/fonctions/fct_chaines.php
PHP | 141 lines | 71 code | 8 blank | 62 comment | 9 complexity | a0a8ec1ce74e032e74df4457baf1db8f MD5 | raw file
Possible License(s): LGPL-3.0, LGPL-2.1
- <?php
- /*
- |------------------------------------------------------------------------------------------------------------
- | Software: Malleo ( CMS )
- | Contact: SP - http://www.malleo-cms.com
- | Support: http://www.malleo-cms.com?module=forum
- | Documentation : Support: http://www.malleo-cms.com?module=wiki
- |------------------------------------------------------------------------------------------------------------
- | Author: Stephane RAJALU
- | Copyright (c) 2008-2009, Stephane RAJALU All Rights Reserved
- |------------------------------------------------------------------------------------------------------------
- | License: Distributed under the CECILL V2 License
- | This program is distributed in the hope that it will be useful - WITHOUT
- | ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- | FITNESS FOR A PARTICULAR PURPOSE.
- |
- | Please read Licence_CeCILL_V2-en.txt
- | SVP lisez Licence_CeCILL_V2-fr.txt
- |------------------------------------------------------------------------------------------------------------
- */
- if ( !defined('PROTECT') )
- {
- die("Tentative de Hacking");
- }
-
- //
- // supprime les entites HTML incompletes
- function clean_amp($chaine){
- return str_replace('amp;','',$chaine);
- }
-
- //
- // Protection des quotes si la propriete magic_quotes n'est pas activee
- // Nettoyage des clefs si des & apparaissent
- function protection_variables()
- {
- foreach ($_GET as $key=>$val){
- $key = clean_amp($key);
- if (!is_array($val)) $_GET[$key] = (!get_magic_quotes_gpc())? addslashes($val):$val;
- }
- foreach ($_POST as $key=>$val){
- $key = clean_amp($key);
- if (!is_array($val)) $_POST[$key] = (!get_magic_quotes_gpc())? addslashes($val):$val;
- }
- }
-
- //
- // Fonction nettoyant les saisies de tous les caracteres non imprimables et des codes pouvant
- // Porter atteinte ? l'intégrité du code.
- // SOURCE de la fonction : http://ha.ckers.org/xss.html
- function RemoveXSS($val) {
-
- return $val;
- /*return htmlspecialchars($val);
- // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed
- // this prevents some character re-spacing such as <java\0script>
- // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs
-
- // $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val);
-
- // straight replacements, the user should never need these since they're normal characters
- // this prevents like <IMG SRC=@avascript:alert('XSS')>
- $search = 'abcdefghijklmnopqrstuvwxyz';
- $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
- $search .= '1234567890!@#$%^&*()';
- $search .= '~`";:,?+/={}[]-_|\'\\';
- for ($i = 0; $i < strlen($search); $i++){
- // ;? matches the ;, which is optional
- // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars
- // @ @ search for the hex values
- $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ;
- // @ @ 0{0,7} matches '0' zero to seven times
- $val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ;
- }
- return $val;*/
- }
-
- //
- // REMPLACEMENT des caracteres accentues par leur equivalent HTML
- function str_to_html($chaine,$blocage_conversion=false)
- {
- global $cf;
- if ($blocage_conversion == false){
- $chaine = mb_convert_encoding($chaine, $cf->config['charset'], mb_detect_encoding($chaine));
- }
- return str_replace(array('á','?','â','?','ä','é','?','?','ë','ç','?','ó','?','ô','?','ö','?','í','î','?','ú','?','?','ü'),
- array( 'á','à','â','ã','ä','é','è','ê','ë','ç','ñ',
- 'ó','ò','ô','õ','ö','í','ì','î','ï','ú','ù','û','ü'),$chaine);
- }
- // fonction inverse a la precedente
- function html_to_str($chaine,$blocage_conversion=false)
- {
- global $cf;
- if ($blocage_conversion == true){
- $chaine = mb_convert_encoding($chaine, $cf->config['charset'], mb_detect_encoding($chaine));
- }
- return str_replace(array('á','à','â','ã','ä','é','è','ê','ë','ç','ñ',
- 'ó','ò','ô','õ','ö','í','ì','î','ï','ú','ù','û','ü'),
- array('á','?','â','?','ä','é','?','?','ë','ç','?','ó','?','ô','?','ö','?','í','î','?','ú','?','?','ü'),$chaine);
- }
-
- function conversion_charset($chaine){
- global $cf;
- $chaine = mb_convert_encoding($chaine, $cf->config['charset'], "auto");
- return $chaine;
- }
- //
- // REMPLACEMENT des caracteres Accentues par leur equivalent sans accent
- function supprimer_accents($chaine)
- {
- global $cf;
- $chaine = strtr($chaine,array(
- '?'=>'Y','?'=>'s','?'=>'A','?'=>'a','?'=>'A','?'=>'a','?'=>'o','?'=>'a','á'=>'a','â'=>'a','?'=>'a','ä'=>'a','ç'=>'c',
- '?'=>'e','é'=>'e','?'=>'e','ë'=>'e','?'=>'i','í'=>'i','î'=>'i','?'=>'i','?'=>'n','?'=>'o','ó'=>'o','ô'=>'o','?'=>'o',
- 'ö'=>'o','?'=>'u','ú'=>'u','?'=>'u','ü'=>'u','ý'=>'y','?'=>'y','?'=>'A','Á'=>'A','Â'=>'A','?'=>'A','Ä'=>'A','Ç'=>'C',
- '?'=>'E','É'=>'E','?'=>'E','Ë'=>'E','?'=>'I','Í'=>'I','Î'=>'I','?'=>'I','?'=>'N','?'=>'O','Ó'=>'O','Ô'=>'O','?'=>'O',
- 'Ö'=>'O','?'=>'U','Ú'=>'U','?'=>'U','Ü'=>'U','Ý'=>'Y'));
- //$chaine = strtr($chaine, '?áâ?äç?é?ë?íî???óô?ö?ú?üý??ÁÂ?ÄÇ?É?Ë?ÍÎ???ÓÔ?Ö?Ú?ÜÝ', 'aaaaaceeeeiiiinooooouuuuyyAAAAACEEEEIIIINOOOOOUUUUY');
- return $chaine;
- }
-
- //
- // fonctions de nettoyage de saisies(
- function nettoyage_nom($username){
- return protection_chaine(substr(trim($username), 0, 30));
- }
- function nettoyage_mail($mail){ return htmlentities(trim($mail));}
- function nettoyage_pass($pass){ return htmlspecialchars(trim($pass));}
- function protection_chaine($chaine){
- global $cf;
- if (!is_string($chaine)) return $chaine;
- if (!isset($cf->config)) $cf->config['charset'] = 'UTF-8';
- //if (mb_detect_encoding($chaine) != "ISO-8859-1"){ $chaine = mb_convert_encoding($chaine,"ISO-8859-1","auto"); }
- $chaine = htmlentities($chaine,ENT_QUOTES,$cf->config['charset']);
- //$chaine = mb_convert_encoding($chaine,$cf->config['charset'],"ISO-8859-1");
- return $chaine;
- }
-
- //
- // Rend les URL cliquables
- function url_cliquable($chaine){ return preg_replace("/([[:alnum:]]+):\/\/([^[:space:]]*)([[:alnum:]#?\/&=])/i",'<a href="\\1://\\2\\3">\\2\\3</a>',$chaine);}