/**
* Sanitizes $message, taking into account our special codes
* for formatting.
*
* If you want to include result in element attribute, you should escape it.
*
* Examples:
*
* <p><?php echo Sanitize::sanitize($foo); ?></p>
*
* <a title="<?php echo Sanitize::sanitize($foo, true); ?>">bar</a>
*
* @param string $message the message
* @param boolean $escape whether to escape html in result
* @param boolean $safe whether string is safe (can keep < and > chars)
*
* @return string the sanitized message
*/
public static function sanitize($message, $escape = false, $safe = false)
{
if (!$safe) {
$message = strtr($message, array('<' => '<', '>' => '>'));
}
/* Interpret bb code */
$replace_pairs = array('[em]' => '<em>', '[/em]' => '</em>', '[strong]' => '<strong>', '[/strong]' => '</strong>', '[code]' => '<code>', '[/code]' => '</code>', '[kbd]' => '<kbd>', '[/kbd]' => '</kbd>', '[br]' => '<br />', '[/a]' => '</a>', '[/doc]' => '</a>', '[sup]' => '<sup>', '[/sup]' => '</sup>', '[conferr]' => '<iframe src="show_config_errors.php"><a href="show_config_errors.php">show_config_errors.php</a></iframe>', '[dochelpicon]' => Util::getImage('b_help.png', __('Documentation')));
$message = strtr($message, $replace_pairs);
/* Match links in bb code ([a@url@target], where @target is options) */
$pattern = '/\\[a@([^]"@]*)(@([^]"]*))?\\]/';
/* Find and replace all links */
$message = preg_replace_callback($pattern, function ($match) {
return Sanitize::replaceBBLink($match);
}, $message);
/* Replace documentation links */
$message = preg_replace_callback('/\\[doc@([a-zA-Z0-9_-]+)(@([a-zA-Z0-9_-]*))?\\]/', function ($match) {
return Sanitize::replaceDocLink($match);
}, $message);
/* Possibly escape result */
if ($escape) {
$message = htmlspecialchars($message);
}
return $message;
}
