403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/sender/lib/security/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/sender/lib/security/sanitizer.php
<?php
/**
 * Bitrix Framework
 * @package bitrix
 * @subpackage sender
 * @copyright 2001-2012 Bitrix
 */
namespace Bitrix\Sender\Security;

use Bitrix\Main\Loader;
use Bitrix\Fileman;

/**
 * Class Sanitizer
 * @package Bitrix\Sender\Security
 */
class Sanitizer
{
	/**
	 * Clean html.
	 *
	 * @param string $html Html text.
	 * @param string $previousHtml Previous html text.
	 * @param User $user User instance.
	 * @return string|null
	 */
	public static function sanitizeHtml($html, $previousHtml = '', User $user = null)
	{
		$html = self::cleanHtml($html);
		return self::removePhp($html, $previousHtml, $user);
	}

	/**
	 * Clean html.
	 *
	 * @param string $html Html text.
	 * @return string|null
	 */
	public static function cleanHtml($html)
	{
		if (!$html || !is_string($html))
		{
			return null;
		}

		$html = preg_replace('/<(script|iframe)(.*?)>(.*?)(<\\/\\1.*?>)/is', '', $html);
		if (Loader::includeModule('fileman'))
		{
			if (
				Loader::includeModule('security')
				&& !Fileman\Block\Editor::isContentSupported($html)
				&& !Fileman\Block\Content\SliceConverter::isValid($html)
			)
			{
				$sanitizer = new \Bitrix\Security\Filter\Auditor\SimpleXss();
				if ($sanitizer->process($html))
				{
					$html = $sanitizer->getFilteredValue();
				}
			}
			else
			{
				$html = Fileman\Block\Content\SliceConverter::sanitize($html);
			}
		}

		return $html;
	}

	/**
	 * Fix replaced style tags and attributes.
	 *
	 * @param string $html Html text.
	 * @return string|null
	 */
	public static function fixReplacedStyles($html)
	{
		return str_replace(
			[
				'<st yle>',
				'<st yle ',
				'<st yle	',
				' st yle="',
				'	st yle="',
				' st yle=\'',
				'	st yle=\'',
			],
			[
				'<style>',
				'<style ',
				'<style	',
				' style="',
				'	style="',
				' style=\'',
				'	style=\'',
			],
			$html,
		);
	}

	/**
	 * Fix template styles.
	 *
	 * @param string $html Html text.
	 * @return string|null
	 */
	public static function fixTemplateStyles($html)
	{
		$html = str_replace('<body class="">{}', '<body class="">', $html);
		$html = str_replace('</style>{}', '</style>', $html);

		if (!$html)
		{
			return $html;
		}

		$html = preg_replace('/<st yle.*?>(.*?)<\/style>/is', '</style>', $html);
		$html = preg_replace('/<\/style>([\s]*?)<\/style>/is', '</style>', $html);

		return $html;
	}

	/**
	 * Remove php from string with checking operations edit_php and lpa_template_edit
	 *
	 * @param string $string String.
	 * @param User $user User instance.
	 * @return bool
	 */
	public static function removePhp($string = '', $previousString, User $user = null)
	{
		$user = $user ?: User::current();
		Loader::includeModule('fileman');
		return Fileman\Block\EditorMail::removePhpFromHtml(
			$string,
			$previousString,
			$user->canEditPhp(),
			$user->canUseLpa()
		);
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit