search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Installer Class missing array variable check
[openemr.git] / phpmyadmin / libraries / sanitizing.lib.php
blob388ca13975266ccf47f6fa8082b378f356075cbc
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 *
5 * @version $Id$
6 */
7
8 /**
9 * Sanitizes $message, taking into account our special codes
10 * for formatting
11 *
12 * @uses preg_replace()
13 * @uses strtr()
14 * @param string the message
15 *
16 * @return string the sanitized message
17 *
18 * @access public
19 */
20 function PMA_sanitize($message)
21 {
22 $replace_pairs = array(
23 '<' => '&lt;',
24 '>' => '&gt;',
25 '[i]' => '<em>', // deprecated by em
26 '[/i]' => '</em>', // deprecated by em
27 '[em]' => '<em>',
28 '[/em]' => '</em>',
29 '[b]' => '<strong>', // deprecated by strong
30 '[/b]' => '</strong>', // deprecated by strong
31 '[strong]' => '<strong>',
32 '[/strong]' => '</strong>',
33 '[tt]' => '<code>', // deprecated by CODE or KBD
34 '[/tt]' => '</code>', // deprecated by CODE or KBD
35 '[code]' => '<code>',
36 '[/code]' => '</code>',
37 '[kbd]' => '<kbd>',
38 '[/kbd]' => '</kbd>',
39 '[br]' => '<br />',
40 '[/a]' => '</a>',
41 '[sup]' => '<sup>',
42 '[/sup]' => '</sup>',
43 );
44 $message = strtr($message, $replace_pairs);
45
46 $pattern = '/\[a@([^"@]*)@([^]"]*)\]/';
47
48 if (preg_match_all($pattern, $message, $founds, PREG_SET_ORDER)) {
49 $valid_links = array(
50 'http', // default http:// links (and https://)
51 './Do', // ./Documentation
52 );
53
54 foreach ($founds as $found) {
55 // only http... and ./Do... allowed
56 if (! in_array(substr($found[1], 0, 4), $valid_links)) {
57 return $message;
58 }
59 // a-z and _ allowed in target
60 if (! empty($found[2]) && preg_match('/[^a-z_]+/i', $found[2])) {
61 return $message;
62 }
63 }
64
65 $message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
66 }
67
68 return $message;
69 }
70 ?>
Mirror of official OpenEMR Sourceforge repository