1C-Bitrix 25.700.0
Загрузка...
Поиск...
Не найдено
sanitizer.php
См. документацию.
1<?php
8namespace Bitrix\Sender\Security;
9
10use Bitrix\Main\Loader;
11use Bitrix\Fileman;
12
17class Sanitizer
18{
27 public static function sanitizeHtml($html, $previousHtml = '', User $user = null)
28 {
29 $html = self::cleanHtml($html);
30 return self::removePhp($html, $previousHtml, $user);
31 }
32
39 public static function cleanHtml($html)
40 {
41 if (!$html || !is_string($html))
42 {
43 return null;
44 }
45
46 $html = preg_replace('/<(script|iframe)(.*?)>(.*?)(<\\/\\1.*?>)/is', '', $html);
47 if (Loader::includeModule('fileman'))
48 {
49 if (
50 Loader::includeModule('security')
51 && !Fileman\Block\Editor::isContentSupported($html)
52 && !Fileman\Block\Content\SliceConverter::isValid($html)
53 )
54 {
55 $sanitizer = new \Bitrix\Security\Filter\Auditor\SimpleXss();
56 if ($sanitizer->process($html))
57 {
58 $html = $sanitizer->getFilteredValue();
59 }
60 }
61 else
62 {
63 $html = Fileman\Block\Content\SliceConverter::sanitize($html);
64 }
65 }
66
67 return $html;
68 }
69
76 public static function fixReplacedStyles($html)
77 {
78 return str_replace(
79 [
80 '<st yle>',
81 '<st yle ',
82 '<st yle ',
83 ' st yle="',
84 ' st yle="',
85 ' st yle=\'',
86 ' st yle=\'',
87 ],
88 [
89 '<style>',
90 '<style ',
91 '<style ',
92 ' style="',
93 ' style="',
94 ' style=\'',
95 ' style=\'',
96 ],
97 $html,
98 );
99 }
100
107 public static function fixTemplateStyles($html)
108 {
109 $html = str_replace('<body class="">{}', '<body class="">', $html);
110 $html = str_replace('</style>{}', '</style>', $html);
111
112 if (!$html)
113 {
114 return $html;
115 }
116
117 $html = preg_replace('/<st yle.*?>(.*?)<\/style>/is', '</style>', $html);
118 $html = preg_replace('/<\/style>([\s]*?)<\/style>/is', '</style>', $html);
119
120 return $html;
121 }
122
130 public static function removePhp($string = '', $previousString, User $user = null)
131 {
132 $user = $user ?: User::current();
133 Loader::includeModule('fileman');
134 return Fileman\Block\EditorMail::removePhpFromHtml(
135 $string,
136 $previousString,
137 $user->canEditPhp(),
138 $user->canUseLpa()
139 );
140 }
141}
Bitrix\Fileman\Block\Content\SliceConverter\sanitize
static sanitize($string)
Определения sliceconverter.php:99
Bitrix\Fileman\Block\EditorMail\removePhpFromHtml
static removePhpFromHtml($html, $previousHtml=null, $canEditPhp=false, $canUseLpa=false)
Определения editormail.php:81
Bitrix\Sender\Search\Content
Определения content.php:13
Bitrix\Sender\Security\Sanitizer\removePhp
static removePhp($string='', $previousString, User $user=null)
Определения sanitizer.php:130
Bitrix\Sender\Security\Sanitizer\fixTemplateStyles
static fixTemplateStyles($html)
Определения sanitizer.php:107
Bitrix\Sender\Security\Sanitizer\sanitizeHtml
static sanitizeHtml($html, $previousHtml='', User $user=null)
Определения sanitizer.php:27
Bitrix\Sender\Security\Sanitizer\fixReplacedStyles
static fixReplacedStyles($html)
Определения sanitizer.php:76
Bitrix\Sender\Security\Sanitizer\cleanHtml
static cleanHtml($html)
Определения sanitizer.php:39
Bitrix\Sender\Security\User\current
static current()
Определения user.php:47
Bitrix\Main\$user
$user
Определения mysql_to_pgsql.php:33