406 } |
406 } |
407 |
407 |
408 function sanitize_html($text) |
408 function sanitize_html($text) |
409 { |
409 { |
410 $text = htmlspecialchars($text); |
410 $text = htmlspecialchars($text); |
411 $allowed_tags = Array('b', 'i', 'u', 'pre', 'code', 'tt', 'br', 'p', 'nowiki', '!--([^.]+)--'); |
411 $allowed_tags = Array('b', 'i', 'u', 'pre', 'code', 'tt', 'br', 'p', 'nowiki', '!--([\w\W]+)--'); |
412 foreach($allowed_tags as $t) |
412 foreach($allowed_tags as $t) |
413 { |
413 { |
414 $text = preg_replace('#<'.$t.'>(.*?)</'.$t.'>#is', '<'.$t.'>\\1</'.$t.'>', $text); |
414 $text = preg_replace('#<'.$t.'>(.*?)</'.$t.'>#is', '<'.$t.'>\\1</'.$t.'>', $text); |
415 $text = preg_replace('#<'.$t.' />#is', '<'.$t.' />', $text); |
415 $text = preg_replace('#<'.$t.' />#is', '<'.$t.' />', $text); |
416 $text = preg_replace('#<'.$t.'>#is', '<'.$t.'>', $text); |
416 $text = preg_replace('#<'.$t.'>#is', '<'.$t.'>', $text); |
417 } |
417 } |
|
418 return $text; |
|
419 } |
|
420 |
|
421 /** |
|
422 * Parses internal links (wikilinks) in a block of text. |
|
423 * @param string Text to process |
|
424 * @return string |
|
425 */ |
|
426 |
|
427 function parse_internal_links($text) |
|
428 { |
|
429 |
|
430 // stage 1 - links with alternate text |
|
431 preg_match_all('/\[\[([^\[\]<>\{\}\|]+)\|(.+?)\]\]/', $text, $matches); |
|
432 foreach ( $matches[0] as $i => $match ) |
|
433 { |
|
434 list($page_id, $namespace) = RenderMan::strToPageID($matches[1][$i]); |
|
435 $pid_clean = $paths->nslist[$namespace] . sanitize_page_id($page_id); |
|
436 |
|
437 $url = makeUrl($pid_clean, false, true); |
|
438 $inner_text = $matches[2][$i]; |
|
439 $quot = '"'; |
|
440 $exists = ( isPage($pid_clean) ) ? '' : ' class="wikilink-nonexistent"'; |
|
441 |
|
442 $link = "<a href={$quot}{$url}{$quot}{$exists}>{$inner_text}</a>"; |
|
443 |
|
444 $text = str_replace($match, $link, $text); |
|
445 } |
|
446 |
|
447 // stage 2 - links with no alternate text |
|
448 preg_match_all('/\[\[([^\[\]<>\{\}\|]+)\]\]/', $text, $matches); |
|
449 foreach ( $matches[0] as $i => $match ) |
|
450 { |
|
451 list($page_id, $namespace) = RenderMan::strToPageID($matches[1][$i]); |
|
452 $pid_clean = $paths->nslist[$namespace] . sanitize_page_id($page_id); |
|
453 |
|
454 $url = makeUrl($matches[1][$i], false, true); |
|
455 $inner_text = htmlspecialchars(get_page_title($pid_clean)); |
|
456 $quot = '"'; |
|
457 $exists = ( isPage($pid_clean) ) ? '' : ' class="wikilink-nonexistent"'; |
|
458 |
|
459 $link = "<a href={$quot}{$url}{$quot}{$exists}>{$inner_text}</a>"; |
|
460 |
|
461 $text = str_replace($match, $link, $text); |
|
462 } |
|
463 |
418 return $text; |
464 return $text; |
419 } |
465 } |
420 |
466 |
421 /* * |
467 /* * |
422 * Replaces template inclusions with the templates |
468 * Replaces template inclusions with the templates |