source: spip-zone/_plugins_/sanitizer/sanitizer.php @ 111226

Last change on this file since 111226 was 111226, checked in by devmutu@…, 3 years ago

Initialisation : sanitize user input from the backend and prevents some XSS attack

File size: 1.8 KB
Line 
1<?php
2
3
4/**
5 * Déclarations des tables et objets au compilateur
6 *
7 * @package SPIP\Core\Pipelines
8 **/
9
10if (!defined('_ECRIRE_INC_VERSION')) {
11    return;
12}
13
14/**
15 * Interfaces de la table forum pour le compilateur
16 * @seeAlso safehtml($t)
17 * @pipeline declarer_tables_interfaces
18 * @param array $interfaces
19 * @return array $interfaces
20 */
21function sanitizer_declarer_tables_interfaces($interfaces) {
22    // better protect the backend input field
23    /**
24     * articles
25     */
26    $interfaces['table_des_traitements']['TITRE']['articles'] = str_replace("%s","sanitizerFilterText(%s)", _TRAITEMENT_TYPO_SANS_NUMERO);
27    $interfaces['table_des_traitements']['TEXTE']['articles'] = str_replace("%s", "sanitizerFilterText(%s)", _TRAITEMENT_RACCOURCIS);
28    $interfaces['table_des_traitements']['DESCRIPTIF']['articles'] = str_replace("%s","sanitizerFilterText(%s)", _TRAITEMENT_RACCOURCIS);
29    $interfaces['table_des_traitements']['CHAPO']['articles'] = str_replace("%s","sanitizerFilterText(%s)", _TRAITEMENT_RACCOURCIS);
30    $interfaces['table_des_traitements']['PS']['articles'] = str_replace("%s","sanitizerFilterText(%s)", _TRAITEMENT_RACCOURCIS);
31
32    /**
33     * evenement
34     */
35    $interfaces['table_des_traitements']['TITRE']['evenements'] = str_replace("%s","sanitizerFilterText(%s)", _TRAITEMENT_TYPO_SANS_NUMERO);
36
37    $interfaces['table_des_traitements']['LIEU']['evenements'] = str_replace("%s","sanitizerFilterText(%s)", _TRAITEMENT_TYPO_SANS_NUMERO);
38    $interfaces['table_des_traitements']['ADRESSE']['evenements'] = str_replace("%s","sanitizerFilterText(%s)", _TRAITEMENT_RACCOURCIS);
39    return $interfaces;
40}
41
42/**
43 * Filter out scripts
44 * @param $s
45 * @return mixed
46 */
47function sanitizerFilterText($s) {
48    $s =  interdire_scripts($s);
49    $s =  echappe_js($s);
50    return $s;
51}
Note: See TracBrowser for help on using the repository browser.