X-Git-Url: http://git.dj3c1t.com/?a=blobdiff_plain;f=mw%2Fenv%2Fmodules%2Fmw_env_inputs.php;fp=mw%2Fenv%2Fmodules%2Fmw_env_inputs.php;h=e29720cb5fe2a993e54c64b0212f2067eb584b41;hb=36ed114046cbe3d72a3589230e9f306a54fcc79d;hp=0000000000000000000000000000000000000000;hpb=281c96e95451269f2614684b8de5be25862c8374;p=mtweb

diff --git a/mw/env/modules/mw_env_inputs.php b/mw/env/modules/mw_env_inputs.php
new file mode 100644
index 0000000..e29720c
--- /dev/null
+++ b/mw/env/modules/mw_env_inputs.php
@@ -0,0 +1,43 @@
+<?php
+
+  class mw_env_inputs extends mw_env{
+
+    function prepare_inputs(){
+      if($_POST){
+        require_once $this->path("mw_dir")."libs/inputfilter.php";
+        $allowed_tags = array(
+          "p", "span", "pre", "blockquote", "address", "hr", "br",
+          "img",
+          "strong", "em", "u", "i", "b", "s",
+          "a",
+          "ul", "ol", "li",
+          "h1", "h2", "h3", "h4", "h5", "h6"
+        );
+        $allowed_attrs = array(
+          "style",
+          "src", "alt", "width", "height",
+          "href", "title"
+        );
+        $input_filter = new InputFilter($allowed_tags, $allowed_attrs);
+        $_POST = $input_filter->process($_POST);
+      }
+      if($_FILES){
+        foreach($_FILES as $file_key => $file_infos){
+          $v_name = explode(".", $file_infos["name"]);
+          $ext = strtolower($v_name[count($v_name) - 1]);
+          if(
+               $ext != "png"
+            && $ext != "jpg"
+            && $ext != "jpeg"
+            && $ext != "gif"
+          ){
+            unset($_FILES[$file_key]);
+          }
+        }
+      }
+      return true;
+    }
+
+  }
+
+?>
\ No newline at end of file