1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* Clean.php |
4
|
|
|
* |
5
|
|
|
* -Description- |
6
|
|
|
* |
7
|
|
|
* This program is free software: you can redistribute it and/or modify |
8
|
|
|
* it under the terms of the GNU General Public License as published by |
9
|
|
|
* the Free Software Foundation, either version 3 of the License, or |
10
|
|
|
* (at your option) any later version. |
11
|
|
|
* |
12
|
|
|
* This program is distributed in the hope that it will be useful, |
13
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
14
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the |
15
|
|
|
* GNU General Public License for more details. |
16
|
|
|
* |
17
|
|
|
* You should have received a copy of the GNU General Public License |
18
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
19
|
|
|
* |
20
|
|
|
* @package LibreNMS |
21
|
|
|
* @link http://librenms.org |
22
|
|
|
* @copyright 2019 Tony Murray |
23
|
|
|
* @author Tony Murray <[email protected]> |
24
|
|
|
*/ |
25
|
|
|
|
26
|
|
|
namespace LibreNMS\Util; |
27
|
|
|
|
28
|
|
|
use HTMLPurifier; |
29
|
|
|
use HTMLPurifier_Config; |
30
|
|
|
use LibreNMS\Config; |
31
|
|
|
|
32
|
|
|
class Clean |
33
|
|
|
{ |
34
|
|
|
/** |
35
|
|
|
* Sanitize file name by removing all invalid characters. |
36
|
|
|
* Does not make the string safe for javascript or sql! |
37
|
|
|
* |
38
|
|
|
* @param string $file |
39
|
|
|
* @return string|string[]|null |
40
|
|
|
*/ |
41
|
|
|
public static function fileName($file) |
42
|
|
|
{ |
43
|
|
|
return preg_replace('/[^a-zA-Z0-9\-._]/', '', $file); |
44
|
|
|
} |
45
|
|
|
|
46
|
|
|
/** |
47
|
|
|
* Clean a string for display in an html page. |
48
|
|
|
* For use in non-blade pages |
49
|
|
|
* |
50
|
|
|
* @param $value |
51
|
|
|
* @param array $purifier_config (key, value pair) |
52
|
|
|
* @return string |
53
|
|
|
*/ |
54
|
|
|
public static function html($value, $purifier_config = []) |
55
|
|
|
{ |
56
|
|
|
/** @var HTMLPurifier $purifier */ |
57
|
|
|
static $purifier; |
58
|
|
|
|
59
|
|
|
// If $purifier_config is non-empty then we don't want |
60
|
|
|
// to convert html tags and allow these to be controlled |
61
|
|
|
// by purifier instead. |
62
|
|
|
if (empty($purifier_config)) { |
63
|
|
|
$value = htmlentities($value); |
64
|
|
|
} |
65
|
|
|
|
66
|
|
|
if (!isset($purifier)) { |
67
|
|
|
// initialize HTML Purifier here since this is the only user |
68
|
|
|
$p_config = HTMLPurifier_Config::createDefault(); |
69
|
|
|
$p_config->set('Cache.SerializerPath', Config::get('temp_dir', '/tmp')); |
70
|
|
|
foreach ($purifier_config as $k => $v) { |
71
|
|
|
$p_config->set($k, $v); |
72
|
|
|
} |
73
|
|
|
$purifier = new HTMLPurifier($p_config); |
74
|
|
|
} |
75
|
|
|
|
76
|
|
|
return $purifier->purify(stripslashes($value)); |
77
|
|
|
} |
78
|
|
|
} |
79
|
|
|
|