bugfix stringcleaner array vs. object

This commit is contained in:
OpenXE 2023-11-07 09:44:44 +01:00
parent 2f646a7715
commit e737d69a77

View File

@ -1,451 +1,453 @@
<?php <?php
/* /*
**** COPYRIGHT & LICENSE NOTICE *** DO NOT REMOVE **** **** COPYRIGHT & LICENSE NOTICE *** DO NOT REMOVE ****
* *
* Xentral (c) Xentral ERP Sorftware GmbH, Fuggerstrasse 11, D-86150 Augsburg, * Germany 2019 * Xentral (c) Xentral ERP Sorftware GmbH, Fuggerstrasse 11, D-86150 Augsburg, * Germany 2019
* *
* This file is licensed under the Embedded Projects General Public License *Version 3.1. * This file is licensed under the Embedded Projects General Public License *Version 3.1.
* *
* You should have received a copy of this license from your vendor and/or *along with this file; If not, please visit www.wawision.de/Lizenzhinweis * You should have received a copy of this license from your vendor and/or *along with this file; If not, please visit www.wawision.de/Lizenzhinweis
* to obtain the text of the corresponding license version. * to obtain the text of the corresponding license version.
* *
**** END OF COPYRIGHT & LICENSE NOTICE *** DO NOT REMOVE **** **** END OF COPYRIGHT & LICENSE NOTICE *** DO NOT REMOVE ****
*/ */
?> ?>
<?php <?php
class StringCleaner class StringCleaner
{ {
private $elements; private $elements;
private $htmlpuriferconfig; private $htmlpuriferconfig;
private $htmlpurifer; private $htmlpurifer;
private $ruleregexps; private $ruleregexps;
/** @var Application */ /** @var Application */
private $app; private $app;
/** /**
* StringCleaner constructor. * StringCleaner constructor.
* *
* @param null|Application $app * @param null|Application $app
*/ */
public function __construct($app = null) public function __construct($app = null)
{ {
$this->app = $app; $this->app = $app;
if(class_exists('HTMLPurifier_Config')) { if(class_exists('HTMLPurifier_Config')) {
$this->htmlpuriferconfig = HTMLPurifier_Config::createDefault(); $this->htmlpuriferconfig = HTMLPurifier_Config::createDefault();
$this->htmlpuriferconfig->set('Core.Encoding', 'UTF-8'); $this->htmlpuriferconfig->set('Core.Encoding', 'UTF-8');
$this->htmlpuriferconfig->set('Attr.AllowedFrameTargets', ['_blank']); // Allow hyperlinks with target="_blank" $this->htmlpuriferconfig->set('Attr.AllowedFrameTargets', ['_blank']); // Allow hyperlinks with target="_blank"
//$this->htmlpuriferconfig->set('HTML.AllowedElements', 'h1,h2,h3,h4,h5,h6,p,a,strong,em,ol,ul,li,img,param,div,br,form,label,fieldset,input,textarea,select,option'); //$this->htmlpuriferconfig->set('HTML.AllowedElements', 'h1,h2,h3,h4,h5,h6,p,a,strong,em,ol,ul,li,img,param,div,br,form,label,fieldset,input,textarea,select,option');
$this->htmlpurifer = new HTMLPurifier($this->htmlpuriferconfig); $this->htmlpurifer = new HTMLPurifier($this->htmlpuriferconfig);
} }
$this->elements = array('nohtml'=> array('ust_befreit','abweichendelieferadresse','bestellungsart','bearbeiter','datum','lieferdatum','name','anrede','partner','packstation_inhaber','packstation_station','packstation_ident','packstation_plz','packstation_ort','partnerid','kennen','ihrebestellnummer' $this->elements = array('nohtml'=> array('ust_befreit','abweichendelieferadresse','bestellungsart','bearbeiter','datum','lieferdatum','name','anrede','partner','packstation_inhaber','packstation_station','packstation_ident','packstation_plz','packstation_ort','partnerid','kennen','ihrebestellnummer'
,'abteilung','unterabteilung','ansprechpartner','adresszusatz','strasse','land','bundesstaat','plz','ort','versandart','internet','transaktionsnummer','vertrieb','zahlungsweise' ,'abteilung','unterabteilung','ansprechpartner','adresszusatz','strasse','land','bundesstaat','plz','ort','versandart','internet','transaktionsnummer','vertrieb','zahlungsweise'
,'lieferabteilung','lieferunterabteilung','lieferansprechpartner','lieferadresszusatz','lieferstrasse','lieferland','lieferbundesstaat','lieferplz','lieferort' ,'lieferabteilung','lieferunterabteilung','lieferansprechpartner','lieferadresszusatz','lieferstrasse','lieferland','lieferbundesstaat','lieferplz','lieferort'
,'bank_inhaber','bank_institut','bank_blz','bank_konto' ,'bank_inhaber','bank_institut','bank_blz','bank_konto'
,'email','telefon','telefax','ustid','partner','projekt','herstellernummer','ean','nummer','name_de','name_ean'), ,'email','telefon','telefax','ustid','partner','projekt','herstellernummer','ean','nummer','name_de','name_ean'),
'nojs' => array('anabregstext','anabregstext_en','uebersicht_de','uebersicht_en','kurztext_de','kurztext_en','internebemerkung','internebezeichnung','freitext')); 'nojs' => array('anabregstext','anabregstext_en','uebersicht_de','uebersicht_en','kurztext_de','kurztext_en','internebemerkung','internebezeichnung','freitext'));
$this->rulechecks = array('digit'=>'/^[0-9]+$/' $this->rulechecks = array('digit'=>'/^[0-9]+$/'
,'alpha'=>'/^[a-zA-Z]+$/' ,'alpha'=>'/^[a-zA-Z]+$/'
,'alphadigit'=>'/^[0-9a-zA-Z]+$/' ,'alphadigit'=>'/^[0-9a-zA-Z]+$/'
,'username'=>'/^[0-9a-zA-Z\.\-]+$/' ,'username'=>'/^[0-9a-zA-Z\.\-]+$/'
,'space'=>'/^[\x20]+$/' ,'space'=>'/^[\x20]+$/'
,'module'=>'/^[0-9a-zA-Z\_]$/' ,'module'=>'/^[0-9a-zA-Z\_]$/'
,'password'=>'/^[^\s\n]{1}[^\n]{5}.*$/' ,'password'=>'/^[^\s\n]{1}[^\n]{5}.*$/'
,'email'=>'/^[^@\s\x00-\x20]+@[^@\s\x00-\x20\.]+\.[^@\s\x00-\x20\.]+[^@\s\x00-\x20]*$/' ,'email'=>'/^[^@\s\x00-\x20]+@[^@\s\x00-\x20\.]+\.[^@\s\x00-\x20\.]+[^@\s\x00-\x20]*$/'
); );
$this->ruleregexps = array( $this->ruleregexps = array(
'digit'=>'/[^0-9]/' 'digit'=>'/[^0-9]/'
,'username'=>'/[^0-9a-zA-Z\.\-]/' ,'username'=>'/[^0-9a-zA-Z\.\-]/'
,'alpha'=>'/[^a-zA-Z]/' ,'alpha'=>'/[^a-zA-Z]/'
,'alphadigits'=>'/[^0-9a-zA-Z]/' ,'alphadigits'=>'/[^0-9a-zA-Z]/'
,'module'=>'/[^0-9a-zA-Z\_]/' ,'module'=>'/[^0-9a-zA-Z\_]/'
,'moduleminus'=>'/[^0-9a-zA-Z\_\-]/' ,'moduleminus'=>'/[^0-9a-zA-Z\_\-]/'
,'alphadigitsspecial'=>'/[^0-9a-zA-Z\_\.\(\)]/' ,'alphadigitsspecial'=>'/[^0-9a-zA-Z\_\.\(\)]/'
,'base64'=>'/[^0-9a-zA-Z\=\+\-\_\/]/' ,'base64'=>'/[^0-9a-zA-Z\=\+\-\_\/]/'
); );
} }
function SyntaxByElement($key, $default = '') function SyntaxByElement($key, $default = '')
{ {
foreach($this->elements as $type => $arr) { foreach($this->elements as $type => $arr) {
if(in_array($key, $arr)) { if(in_array($key, $arr)) {
return $type; return $type;
} }
} }
return $default; return $default;
} }
function CleanSQLReturn($value, $columnname, $default = '') function CleanSQLReturn($value, $columnname, $default = '')
{ {
if($value == '' || is_numeric($value)) if($value == '' || is_numeric($value))
{ {
return $value; return $value;
} }
if(in_array($columnname, array('nummer','name','kundennummer','bezeichnung','bezeichnunglieferant','lieferantennummer','mitarbeiternummer','name_de','name_en', if(in_array($columnname, array('nummer','name','kundennummer','bezeichnung','bezeichnunglieferant','lieferantennummer','mitarbeiternummer','name_de','name_en',
'kurzbezeichnung','abkuerzung', 'kurzbezeichnung','abkuerzung',
'strasse','plz','ort','land','ansprechpartner','abteilung','unterabteilung', 'strasse','plz','ort','land','ansprechpartner','abteilung','unterabteilung',
'liefername','lieferstrasse','lieferplz','lieferort','lieferland','lieferansprechpartner','lieferabteilung','lieferunterabteilung'))){ 'liefername','lieferstrasse','lieferplz','lieferort','lieferland','lieferansprechpartner','lieferabteilung','lieferunterabteilung'))){
return strip_tags($value); return strip_tags($value);
} }
if($default == 'xss_clean') if($default == 'xss_clean')
{ {
return $this->xss_clean($value, false); return $this->xss_clean($value, false);
} }
if($this->htmlpurifer) if($this->htmlpurifer)
{ {
return $this->htmlpurifer->purify($value); return $this->htmlpurifer->purify($value);
} }
return $value; return $value;
} }
function RuleCheck($string, $rule = null, &$found = false) function RuleCheck($string, $rule = null, &$found = false)
{ {
if(isset($this->rulechecks[$rule])) if(isset($this->rulechecks[$rule]))
{ {
$found = true; $found = true;
return preg_match_all($this->rulechecks[$rule], $string, $dummy); return preg_match_all($this->rulechecks[$rule], $string, $dummy);
} }
switch($rule) switch($rule)
{ {
case 'datum': case 'datum':
$found = true; $found = true;
if(preg_match_all('/([0-9]+)\.([0-9]+)\.$/', $string, $matches)) if(preg_match_all('/([0-9]+)\.([0-9]+)\.$/', $string, $matches))
{ {
$string = $matches[1][0].'.'.$matches[2][0].'.'.date('Y'); $string = $matches[1][0].'.'.$matches[2][0].'.'.date('Y');
} }
try { try {
if($x = new DateTime($string)) { if($x = new DateTime($string)) {
return $x->format('Y') > 0; return $x->format('Y') > 0;
} }
} }
catch (Exception $e) { catch (Exception $e) {
return false; return false;
} }
return false; return false;
break; break;
} }
} }
function CheckSQLHtml($sql) function CheckSQLHtml($sql)
{ {
$start = 0; $start = 0;
$len = strlen($sql); $len = strlen($sql);
$lvl = 0; $lvl = 0;
$col = 0; $col = 0;
$ret = array(0); $ret = array(0);
$instring = false; $instring = false;
for($i = $start; $i < $len; $i++) for($i = $start; $i < $len; $i++)
{ {
$char = $sql[$i]; $char = $sql[$i];
switch($char) switch($char)
{ {
case "'": case "'":
if($instring) if($instring)
{ {
if($sql[$i-1] != '\\') if($sql[$i-1] != '\\')
{ {
$instring = false; $instring = false;
} }
}else{ }else{
if($sql[$i-1] != '\\'){ if($sql[$i-1] != '\\'){
$instring = true; $instring = true;
} }
} }
break; break;
case "(": case "(":
if($instring) if($instring)
{ {
}else{ }else{
$lvl++; $lvl++;
} }
break; break;
case ")": case ")":
if($instring) if($instring)
{ {
}else{ }else{
$lvl--; $lvl--;
} }
break; break;
case "<": case "<":
if($instring) if($instring)
{ {
if(preg_match('/<[a-zA-Z]/',$char.$sql[$i+1])) if(preg_match('/<[a-zA-Z]/',$char.$sql[$i+1]))
{ {
if($ret[$col] != 2) if($ret[$col] != 2)
{ {
$ret[$col] = 1; $ret[$col] = 1;
} }
} }
} }
break; break;
case ',': case ',':
if($instring) if($instring)
{ {
}else{ }else{
if($lvl == 0) if($lvl == 0)
{ {
$col++; $col++;
$ret[$col] = 0; $ret[$col] = 0;
} }
} }
break; break;
case 'o': case 'o':
case 'O': case 'O':
if($instring) if($instring)
{ {
if($i < $len -4) if($i < $len -4)
{ {
if(strtolower(substr($sql, $i, 2)) == 'on') if(strtolower(substr($sql, $i, 2)) == 'on')
{ {
if(preg_match('/^on[a-z]+(\s*)=/', substr($sql, $i))) if(preg_match('/^on[a-z]+(\s*)=/', substr($sql, $i)))
{ {
$ret[$col] = 2; $ret[$col] = 2;
} }
} }
} }
} }
break; break;
case 'F': case 'F':
case 'f': case 'f':
if($instring) if($instring)
{ {
}else{ }else{
if($lvl == 0) if($lvl == 0)
{ {
if($i < $len - 4) if($i < $len - 4)
{ {
if(strtolower(substr($sql, $i, 4)) == 'from') if(strtolower(substr($sql, $i, 4)) == 'from')
{ {
break 2; break 2;
} }
} }
} }
} }
break; break;
} }
} }
$where = strripos($sql, 'where'); $where = strripos($sql, 'where');
$restsql = substr($sql, $i, $where - $i); $restsql = substr($sql, $i, $where - $i);
if(preg_match('/<[a-zA-Z]/', $restsql)) if(preg_match('/<[a-zA-Z]/', $restsql))
{ {
if(preg_match('/on[a-z]+(\s*)=/',$restsql)) if(preg_match('/on[a-z]+(\s*)=/',$restsql))
{ {
if($ret) if($ret)
{ {
foreach($ret as $k => $v) foreach($ret as $k => $v)
{ {
$ret[$k] = 2; $ret[$k] = 2;
} }
} }
}else{ }else{
if($ret) if($ret)
{ {
foreach($ret as $k => $v) foreach($ret as $k => $v)
{ {
if($v != 2) if($v != 2)
{ {
$ret[$k] = 1; $ret[$k] = 1;
} }
} }
} }
} }
} }
return $ret; return $ret;
} }
public function CleanString($string, $rule = null, &$found = false) public function CleanString($string, $rule = null, &$found = false)
{ {
if(is_null($rule)) if(is_null($rule))
{ {
$rule = 'nothml'; $rule = 'nothml';
} }
switch($rule) switch($rule)
{ {
case 'email': case 'email':
if($this->RuleCheck($string, $rule)) if($this->RuleCheck($string, $rule))
{ {
return $string; return $string;
} }
return ''; return '';
break; break;
case 'nohtml': case 'nohtml':
$found = true; $found = true;
if($string == '' || is_numeric($string)) if($string == '' || is_numeric($string))
{ {
return $string; return $string;
} }
if(strpos($string,'<') === false) if(strpos($string,'<') === false)
{ {
return $string; return $string;
} }
return strip_tags($string); return strip_tags($string);
break; break;
case 'datum': case 'datum':
$found = true; $found = true;
$string_ = $string; $string_ = $string;
if(preg_match_all('/([0-9]+)\.([0-9]+)\.$/', $string, $matches)) if(preg_match_all('/([0-9]+)\.([0-9]+)\.$/', $string, $matches))
{ {
$string_ = $matches[1][0].'.'.$matches[2][0].'.'.date('Y'); $string_ = $matches[1][0].'.'.$matches[2][0].'.'.date('Y');
} }
try try
{ {
if($x = new DateTime($string_)) if($x = new DateTime($string_))
{ {
if($x->format('Y') <= 0) if($x->format('Y') <= 0)
{ {
return ''; return '';
} }
return $string; return $string;
} }
} catch (Exception $e) { } catch (Exception $e) {
return ''; return '';
} }
return ''; return '';
break; break;
case 'xss_clean': case 'xss_clean':
$found = true; $found = true;
if($string == '' || is_numeric($string)) if($string == '' || is_numeric($string))
{ {
return $string; return $string;
} }
if(strpos($string,'<') === false){ if(strpos($string,'<') === false){
return $string; return $string;
} }
return $this->xss_clean($string, false); return $this->xss_clean($string, false);
break; break;
case 'nojs': case 'nojs':
$found = true; $found = true;
if($string == '' || is_numeric($string))return $string; if($string == '' || is_numeric($string))return $string;
if(strpos($string,'<') === false)return $string; if(strpos($string,'<') === false)return $string;
if($this->htmlpurifer) if($this->htmlpurifer)
{ {
return $this->htmlpurifer->purify($string); return $this->htmlpurifer->purify($string);
} }
return $this->xss_clean($string); return $this->xss_clean($string);
break; break;
case 'id': case 'id':
$found = true; $found = true;
if((String)$string === '') if((String)$string === '')
{ {
return $string; return $string;
} }
return (int)$string; return (int)$string;
break; break;
case 'doppelid': case 'doppelid':
$found = true; $found = true;
if((String)$string === '') if((String)$string === '')
{ {
return $string; return $string;
} }
$stringa = explode('-', $string, 2); $stringa = explode('-', $string, 2);
if(count($stringa) == 1)return (int)$stringa[0]; if(count($stringa) == 1)return (int)$stringa[0];
return ($stringa[0]===''?'':(int)$stringa[0]).'-'.(int)$stringa[1]; return ($stringa[0]===''?'':(int)$stringa[0]).'-'.(int)$stringa[1];
break; break;
case 'module': case 'module':
$found = true; $found = true;
return preg_replace ($this->ruleregexps[$rule], '' , $string); return preg_replace ($this->ruleregexps[$rule], '' , $string);
break; break;
default: default:
if(isset($this->ruleregexps[$rule])) if(isset($this->ruleregexps[$rule]))
{ {
$found = true; $found = true;
return preg_replace ($this->ruleregexps[$rule], '' , $string); return preg_replace ($this->ruleregexps[$rule], '' , $string);
} }
break; break;
} }
return $string; return $string;
} }
public function xss_clean($data, $usepurify = true) public function xss_clean($data, $usepurify = true)
{ {
if($usepurify && !empty($this->htmlpurifer)) if($usepurify && !empty($this->htmlpurifer))
{ {
return $this->htmlpurifer->purify($data); return $this->htmlpurifer->purify($data);
} }
// Fix &entity\n; // Fix &entity\n;
$data = str_replace(array('&amp;','&lt;','&gt;'), array('&amp;amp;','&amp;lt;','&amp;gt;'), $data); $data = str_replace(array('&amp;','&lt;','&gt;'), array('&amp;amp;','&amp;lt;','&amp;gt;'), $data);
$data = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $data); $data = preg_replace('/(&#*\w+)[\x00-\x20]+;/u', '$1;', $data);
$data = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $data); $data = preg_replace('/(&#x*[0-9A-F]+);*/iu', '$1;', $data);
$data = html_entity_decode($data, ENT_COMPAT, 'UTF-8'); $data = html_entity_decode($data, ENT_COMPAT, 'UTF-8');
return $data; return $data;
// Remove any attribute starting with "on" or xmlns // Remove any attribute starting with "on" or xmlns
$data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data); $data = preg_replace('#(<[^>]+?[\x00-\x20"\'])(?:on|xmlns)[^>]*+>#iu', '$1>', $data);
// Remove javascript: and vbscript: protocols // Remove javascript: and vbscript: protocols
$data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data); $data = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`\'"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2nojavascript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $data); $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iu', '$1=$2novbscript...', $data);
$data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data); $data = preg_replace('#([a-z]*)[\x00-\x20]*=([\'"]*)[\x00-\x20]*-moz-binding[\x00-\x20]*:#u', '$1=$2nomozbinding...', $data);
// Only works in IE: <span style="width: expression(alert('Ping!'));"></span> // Only works in IE: <span style="width: expression(alert('Ping!'));"></span>
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data); $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?expression[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data); $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?behaviour[\x00-\x20]*\([^>]*+>#i', '$1>', $data);
$data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu', '$1>', $data); $data = preg_replace('#(<[^>]+?)style[\x00-\x20]*=[\x00-\x20]*[`\'"]*.*?s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*+>#iu', '$1>', $data);
// Remove namespaced elements (we do not need them) // Remove namespaced elements (we do not need them)
$data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data); $data = preg_replace('#</*\w+:\w[^>]*+>#i', '', $data);
do do
{ {
// Remove really unwanted tags // Remove really unwanted tags
$old_data = $data; $old_data = $data;
$data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data); $data = preg_replace('#</*(?:applet|b(?:ase|gsound|link)|embed|frame(?:set)?|i(?:frame|layer)|l(?:ayer|ink)|meta|object|s(?:cript|tyle)|title|xml)[^>]*+>#i', '', $data);
} }
while ($old_data !== $data); while ($old_data !== $data);
return $data; return $data;
} }
function XMLArray_clean(&$xml, $lvl = 0) function XMLArray_clean(&$xml, $lvl = 0)
{ {
if(is_string($xml)) if(is_string($xml))
{ {
}elseif(is_array($xml)) }elseif(is_array($xml))
{ {
if(count($xml) > 0) if(count($xml) > 0)
{ {
foreach($xml as $k => $v) foreach($xml as $k => $v)
{ {
if(is_string($v)) if(is_string($v))
{ {
$xml[$k] = $this->CleanString($v, $this->SyntaxByElement($k,'nojs')); $xml[$k] = $this->CleanString($v, $this->SyntaxByElement($k,'nojs'));
} }
if($lvl < 10) if($lvl < 10)
{ {
$this->XMLArray_clean($v, $lvl + 1); $this->XMLArray_clean($v, $lvl + 1);
} }
} }
} }
}elseif(is_object($xml)) }elseif(is_object($xml))
{ {
if(count($xml) > 0) $xml = (array) $xml;
{ if(count($xml) > 0)
foreach($xml as $k => $v) {
{ foreach($xml as $k => $v)
if(count($v) > 0) {
{ $v = (array) $v;
if($lvl < 10) if(count($v) > 0)
{ {
$this->XMLArray_clean($v, $lvl + 1); if($lvl < 10)
} {
}elseif((String)$v != '') $this->XMLArray_clean($v, $lvl + 1);
{ }
if(isset($xml->$k)) }elseif((String)$v != '')
{ {
//$xml->$k = $this->CleanString($v, $this->SyntaxByElement($k,'nojs')); if(isset($xml->$k))
} {
} //$xml->$k = $this->CleanString($v, $this->SyntaxByElement($k,'nojs'));
} }
} }
} }
return $xml; }
} }
} return $xml;
}
}