typo
[phpmyadmin/arisferyanto.git] / libraries / sanitizing.lib.php
blob2b54bf197c42d11f09759e1bb58c5aa4d34e4327
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * This is in a separate script because it's called from a number of scripts
6 * @version $Id$
7 * @package phpMyAdmin
8 */
10 /**
11 * Sanitizes $message, taking into account our special codes
12 * for formatting
14 * @uses preg_replace()
15 * @uses strtr()
16 * @param string the message
18 * @return string the sanitized message
20 * @access public
22 function PMA_sanitize($message)
24 $replace_pairs = array(
25 '<' => '&lt;',
26 '>' => '&gt;',
27 '[i]' => '<em>', // deprecated by em
28 '[/i]' => '</em>', // deprecated by em
29 '[em]' => '<em>',
30 '[/em]' => '</em>',
31 '[b]' => '<strong>', // deprecated by strong
32 '[/b]' => '</strong>', // deprecated by strong
33 '[strong]' => '<strong>',
34 '[/strong]' => '</strong>',
35 '[tt]' => '<code>', // deprecated by CODE or KBD
36 '[/tt]' => '</code>', // deprecated by CODE or KBD
37 '[code]' => '<code>',
38 '[/code]' => '</code>',
39 '[kbd]' => '<kbd>',
40 '[/kbd]' => '</kbd>',
41 '[br]' => '<br />',
42 '[/a]' => '</a>',
43 '[sup]' => '<sup>',
44 '[/sup]' => '</sup>',
46 $message = strtr($message, $replace_pairs);
48 $pattern = '/\[a@([^"@]*)@([^]"]*)\]/';
50 if (preg_match_all($pattern, $message, $founds, PREG_SET_ORDER)) {
51 $valid_links = array(
52 'http', // default http:// links (and https://)
53 './Do', // ./Documentation
56 foreach ($founds as $found) {
57 // only http... and ./Do... allowed
58 if (! in_array(substr($found[1], 0, 4), $valid_links)) {
59 return $message;
61 // a-z and _ allowed in target
62 if (! empty($found[2]) && preg_match('/[^a-z_]+/i', $found[2])) {
63 return $message;
67 $message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
70 return $message;