videodb/core/security.php

<?php
/**
 * Security functions
 *
 * @package Core
 * @author  Andreas Goetz   <cpuidle@gmx.de>
 * @author  tREXX           <www.trexx.ch>
 * @version $Id: security.php,v 1.2 2008/01/05 13:50:58 andig2 Exp $
 */

/**
 * Allow these tags
 */
$allowedTags = '<h1><h2><h3><h4><b><strong><i><a><ol><ul><li><pre><hr><blockquote>';

/**
 * Disallow these attributes/prefix within a tag
 */
$stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'.
               'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup';

/**
 * @return string
 * @param string
 * @desc Strip forbidden attributes from a tag
 */
function removeEvilAttributes($tagSource)
{
    global $stripAttrib;
    return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));
}

/**
 * @return string
 * @param string
 * @desc Strip forbidden attributes from an array of matches for an expression like (<)(.*?)(>)
 */
function _callbackRemoveEvilAttributes($matches)
{
    return $matches[1] . removeEvilAttributes($matches[2]) . $matches[3];
}

/**
 * @return string
 * @param string
 * @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes()
 */
function removeEvilTags($source)
{
    global $allowedTags;
    if (!is_null($source))
    {    
        $source = strip_tags($source, $allowedTags);
        return preg_replace_callback('/(<)(.*?)(>)/i', "_callbackRemoveEvilAttributes", $source);
    }
    return $source;
}

?>
feat: add videodb media index with Docker stack - Add videodb PHP/MySQL media collection manager (Blu-ray, DVD, CD) - Dockerfile: PHP 8.1 + Apache with GD/mysqli/exif extensions - docker-compose.yml: app on port 6761 + MySQL 8.0 with health checks - docker-entrypoint.sh: auto-generates config.inc.php from env vars, waits for MySQL, initializes DB schema idempotently - init-db.php: CLI schema installer using app's own prefix_query() logic - Persistent volumes for DB, cache, and cover images Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> 2026-05-11 09:49:52 +02:00			`<?php`
			`/**`
			`* Security functions`
			`*`
			`* @package Core`
			`* @author Andreas Goetz <cpuidle@gmx.de>`
			`* @author tREXX <www.trexx.ch>`
			`* @version $Id: security.php,v 1.2 2008/01/05 13:50:58 andig2 Exp $`
			`*/`

			`/**`
			`* Allow these tags`
			`*/`
			`$allowedTags = '<h1><h2><h3><h4><b><strong><i><a><ol><ul><li><pre><hr><blockquote>';`

			`/**`
			`* Disallow these attributes/prefix within a tag`
			`*/`
			`$stripAttrib = 'javascript:\|onclick\|ondblclick\|onmousedown\|onmouseup\|onmouseover\|'.`
			`'onmousemove\|onmouseout\|onkeypress\|onkeydown\|onkeyup';`

			`/**`
			`* @return string`
			`* @param string`
			`* @desc Strip forbidden attributes from a tag`
			`*/`
			`function removeEvilAttributes($tagSource)`
			`{`
			`global $stripAttrib;`
			`return stripslashes(preg_replace("/$stripAttrib/i", 'forbidden', $tagSource));`
			`}`

			`/**`
			`* @return string`
			`* @param string`
			`* @desc Strip forbidden attributes from an array of matches for an expression like (<)(.*?)(>)`
			`*/`
			`function _callbackRemoveEvilAttributes($matches)`
			`{`
			`return $matches[1] . removeEvilAttributes($matches[2]) . $matches[3];`
			`}`

			`/**`
			`* @return string`
			`* @param string`
			`* @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes()`
			`*/`
			`function removeEvilTags($source)`
			`{`
			`global $allowedTags;`
			`if (!is_null($source))`
			`{`
			`$source = strip_tags($source, $allowedTags);`
			`return preg_replace_callback('/(<)(.*?)(>)/i', "_callbackRemoveEvilAttributes", $source);`
			`}`
			`return $source;`
			`}`

			`?>`