PageRenderTime 25ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/fonctions/fct_chaines.php

http://malleo-cms.googlecode.com/
PHP | 141 lines | 71 code | 8 blank | 62 comment | 9 complexity | a0a8ec1ce74e032e74df4457baf1db8f MD5 | raw file
Possible License(s): LGPL-3.0, LGPL-2.1 
    

  1. <?php

    2. 

  2. /*

    3. 

  3. |------------------------------------------------------------------------------------------------------------

    4. 

  4. | Software: Malleo ( CMS )

    5. 

  5. | Contact:  SP - http://www.malleo-cms.com

    6. 

  6. | Support: http://www.malleo-cms.com?module=forum

    7. 

  7. |  Documentation : Support: http://www.malleo-cms.com?module=wiki

    8. 

  8. |------------------------------------------------------------------------------------------------------------

    9. 

  9. |  Author: Stephane RAJALU

    10. 

  10. |  Copyright (c) 2008-2009, Stephane RAJALU All Rights Reserved

    11. 

  11. |------------------------------------------------------------------------------------------------------------

    12. 

  12. |  License: Distributed under the CECILL V2 License

    13. 

  13. |  This program is distributed in the hope that it will be useful - WITHOUT 

    14. 

  14. |  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 

    15. 

  15. |  FITNESS FOR A PARTICULAR PURPOSE. 

    16. 

  16. |

    17. 

  17. | Please read Licence_CeCILL_V2-en.txt

    18. 

  18. | SVP lisez Licence_CeCILL_V2-fr.txt

    19. 

  19. |------------------------------------------------------------------------------------------------------------

    20. 

  20. */

    21. 

  21. if ( !defined('PROTECT') )

    22. 

  22. {

    23. 

  23. 	die("Tentative de Hacking");

    24. 

  24. }

    25. 

  25. 

    26. 

  26. //

    27. 

  27. // supprime les entites HTML incompletes

    28. 

  28. function clean_amp($chaine){

    29. 

  29. 	return str_replace('amp;','',$chaine);

    30. 

  30. }

    31. 

  31. 

    32. 

  32. //

    33. 

  33. // Protection des quotes si la propriete magic_quotes n'est pas activee

    34. 

  34. // Nettoyage des clefs si des &amp; apparaissent

    35. 

  35. function protection_variables()

    36. 

  36. {

    37. 

  37. 	foreach ($_GET as $key=>$val){

    38. 

  38. 		$key = clean_amp($key);

    39. 

  39. 		if (!is_array($val)) $_GET[$key] = (!get_magic_quotes_gpc())? addslashes($val):$val;

    40. 

  40. 	}

    41. 

  41. 	foreach ($_POST as $key=>$val){

    42. 

  42. 		$key = clean_amp($key);

    43. 

  43. 		if (!is_array($val)) $_POST[$key] = (!get_magic_quotes_gpc())? addslashes($val):$val;

    44. 

  44. 	}

    45. 

  45. }

    46. 

  46. 

    47. 

  47. //

    48. 

  48. // Fonction nettoyant les saisies de tous les caracteres non imprimables et des codes pouvant 

    49. 

  49. // Porter atteinte ? l'intégrité du code.

    50. 

  50. // SOURCE de la fonction : http://ha.ckers.org/xss.html

    51. 

  51. function RemoveXSS($val) {

    52. 

  52. 

    53. 

  53. 	return $val;

    54. 

  54. 	/*return htmlspecialchars($val);

    55. 

  55.    // remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed 

    56. 

  56.    // this prevents some character re-spacing such as <java\0script> 

    57. 

  57.    // note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs 

    58. 

  58. 

    59. 

  59.   // $val = preg_replace('/([\x00-\x08,\x0b-\x0c,\x0e-\x19])/', '', $val); 

    60. 

  60.   

    61. 

  61.    // straight replacements, the user should never need these since they're normal characters 

    62. 

  62.    // this prevents like <IMG SRC=&#X40&#X61&#X76&#X61&#X73&#X63&#X72&#X69&#X70&#X74&#X3A&#X61&#X6C&#X65&#X72&#X74&#X28&#X27&#X58&#X53&#X53&#X27&#X29> 

    63. 

  63.    $search = 'abcdefghijklmnopqrstuvwxyz'; 

    64. 

  64.    $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; 

    65. 

  65.    $search .= '1234567890!@#$%^&*()'; 

    66. 

  66.    $search .= '~`";:,?+/={}[]-_|\'\\'; 

    67. 

  67.    for ($i = 0; $i < strlen($search); $i++){

    68. 

  68.       // ;? matches the ;, which is optional 

    69. 

  69.       // 0{0,7} matches any padded zeros, which are optional and go up to 8 chars 

    70. 

  70.       // &#x0040 @ search for the hex values 

    71. 

  71.       $val = preg_replace('/(&#[xX]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; 

    72. 

  72.       // &#00064 @ 0{0,7} matches '0' zero to seven times 

    73. 

  73.       $val = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; 

    74. 

  74.    }

    75. 

  75.     return $val;*/

    76. 

  76. }

    77. 

  77. 

    78. 

  78. //

    79. 

  79. // REMPLACEMENT des caracteres accentues par leur equivalent HTML

    80. 

  80. function str_to_html($chaine,$blocage_conversion=false)

    81. 

  81. {

    82. 

  82. 	global $cf;

    83. 

  83. 	if ($blocage_conversion == false){

    84. 

  84. 		$chaine = mb_convert_encoding($chaine, $cf->config['charset'], mb_detect_encoding($chaine));

    85. 

  85. 	}

    86. 

  86. 	return str_replace(array('á','?','â','?','ä','é','?','?','ë','ç','?','ó','?','ô','?','ö','?','í','î','?','ú','?','?','ü'),

    87. 

  87. 						array(	'&aacute;','&agrave;','&acirc;','&atilde;','&auml;','&eacute;','&egrave;','&ecirc;','&euml;','&ccedil;','&ntilde;',

    88. 

  88. 				'&oacute;','&ograve;','&ocirc;','&otilde;','&ouml;','&iacute;','&igrave;','&icirc;','&iuml;','&uacute;','&ugrave;','&ucirc;','&uuml;'),$chaine);

    89. 

  89. }

    90. 

  90. // fonction inverse a la precedente

    91. 

  91. function html_to_str($chaine,$blocage_conversion=false)

    92. 

  92. {

    93. 

  93. 	global $cf;

    94. 

  94. 	if ($blocage_conversion == true){

    95. 

  95. 		$chaine = mb_convert_encoding($chaine, $cf->config['charset'], mb_detect_encoding($chaine));

    96. 

  96. 	}

    97. 

  97. 	return str_replace(array('&aacute;','&agrave;','&acirc;','&atilde;','&auml;','&eacute;','&egrave;','&ecirc;','&euml;','&ccedil;','&ntilde;',

    98. 

  98. 				'&oacute;','&ograve;','&ocirc;','&otilde;','&ouml;','&iacute;','&igrave;','&icirc;','&iuml;','&uacute;','&ugrave;','&ucirc;','&uuml;'),

    99. 

  99. 				array('á','?','â','?','ä','é','?','?','ë','ç','?','ó','?','ô','?','ö','?','í','î','?','ú','?','?','ü'),$chaine);

    100. 

  100. }

    101. 

  101. 

    102. 

  102. function conversion_charset($chaine){

    103. 

  103. 	global $cf;

    104. 

  104. 	$chaine = mb_convert_encoding($chaine, $cf->config['charset'], "auto");

    105. 

  105. 	return $chaine;

    106. 

  106. }

    107. 

  107. //

    108. 

  108. // REMPLACEMENT des caracteres Accentues par leur equivalent sans accent

    109. 

  109. function supprimer_accents($chaine)

    110. 

  110. {

    111. 

  111. 	global $cf;

    112. 

  112.  	$chaine = strtr($chaine,array(

    113. 

  113. 	'?'=>'Y','?'=>'s','?'=>'A','?'=>'a','?'=>'A','?'=>'a','?'=>'o','?'=>'a','á'=>'a','â'=>'a','?'=>'a','ä'=>'a','ç'=>'c',

    114. 

  114. 	'?'=>'e','é'=>'e','?'=>'e','ë'=>'e','?'=>'i','í'=>'i','î'=>'i','?'=>'i','?'=>'n','?'=>'o','ó'=>'o','ô'=>'o','?'=>'o',

    115. 

  115. 	'ö'=>'o','?'=>'u','ú'=>'u','?'=>'u','ü'=>'u','ý'=>'y','?'=>'y','?'=>'A','Á'=>'A','Â'=>'A','?'=>'A','Ä'=>'A','Ç'=>'C',

    116. 

  116. 	'?'=>'E','É'=>'E','?'=>'E','Ë'=>'E','?'=>'I','Í'=>'I','Î'=>'I','?'=>'I','?'=>'N','?'=>'O','Ó'=>'O','Ô'=>'O','?'=>'O',

    117. 

  117. 	'Ö'=>'O','?'=>'U','Ú'=>'U','?'=>'U','Ü'=>'U','Ý'=>'Y'));

    118. 

  118. 	//$chaine = strtr($chaine,	'?áâ?äç?é?ë?íî???óô?ö?ú?üý??ÁÂ?ÄÇ?É?Ë?ÍÎ???ÓÔ?Ö?Ú?ÜÝ', 'aaaaaceeeeiiiinooooouuuuyyAAAAACEEEEIIIINOOOOOUUUUY');

    119. 

  119. 	return $chaine;

    120. 

  120. }

    121. 

  121. 

    122. 

  122. //

    123. 

  123. // fonctions de nettoyage de saisies(

    124. 

  124. function nettoyage_nom($username){

    125. 

  125.  	return protection_chaine(substr(trim($username), 0, 30));

    126. 

  126. }

    127. 

  127. function nettoyage_mail($mail){ 	return htmlentities(trim($mail));}

    128. 

  128. function nettoyage_pass($pass){ 	return htmlspecialchars(trim($pass));}

    129. 

  129. function protection_chaine($chaine){

    130. 

  130. 	global $cf;

    131. 

  131. 	if (!is_string($chaine)) return $chaine;

    132. 

  132. 	if (!isset($cf->config)) $cf->config['charset'] = 'UTF-8';

    133. 

  133. 	//if (mb_detect_encoding($chaine) != "ISO-8859-1"){ $chaine = mb_convert_encoding($chaine,"ISO-8859-1","auto"); }

    134. 

  134. 	$chaine = htmlentities($chaine,ENT_QUOTES,$cf->config['charset']);

    135. 

  135. 	//$chaine =  mb_convert_encoding($chaine,$cf->config['charset'],"ISO-8859-1");

    136. 

  136. 	return $chaine;

    137. 

  137. }

    138. 

  138. 

    139. 

  139. //

    140. 

  140. // Rend les URL cliquables

    141. 

  141. function url_cliquable($chaine){	return preg_replace("/([[:alnum:]]+):\/\/([^[:space:]]*)([[:alnum:]#?\/&=])/i",'<a href="\\1://\\2\\3">\\2\\3</a>',$chaine);}

    142. 

  142.