Translation update done using Pootle.
[phpmyadmin/dkf.git] / libraries / sanitizing.lib.php
blobeb8696d95ecac3b9eed6a43195d5566ed2b83ec4
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * This is in a separate script because it's called from a number of scripts
6 * @package phpMyAdmin
7 */
9 /**
10 * Sanitizes $message, taking into account our special codes
11 * for formatting.
13 * If you want to include result in element attribute, you should escape it.
15 * Examples:
17 * <p><?php echo PMA_sanitize($foo); ?></p>
19 * <a title="<?php echo PMA_sanitize($foo, true); ?>">bar</a>
21 * @uses preg_replace()
22 * @uses strtr()
23 * @param string the message
24 * @param boolean whether to escape html in result
26 * @return string the sanitized message
28 * @access public
30 function PMA_sanitize($message, $escape = false)
32 $replace_pairs = array(
33 '<' => '&lt;',
34 '>' => '&gt;',
35 '[i]' => '<em>', // deprecated by em
36 '[/i]' => '</em>', // deprecated by em
37 '[em]' => '<em>',
38 '[/em]' => '</em>',
39 '[b]' => '<strong>', // deprecated by strong
40 '[/b]' => '</strong>', // deprecated by strong
41 '[strong]' => '<strong>',
42 '[/strong]' => '</strong>',
43 '[tt]' => '<code>', // deprecated by CODE or KBD
44 '[/tt]' => '</code>', // deprecated by CODE or KBD
45 '[code]' => '<code>',
46 '[/code]' => '</code>',
47 '[kbd]' => '<kbd>',
48 '[/kbd]' => '</kbd>',
49 '[br]' => '<br />',
50 '[/a]' => '</a>',
51 '[sup]' => '<sup>',
52 '[/sup]' => '</sup>',
54 $message = strtr($message, $replace_pairs);
56 $pattern = '/\[a@([^"@]*)@([^]"]*)\]/';
58 if (preg_match_all($pattern, $message, $founds, PREG_SET_ORDER)) {
59 $valid_links = array(
60 'http', // default http:// links (and https://)
61 './Do', // ./Documentation
64 foreach ($founds as $found) {
65 // only http... and ./Do... allowed
66 if (! in_array(substr($found[1], 0, 4), $valid_links)) {
67 return $message;
69 // a-z and _ allowed in target
70 if (! empty($found[2]) && preg_match('/[^a-z_]+/i', $found[2])) {
71 return $message;
75 $message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
78 if ($escape) {
79 $message = htmlspecialchars($message);
82 return $message;