'bithtml_save_data', 'load_function' => 'bithtml_parse_data', 'verify_function' => 'bithtml_verify_data', 'description' => 'HTML Syntax Format Parser', 'edit_label' => 'HTML', 'edit_field' => ' FORMAT_PLUGIN ); $gLibertySystem->registerPlugin( PLUGIN_GUID_BITHTML, $pluginParams ); function bithtml_verify_data( &$pParamHash ) { $errorMsg = NULL; $pParamHash['content_store']['data'] = purge_html( $pParamHash['edit'] ); return $errorMsg; } // This function is a menagerie of the techniques of the comments listed at // http://www.php.net/manual/en/function.strip-tags.php - spiderr function purge_html( $pText ) { global $gBitSystem, $gBitUser; // convert all HTML entites to catch people trying to sneak stuff by with things like { etc.. if( function_exists( 'html_entity_decode' ) ) { // quieten this down since it causes an error in PHP4 // http://bugs.php.net/bug.php?id=25670 $text = @html_entity_decode( $pText, ENT_COMPAT, 'UTF-8' ); } else { $trans_tbl = get_html_translation_table(HTML_ENTITIES); $trans_tbl = array_flip($trans_tbl); $text = strtr($pText, $trans_tbl); } // strip_tags() appears to become nauseated at the site of a declaration $text = str_replace( 'hasPermission( 'bit_p_edit_html_style' ) ) { $text = preg_replace( "/]*>.*<\/style>/siU", '', $text ); } $text = stripslashes($text); if( !$gBitUser->hasPermission( 'bit_p_edit_html_style' ) ) { $text = preg_replace( "/ (style|class)=[\"]?([^\"]*)[\"]?/i", '', $text); } // Strip all evil tags that remain // this comes out of gBitSystem->getConfig() set in Liberty Admin $acceptableTags = $gBitSystem->getConfig( 'approved_html_tags', DEFAULT_ACCEPTABLE_TAGS ); // Destroy all script code "manually" - strip_tags will leave code inline as plain text if( !preg_match( '/\/', $acceptableTags ) ) { $text = preg_replace( "/(\)/si", '', $text ); } $text = strip_tags( $text, $acceptableTags ); $text = str_replace("