1 <?php
2 /**
3 * Part of the Joomla Framework Filter Package
4 *
5 * @copyright Copyright (C) 2005 - 2016 Open Source Matters, Inc. All rights reserved.
6 * @license GNU General Public License version 2 or later; see LICENSE
7 */
8
9 namespace Joomla\Filter;
10
11 use Joomla\Language\Language;
12 use Joomla\String\StringHelper;
13
14 /**
15 * OutputFilter
16 *
17 * @since 1.0
18 */
19 class OutputFilter
20 {
21 /**
22 * Makes an object safe to display in forms
23 *
24 * Object parameters that are non-string, array, object or start with underscore
25 * will be converted
26 *
27 * @param object &$mixed An object to be parsed
28 * @param integer $quote_style The optional quote style for the htmlspecialchars function
29 * @param mixed $exclude_keys An optional string single field name or array of field names not to be parsed (eg, for a textarea)
30 *
31 * @return void
32 *
33 * @since 1.0
34 */
35 public static function objectHtmlSafe(&$mixed, $quote_style = ENT_QUOTES, $exclude_keys = '')
36 {
37 if (is_object($mixed))
38 {
39 foreach (get_object_vars($mixed) as $k => $v)
40 {
41 if (is_array($v) || is_object($v) || $v == null || substr($k, 1, 1) == '_')
42 {
43 continue;
44 }
45
46 if (is_string($exclude_keys) && $k == $exclude_keys)
47 {
48 continue;
49 }
50 elseif (is_array($exclude_keys) && in_array($k, $exclude_keys))
51 {
52 continue;
53 }
54
55 $mixed->$k = htmlspecialchars($v, $quote_style, 'UTF-8');
56 }
57 }
58 }
59
60 /**
61 * This method processes a string and replaces all instances of & with & in links only.
62 *
63 * @param string $input String to process
64 *
65 * @return string Processed string
66 *
67 * @since 1.0
68 */
69 public static function linkXhtmlSafe($input)
70 {
71 $regex = 'href="([^"]*(&(amp;){0})[^"]*)*?"';
72
73 return preg_replace_callback(
74 "#$regex#i",
75 function($m)
76 {
77 return preg_replace('#&(?!amp;)#', '&', $m[0]);
78 },
79 $input
80 );
81 }
82
83 /**
84 * This method processes a string and replaces all accented UTF-8 characters by unaccented
85 * ASCII-7 "equivalents", whitespaces are replaced by hyphens and the string is lowercase.
86 *
87 * @param string $string String to process
88 * @param string $language Language to transliterate to
89 *
90 * @return string Processed string
91 *
92 * @since 1.0
93 */
94 public static function stringUrlSafe($string, $language = '')
95 {
96 // Remove any '-' from the string since they will be used as concatenaters
97 $str = str_replace('-', ' ', $string);
98
99 // Transliterate on the language requested (fallback to current language if not specified)
100 $lang = empty($language) ? Language::getInstance() : Language::getInstance($language);
101 $str = $lang->transliterate($str);
102
103 // Trim white spaces at beginning and end of alias and make lowercase
104 $str = trim(StringHelper::strtolower($str));
105
106 // Remove any duplicate whitespace, and ensure all characters are alphanumeric
107 $str = preg_replace('/(\s|[^A-Za-z0-9\-])+/', '-', $str);
108
109 // Trim dashes at beginning and end of alias
110 $str = trim($str, '-');
111
112 return $str;
113 }
114
115 /**
116 * This method implements unicode slugs instead of transliteration.
117 *
118 * @param string $string String to process
119 *
120 * @return string Processed string
121 *
122 * @since 1.0
123 */
124 public static function stringUrlUnicodeSlug($string)
125 {
126 // Replace double byte whitespaces by single byte (East Asian languages)
127 $str = preg_replace('/\xE3\x80\x80/', ' ', $string);
128
129 // Remove any '-' from the string as they will be used as concatenator.
130 // Would be great to let the spaces in but only Firefox is friendly with this
131
132 $str = str_replace('-', ' ', $str);
133
134 // Replace forbidden characters by whitespaces
135 $str = preg_replace('#[:\#\*"@+=;!><&\.%()\]\/\'\\\\|\[]#', "\x20", $str);
136
137 // Delete all '?'
138 $str = str_replace('?', '', $str);
139
140 // Trim white spaces at beginning and end of alias and make lowercase
141 $str = trim(StringHelper::strtolower($str));
142
143 // Remove any duplicate whitespace and replace whitespaces by hyphens
144 $str = preg_replace('#\x20+#', '-', $str);
145
146 return $str;
147 }
148
149 /**
150 * Replaces & with & for XHTML compliance
151 *
152 * @param string $text Text to process
153 *
154 * @return string Processed string.
155 *
156 * @since 1.0
157 */
158 public static function ampReplace($text)
159 {
160 return preg_replace('/(?<!&)&(?!&|#|[\w]+;)/', '&', $text);
161 }
162
163 /**
164 * Cleans text of all formatting and scripting code
165 *
166 * @param string &$text Text to clean
167 *
168 * @return string Cleaned text.
169 *
170 * @since 1.0
171 */
172 public static function cleanText(&$text)
173 {
174 $text = preg_replace("'<script[^>]*>.*?</script>'si", '', $text);
175 $text = preg_replace('/<a\s+.*?href="([^"]+)"[^>]*>([^<]+)<\/a>/is', '\2 (\1)', $text);
176 $text = preg_replace('/<!--.+?-->/', '', $text);
177 $text = preg_replace('/{.+?}/', '', $text);
178 $text = preg_replace('/ /', ' ', $text);
179 $text = preg_replace('/&/', ' ', $text);
180 $text = preg_replace('/"/', ' ', $text);
181 $text = strip_tags($text);
182 $text = htmlspecialchars($text, ENT_COMPAT, 'UTF-8');
183
184 return $text;
185 }
186
187 /**
188 * Strip img-tags from string
189 *
190 * @param string $string Sting to be cleaned.
191 *
192 * @return string Cleaned string
193 *
194 * @since 1.0
195 */
196 public static function stripImages($string)
197 {
198 return preg_replace('#(<[/]?img.*>)#U', '', $string);
199 }
200
201 /**
202 * Strip iframe-tags from string
203 *
204 * @param string $string Sting to be cleaned.
205 *
206 * @return string Cleaned string
207 *
208 * @since 1.0
209 */
210 public static function stripIframes($string)
211 {
212 return preg_replace('#(<[/]?iframe.*>)#U', '', $string);
213 }
214 }
215