($cid, $url, $title, $mode) = rss_fetch_row($res)) {
// suppress warnings because Magpie is rather noisy
$old_level = error_reporting(E_ERROR);
$rss = fetch_rss($url);
//reset
error_reporting($old_level);
if (!$rss && $id != "" && is_numeric($id)) {
return array(magpie_error(), array());
} elseif (!$rss || !($rss->rss_origin & MAGPIE_FEED_ORIGIN_HTTP_200)) {
continue;
// no need to do anything if we do not get a 200 OK from the feed
}
// base URL for items in this feed.
if (array_key_exists('link', $rss->channel)) {
$baseUrl = $rss->channel['link'];
} else {
$baseUrl = $url;
// The feed is invalid
}
// Keep track of guids we've handled, because some feeds (hello,
// Technorati!) have this insane habit of serving the same item
// twice in the same feed.
$guids = array();
// Allow updates in this feed?
$allowUpdates = getProperty($cid, 'rss.input.allowupdates');
if ($allowUpdates === null) {
$allowUpdates = getConfig('rss.input.allowupdates');
}
$itemIdsInFeed = array();
// This variable will store the item id's of the elements in the feed
foreach ($rss->items as $item) {
$item = rss_plugin_hook('rss.plugins.rssitem', $item);
// a plugin might delete this item
if (!isset($item)) {
continue;
}
// item title: strip out html tags
$title = array_key_exists('title', $item) ? strip_tags($item['title']) : "";
//$title = str_replace('& ', '& ', $title);
$description = "";
// item content, if any
if (array_key_exists('content', $item) && is_array($item['content']) && array_key_exists('encoded', $item['content'])) {
$description = $item['content']['encoded'];
} elseif (array_key_exists('description', $item)) {
$description = $item['description'];
} elseif (array_key_exists('atom_content', $item)) {
$description = $item['atom_content'];
} elseif (array_key_exists('summary', $item)) {
$description = $item['summary'];
} else {
$description = "";
}
$md5sum = "";
$guid = "";
if (array_key_exists('guid', $item) && $item['guid'] != "") {
$guid = $item['guid'];
} elseif (array_key_exists('id', $item) && $item['id'] != "") {
$guid = $item['id'];
}
$guid = trim($guid);
$guid = rss_real_escape_string($guid);
// skip this one if it's an in-feed-dupe
if ($guid && isset($guids[$guid])) {
continue;
} elseif ($guid) {
$guids[$guid] = true;
}
if ($description != "") {
$md5sum = md5($description);
$description = kses($description, $kses_allowed);
// strip out tags
if ($baseUrl != "") {
$description = relative_to_absolute($description, $baseUrl);
}
}
// Now let plugins modify the description
$description = rss_plugin_hook('rss.plugins.import.description', $description);
// link
if (array_key_exists('link', $item) && $item['link'] != "") {
$url = $item['link'];
} elseif (array_key_exists('guid', $item) && $item['guid'] != "") {
$url = $item['guid'];
//.........这里部分代码省略.........
开发者ID:abdallahchamas,项目名称:haiti_tracker,代码行数:101,代码来源:util.php
示例16: shortenContent
/**
* Returns truncated html formatted content
*
* @param string $articlecontent the source string
* @param int $shorten new size
* @param string $shortenindicator
* @param bool $forceindicator set to true to include the indicator no matter what
* @return string
*/
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false)
{
global $_user_tags;
if ($shorten && ($forceindicator || mb_strlen($articlecontent) > $shorten)) {
$allowed_tags = getAllowedTags('allowed_tags');
//remove script to be replaced later
$articlecontent = preg_replace('~<script.*?/script>~is', '', $articlecontent);
//remove HTML comments
$articlecontent = preg_replace('~<!--.*?-->~is', '', $articlecontent);
$short = mb_substr($articlecontent, 0, $shorten);
$short2 = kses($short . '</p>', $allowed_tags);
if (($l2 = mb_strlen($short2)) < $shorten) {
$c = 0;
$l1 = $shorten;
$delta = $shorten - $l2;
while ($l2 < $shorten && $c++ < 5) {
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta;
} else {
$l1 = $l1 + $delta;
}
$short = mb_substr($articlecontent, 0, $l1);
preg_match_all('/(<p>)/', $short, $open);
preg_match_all('/(<\\/p>)/', $short, $close);
if (count($open) > count($close)) {
$short .= '</p>';
}
$short2 = kses($short, $allowed_tags);
$l2 = mb_strlen($short2);
}
$shorten = $l1;
}
$short = truncate_string($articlecontent, $shorten, '');
if ($short != $articlecontent) {
// we actually did remove some stuff
// drop open tag strings
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$short = mb_substr($short, 0, $open);
}
if (class_exists('tidy')) {
$tidy = new tidy();
$tidy->parseString($short . $shortenindicator, array('show-body-only' => true), 'utf8');
$tidy->cleanRepair();
$short = trim($tidy);
} else {
$short = trim(cleanHTML($short . $shortenindicator));
}
}
$articlecontent = $short;
}
if (isset($matches)) {
//replace the script text
foreach ($matches[0] as $script) {
$articlecontent = $script . $articlecontent;
}
}
return $articlecontent;
}
开发者ID:JoniWeiss,项目名称:JoniWebGirl,代码行数:69,代码来源:functions.php
示例17: ksesProcess
/**
* Internal "helper" function to apply the tag removal
*
* @param string $input_string
* @param array $allowed_tags
* @return string
*/
function ksesProcess($input_string, $allowed_tags)
{
if (function_exists('kses')) {
return kses($input_string, $allowed_tags);
} else {
$input_string = preg_replace('~<script.*?/script>~is', '', $input_string);
$input_string = preg_replace('~<style.*?/style>~is', '', $input_string);
$input_string = preg_replace('~<!--.*?-->~is', '', $input_string);
$content = strip_tags($input_string);
$input_string = str_replace(' ', ' ', $input_string);
$input_string = html_decode($input_string);
return $input_string;
}
}
开发者ID:ariep,项目名称:ZenPhoto20-DEV,代码行数:21,代码来源:functions-common.php
示例18: sanitize_string
function sanitize_string($input_string, $sanitize_level)
{
if (get_magic_quotes_gpc()) {
$input_string = stripslashes($input_string);
}
if ($sanitize_level === 0) {
$input_string = str_replace(chr(0), " ", $input_string);
} else {
if ($sanitize_level === 1) {
$allowed_tags = "(" . getOption('allowed_tags') . ")";
$allowed = parseAllowedTags($allowed_tags);
if ($allowed === false) {
$allowed = array();
}
$input_string = kses($input_string, $allowed);
} else {
if ($sanitize_level === 2) {
$allowed = array();
$input_string = kses($input_string, $allowed);
// Full sanitation. Strips all code.
} else {
if ($sanitize_level === 3) {
$allowed_tags = array();
$input_string = kses($input_string, $allowed_tags);
}
}
}
}
return $input_string;
}
开发者ID:hatone,项目名称:zenphoto-1.4.1.4,代码行数:30,代码来源:setup-primitive.php
示例19: comment_save
/**
* Executed through the Observer system each time a page is found.
*
* @global <type> $__CMS_CONN__
* @param Page $page The object instance for the page that was found.
* @return <type> Nothing.
*/
function comment_save(&$page)
{
// Check if we need to save a comment
if (!isset($_POST['comment'])) {
return;
}
$data = $_POST['comment'];
if (is_null($data)) {
return;
}
$captcha = Plugin::getSetting('use_captcha', 'comment');
if ($captcha && $captcha == '1') {
if (isset($data['secure'])) {
if ($data['secure'] == "" or empty($data['secure']) or $data['secure'] != $_SESSION['security_number']) {
return;
}
} else {
return;
}
}
if ($page->comment_status != Comment::OPEN) {
return;
}
if (!isset($data['author_name']) or trim($data['author_name']) == '') {
return;
}
if (!isset($data['author_email']) or trim($data['author_email']) == '') {
return;
}
if (!preg_match('/[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+(?:\\.[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+)*\\@[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+(?:\\.[^\\x00-\\x20()<>@,;:\\".[\\]\\x7f-\\xff]+)+/i', $data['author_email'])) {
return;
}
if (!isset($data['body']) or trim($data['body']) == '') {
return;
}
use_helper('Kses');
$allowed_tags = array('a' => array('href' => array(), 'title' => array()), 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), 'b' => array(), 'blockquote' => array('cite' => array()), 'br' => array(), 'code' => array(), 'em' => array(), 'i' => array(), 'p' => array(), 'strike' => array(), 'strong' => array());
$auto_approve_comment = Plugin::getSetting('auto_approve_comment', 'comment');
// Check for and correct problems with website link
if (isset($data['author_link']) && $data['author_link'] !== '') {
if (strpos($data['author_link'], 'http://') !== 0 && strpos($data['author_link'], 'https://') !== 0) {
$data['author_link'] = 'http://' . $data['author_link'];
}
}
global $__CMS_CONN__;
$sql = 'INSERT INTO ' . TABLE_PREFIX . 'comment (page_id, author_name, author_email, author_link, ip, body, is_approved, created_on) VALUES (' . '\'' . $page->id . '\', ' . $__CMS_CONN__->quote(strip_tags($data['author_name'])) . ', ' . $__CMS_CONN__->quote(strip_tags($data['author_email'])) . ', ' . $__CMS_CONN__->quote(strip_tags($data['author_link'])) . ', ' . $__CMS_CONN__->quote($data['author_ip']) . ', ' . $__CMS_CONN__->quote(kses($data['body'], $allowed_tags)) . ', ' . $__CMS_CONN__->quote($auto_approve_comment) . ', ' . $__CMS_CONN__->quote(date('Y-m-d H:i:s')) . ')';
$__CMS_CONN__->exec($sql);
// @todo FIXME - If code above used Comment object for saving data there would be
// no need to reload it from database. Using lastInsertId() is unrealiable anyway.
$comment_id = Record::lastInsertId();
$comment = Comment::findById($comment_id);
Observer::notify('comment_after_add', $comment);
if (Plugin::isEnabled('statistics_api')) {
$event = array('event_type' => 'comment_added', 'description' => __('A comment was added.'), 'ipaddress' => $comment->ip, 'username' => $comment->author_name);
Observer::notify('stats_comment_after_add', $event);
}
}
开发者ID:chaobj001,项目名称:tt,代码行数:64,代码来源:index.php
示例20: _store
//.........这里部分代码省略.........
}
}
// Check all numerical fields for a page
$fields = array('parent_id', 'layout_id', 'needs_login');
foreach ($fields as $field) {
if (!Validate::digit($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
// Check all date fields for a page
$fields = array('created_on', 'published_on', 'valid_until');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{4}-[0-9]{2}-[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check all time fields for a page
$fields = array('created_on_time', 'published_on_time', 'valid_until_time');
foreach ($fields as $field) {
if (isset($data[$field])) {
$data[$field] = trim($data[$field]);
if (!empty($data[$field]) && !(bool) preg_match('/^[0-9]{2}:[0-9]{2}:[0-9]{2}$/D', (string) $data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
}
}
// Check alphanumerical fields
$fields = array('keywords', 'description');
foreach ($fields as $field) {
use_helper('Kses');
$data[$field] = kses(trim($data[$field]), array());
/*
if (!empty($data[$field]) && !Validate::alpha_comma($data[$field])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => $field));
}
*
*/
}
// Check behaviour_id field
if (!empty($data['behaviour_id']) && !Validate::slug($data['behaviour_id'])) {
$errors[] = __('Illegal value for :fieldname field!', array(':fieldname' => 'behaviour_id'));
}
// Make sure the title doesn't contain HTML
if (Setting::get('allow_html_title') == 'off') {
use_helper('Kses');
$data['title'] = kses(trim($data['title']), array());
}
// Create the page object to be manipulated and populate data
if ($action == 'add') {
$page = new Page($data);
} else {
$page = Record::findByIdFrom('Page', $id);
$page->setFromData($data);
}
// Upon errors, rebuild original page and return to screen with errors
if (false !== $errors || $error_fields !== false) {
$tags = $_POST['page_tag'];
// Rebuild time fields
if (isset($page->created_on) && isset($page->created_on_time)) {
$page->created_on = $page->created_on . ' ' . $page->created_on_time;
}
if (isset($page->published_on) && isset($page->published_on_time)) {
$page->published_on = $page->published_on . ' ' . $page->published_on_time;
开发者ID:sindotnet,项目名称:canareef,代码行数:67,代码来源:PageController.php
注:本文中的kses函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论