www.gusucode.com > XerCMS 携云PHP企业建站程序 v2015PHP源码程序 > XerCMS 携云PHP企业建站程序 v2015/XerCMS_v20150724/XerCMS_v20150724/XerCMS/Library/XerCMS_html.php
<?php /** * @name XERCMS * @author Arno <XerCMS@163.com> [QQ:1328013] * @version 1.0.0 * @link http://www.XerCMS.com */ !defined('XERCMS') && exit('Access Denied'); class html { var $attribute = array('href','title','style','border','data','src','id','name','value','type','color','width','height','colspan','rowspan'); var $tag = array('h1','h2','h3','blockquote','xml','table','tbody','tr','td','th','style','strong','p','noscript','map','i','hr','br','div','ul','li','ol','dd','dt','big','cite','b','a','','img','embed','font','span','input','select','textarea'); var $allowdomain = array('youku.com','tudou.com','sohu.com','qq.com','letv.com','sina.com','iqiyi.com'); function __construct() { //$config = ini('html'); //$this->attribute = $config['attribute']; //$this->tag = $config['tag']; //$this->allowdomain = $config['allowdomain']; } function result($str) { $str = stripslashes($str); return addslashes(preg_replace('/(.*?)<([^>]*)>(.*?)/ie','$this->safetag(\'\1\',\'\2\',\'\3\')',$str)); } function safetag($left,$center,$right) { if(isset($center{0}) === false) { return '<>'; } //$center = strtolower($center); $end = strpos($center,'/') === 0 ? true : false; switch($end) { case true: $center = explode('/',$center,2); if($this->taglimit($center[1]) === false) { return $this->nohtml($left).$this->nohtml($right); } return $this->nohtml($left).'<'.$center[1].'>'.$this->nohtml($right); break; default: return $this->nohtml($left).$this->safeattr($center).$this->nohtml($right); break; } } function taglimit($name) { return in_array(strtolower($name),$this->tag); } function safeattr($str) { $str = stripslashes($str); if(strpos($str,' ') === false) {//echo $str; if($this->taglimit($str) === false) { return ''; } return '<'.$str.'>'; } $str = explode(' ',$str,2); $tag = $str[0];$str = $str[1]; if($this->taglimit($tag) === false) { return ''; } if(preg_match_all('/([a-zA-Z0-9]+)\=[\'"](.*?)[\'"]/',$str,$match)) { $ret = ''; foreach($match[1] as $k=>$v) { if(in_array(strtolower($v),$this->attribute) === false) { continue; } switch($v) { case 'href': $ret .= ' '.$v.'="'.(stripos($match[2][$k],'script:') === false ? $this->nohtml($match[2][$k]) : '#').'"'; break; default: if(strtolower($tag) == 'embed' && $v == 'src') {//echo $match[2][$k]; $temp = parse_url($match[2][$k]); if(isset($temp['host'])) { $temp['host'] = explode('.',$temp['host']); $temp['host'] = $temp['host'][count($temp['host']) - 2].'.'.$temp['host'][count($temp['host']) - 1]; //print_R($temp); if(!in_array($temp['host'],$this->allowdomain)) { $ret .= ' '.$v.'="'.X::$G['urlpath'].'Assets/flash/video.swf?url='.urlencode($match[2][$k]).'"'; break; } } $ret .= ' '.$v.'="'.$this->nohtml($match[2][$k]).'"'; } else { $ret .= ' '.$v.'="'.$this->nohtml($match[2][$k]).'"'; } break; } } $ret = '<'.$tag.$ret.'>'; return $ret; } else return '<'.$tag.'>'; } function nohtml($str) { return strtr($str,array('\''=>''','"'=>'"','>'=>'@','<'=>'<',' '=>'')); } }