| Server IP : 15.235.198.142 / Your IP : 216.73.216.125 Web Server : Apache/2.4.58 (Ubuntu) System : Linux ballsack 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64 User : www-data ( 33) PHP Version : 8.3.6 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : OFF Directory : /var/www/rhodeworks/wp-content/plugins/nextgen-gallery/src/DataStorage/ |
Upload File : |
<?php
namespace Imagely\NGG\DataStorage;
class Sanitizer {
public static function strip_html( $data, $just_scripts = false ) {
// NGG 3.3.11 fix. Some of the data persisted with 3.3.11 didn't strip out all HTML.
if ( strpos( $data, 'ngg_data_strip_html_placeholder' ) !== false ) {
if ( class_exists( 'DomDocument' ) ) {
$dom = new \DOMDocument( '1.0', 'UTF-8' );
$dom->loadHTML( $data );
$el = $dom->getElementById( 'ngg_data_strip_html_placeholder' );
$parts = array_map(
function ( $el ) use ( $dom ) {
$part = $dom->saveHTML( $el );
return $part instanceof \DOMText ? $part->data : (string) $part;
},
$el->childNodes ? iterator_to_array( $el->childNodes ) : []
);
return self::strip_html( implode( ' ', $parts ), $just_scripts );
} else {
return \wp_strip_all_tags( $data );
}
}
// Remove all HTML elements.
if ( ! $just_scripts ) {
return \wp_strip_all_tags( $data );
} elseif ( class_exists( 'DOMDocument' ) ) {
// Remove unsafe HTML. This can generate a *lot* of warnings when given improper texts.
libxml_use_internal_errors( true );
libxml_clear_errors();
$config = \HTMLPurifier_Config::createDefault();
$config->set( 'Cache.DefinitionImpl', null );
$purifier = new \HTMLPurifier( $config );
$default_return = $purifier->purify( $data );
return \apply_filters( 'ngg_html_sanitization', $default_return, $data );
} else {
// wp_strip_all_tags() is misleading in a way - it only removes <script> and <style> tags.
return \wp_strip_all_tags( $data, true );
}
}
}