www.gusucode.com > XerCMS 携云PHP企业建站程序 v2015PHP源码程序 > XerCMS 携云PHP企业建站程序 v2015/XerCMS_v20150724/XerCMS_v20150724/XerCMS/Library/XerCMS_html.php
<?php
/**
* @name XERCMS
* @author Arno <XerCMS@163.com> [QQ:1328013]
* @version 1.0.0
* @link http://www.XerCMS.com
*/
!defined('XERCMS') && exit('Access Denied');
class html
{
var $attribute = array('href','title','style','border','data','src','id','name','value','type','color','width','height','colspan','rowspan');
var $tag = array('h1','h2','h3','blockquote','xml','table','tbody','tr','td','th','style','strong','p','noscript','map','i','hr','br','div','ul','li','ol','dd','dt','big','cite','b','a','','img','embed','font','span','input','select','textarea');
var $allowdomain = array('youku.com','tudou.com','sohu.com','qq.com','letv.com','sina.com','iqiyi.com');
function __construct() {
//$config = ini('html');
//$this->attribute = $config['attribute'];
//$this->tag = $config['tag'];
//$this->allowdomain = $config['allowdomain'];
}
function result($str) {
$str = stripslashes($str);
return addslashes(preg_replace('/(.*?)<([^>]*)>(.*?)/ie','$this->safetag(\'\1\',\'\2\',\'\3\')',$str));
}
function safetag($left,$center,$right) {
if(isset($center{0}) === false) {
return '<>';
}
//$center = strtolower($center);
$end = strpos($center,'/') === 0 ? true : false;
switch($end) {
case true:
$center = explode('/',$center,2);
if($this->taglimit($center[1]) === false) {
return $this->nohtml($left).$this->nohtml($right);
}
return $this->nohtml($left).'<'.$center[1].'>'.$this->nohtml($right);
break;
default:
return $this->nohtml($left).$this->safeattr($center).$this->nohtml($right);
break;
}
}
function taglimit($name) {
return in_array(strtolower($name),$this->tag);
}
function safeattr($str) {
$str = stripslashes($str);
if(strpos($str,' ') === false) {//echo $str;
if($this->taglimit($str) === false) {
return '';
}
return '<'.$str.'>';
}
$str = explode(' ',$str,2);
$tag = $str[0];$str = $str[1];
if($this->taglimit($tag) === false) {
return '';
}
if(preg_match_all('/([a-zA-Z0-9]+)\=[\'"](.*?)[\'"]/',$str,$match)) {
$ret = '';
foreach($match[1] as $k=>$v) {
if(in_array(strtolower($v),$this->attribute) === false) {
continue;
}
switch($v) {
case 'href':
$ret .= ' '.$v.'="'.(stripos($match[2][$k],'script:') === false ? $this->nohtml($match[2][$k]) : '#').'"';
break;
default:
if(strtolower($tag) == 'embed' && $v == 'src') {//echo $match[2][$k];
$temp = parse_url($match[2][$k]);
if(isset($temp['host'])) {
$temp['host'] = explode('.',$temp['host']);
$temp['host'] = $temp['host'][count($temp['host']) - 2].'.'.$temp['host'][count($temp['host']) - 1];
//print_R($temp);
if(!in_array($temp['host'],$this->allowdomain)) {
$ret .= ' '.$v.'="'.X::$G['urlpath'].'Assets/flash/video.swf?url='.urlencode($match[2][$k]).'"';
break;
}
}
$ret .= ' '.$v.'="'.$this->nohtml($match[2][$k]).'"';
} else {
$ret .= ' '.$v.'="'.$this->nohtml($match[2][$k]).'"';
}
break;
}
}
$ret = '<'.$tag.$ret.'>';
return $ret;
} else return '<'.$tag.'>';
}
function nohtml($str) {
return strtr($str,array('\''=>''','"'=>'"','>'=>'@','<'=>'<',' '=>''));
}
}