aufa · December 28, 2015 04:35
diff --git a/Filter.php b/Filter.php
 <?php
 /**
 * HTML Output Filter
 * @author awan <[email protected]>
 */

 /**
 * Entities the Multibytes string
 *
 * @param string  $string    the string to detect multibytes
 * @param boolean $entities  true if want to entity the output
 */
 function multibyteEntities($string, $entities = true)
 {
    if (!function_exists('iconv') || ! preg_match("/[^\x20-\x7f\s]/", $string)) { // add \n\r\t as ASCII
        return $entities ? htmlentities(html_entity_decode($string)) : $string;
    }

    return preg_replace_callback('/[\x{80}-\x{10FFFF}]/u', function ($m) {
        $char = current($m);
        $utf  = iconv('UTF-8', 'UCS-4//IGNORE', $char);
        return sprintf("&#x%s;", ltrim(strtolower(bin2hex($utf)), "0"));
    }, ($entities ? htmlentities(html_entity_decode($string)) : $string));
 }

 /**
 * Escaping or add backslash if has no escaped of single quote
 * @param  mixed    $string values to be escaped
 * @return mixed
 */
 function escapeSingleQuote($string)
 {
    if (!is_array($string)) {
        foreach ($string as $key => $value) {
            $string[$key] = escapeSingleQuote($value);
        }
    } elseif (is_object($string)) {
        foreach (get_object_vars($string) as $key => $value) {
            $string->{$key} = escapeSingleQuote($value);
        }
    } elseif(is_string($string)) {
        $string = str_replace("\\\'", "\'", preg_replace('/\'/', "\'", $string));
    }

    return $string;
 }

 /**
 * Escaping or add backslash if has no escaped of double quote
 * @param  mixed    $string values to be escaped
 * @return mixed
 */
 function escapeDoubleQuote($string)
 {
    if (!is_array($string)) {
        foreach ($string as $key => $value) {
            $string[$key] = escapeDoubleQuote($value);
        }
    } elseif (is_object($string)) {
        foreach (get_object_vars($string) as $key => $value) {
            $string->{$key} = escapeDoubleQuote($value);
        }
    } elseif(is_string($string)) {
        $string = str_replace('\\\"', '\"', preg_replace('/\"/', '\"', $string));
    }

    return $string;
 }

 /**
 * Escaping or add backslash if has no escaped of double & Single quote
 * @param  mixed    $string values to be escaped
 * @return mixed
 */
 function escapeQuote($string)
 {
    if (!is_array($string)) {
        foreach ($string as $key => $value) {
            $string[$key] = escapeQuote($value);
        }
    } elseif (is_object($string)) {
        foreach (get_object_vars($string) as $key => $value) {
            $string->{$key} = escapeQuote($value);
        }
    } elseif(is_string($string)) {
        $string = str_replace(
            array('\\\"', "\\\'"),
            array('\"', "\'"),
            preg_replace('/(\"|\')/', '\$1', $string)
        );
    }

    return $string;
 }

 /**
 * Converts email addresses characters to HTML entities to block spam bots.
 *
 * @license followed WordPress license
 *
 * @param mixed $email_address Email address.
 * @param int $hex_encoding Optional. Set to 1 to enable hex encoding.
 * @return string Converted email address.
 */
 function antiSpamBotMail($email_address, $hex_encoding = 0)
 {
    if (is_array($email_address)) {
        foreach ($email_address as $key => $value) {
            $email_address[$key] = antiSpamBotMail($value, $hex_encoding);
        }
        return $email_address;
    }
    if (is_object($email_address)) {
        foreach (get_object_vars($email_address) as $key => $value) {
            $email_address->{$key} = antiSpamBotMail($value, $hex_encoding);
        }
        return $email_address;
    }
    $email_no_spam_address = '';
    for ($i = 0, $len = strlen($email_address); $i < $len; $i++) {
        $j = rand(0, 1 + $hex_encoding);
        if ($j == 0) {
            $email_no_spam_address .= '&#' . ord($email_address[$i]) . ';';
        } elseif ($j == 1) {
            $email_no_spam_address .= $email_address[$i];
        } elseif ($j == 2) {
            $email_no_spam_address .= '%' . sprintf('%0'.dechex(ord($email_address[$i])).'s', 2);
        }
    }

    $email_no_spam_address = str_replace('@', '&#64;', $email_no_spam_address);

    return $email_no_spam_address;
 }

 /**
 * Set cookie domain with .domain.ext for multi sub domain
 *
 * @param  sting  $domain
 * @return string $return domain ( .domain.com )
 */
 function splitCrossDomain($domain)
 {
    // domain must be string
    if (! is_string($domain)) {
        return $domain;
    }

    // make it domain lower
    $domain = strtolower($domain);
    $domain = preg_replace('/((http|ftp)s?|sftp|xmp):\/\//i', '', $domain);
    $domain = preg_replace('/\/.*$/', '', $domain);
    $is_ip = filter_var($domain, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
    if (!$is_ip) {
        $is_ip = filter_var($domain, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
    }
    if (!$is_ip) {
        $parse  = parse_url('http://'.$domain.'/');
        $domain = isset($parse['host']) ? $parse['host'] : null;
        if ($domain === null) {
            return null;
        }
    }
    if (!preg_match('/^((\[[0-9a-f:]+\])|(\d{1,3}(\.\d{1,3}){3})|[a-z0-9\-\.]+)(:\d+)?$/i', $domain)
        || $is_ip
        || $domain == '127.0.0.1'
        || $domain == 'localhost'
        ) {
        return $domain;
    }

    $domain = preg_replace('/[~!@#$%^&*()+`\{\}\]\[\/\\\'\;\<\>\,\"\?\=\|]/', '', $domain);
    if (strpos($domain, '.') !== false) {
        if (preg_match('/(.*\.)+(.*\.)+(.*)/', $domain)) {
            $return     = '.'.preg_replace('/(.*\.)+(.*\.)+(.*)/', '$2$3', $domain);
        } else {
            $return = '.'.$domain;
        }
    } else {
        $return = $domain;
    }
    
    return $return;
 }
	<?php
	/**
	* HTML Output Filter
	* @author awan <[email protected]>
	*/

	/**
	* Entities the Multibytes string
	*
	* @param string $string the string to detect multibytes
	* @param boolean $entities true if want to entity the output
	*/
	function multibyteEntities($string, $entities = true)
	{
	if (!function_exists('iconv') \|\| ! preg_match("/[^\x20-\x7f\s]/", $string)) { // add \n\r\t as ASCII
	return $entities ? htmlentities(html_entity_decode($string)) : $string;
	}

	return preg_replace_callback('/[\x{80}-\x{10FFFF}]/u', function ($m) {
	$char = current($m);
	$utf = iconv('UTF-8', 'UCS-4//IGNORE', $char);
	return sprintf("&#x%s;", ltrim(strtolower(bin2hex($utf)), "0"));
	}, ($entities ? htmlentities(html_entity_decode($string)) : $string));
	}

	/**
	* Escaping or add backslash if has no escaped of single quote
	* @param mixed $string values to be escaped
	* @return mixed
	*/
	function escapeSingleQuote($string)
	{
	if (!is_array($string)) {
	foreach ($string as $key => $value) {
	$string[$key] = escapeSingleQuote($value);
	}
	} elseif (is_object($string)) {
	foreach (get_object_vars($string) as $key => $value) {
	$string->{$key} = escapeSingleQuote($value);
	}
	} elseif(is_string($string)) {
	$string = str_replace("\\\'", "\'", preg_replace('/\'/', "\'", $string));
	}

	return $string;
	}

	/**
	* Escaping or add backslash if has no escaped of double quote
	* @param mixed $string values to be escaped
	* @return mixed
	*/
	function escapeDoubleQuote($string)
	{
	if (!is_array($string)) {
	foreach ($string as $key => $value) {
	$string[$key] = escapeDoubleQuote($value);
	}
	} elseif (is_object($string)) {
	foreach (get_object_vars($string) as $key => $value) {
	$string->{$key} = escapeDoubleQuote($value);
	}
	} elseif(is_string($string)) {
	$string = str_replace('\\\"', '\"', preg_replace('/\"/', '\"', $string));
	}

	return $string;
	}

	/**
	* Escaping or add backslash if has no escaped of double & Single quote
	* @param mixed $string values to be escaped
	* @return mixed
	*/
	function escapeQuote($string)
	{
	if (!is_array($string)) {
	foreach ($string as $key => $value) {
	$string[$key] = escapeQuote($value);
	}
	} elseif (is_object($string)) {
	foreach (get_object_vars($string) as $key => $value) {
	$string->{$key} = escapeQuote($value);
	}
	} elseif(is_string($string)) {
	$string = str_replace(
	array('\\\"', "\\\'"),
	array('\"', "\'"),
	preg_replace('/(\"\|\')/', '\$1', $string)
	);
	}

	return $string;
	}

	/**
	* Converts email addresses characters to HTML entities to block spam bots.
	*
	* @license followed WordPress license
	*
	* @param mixed $email_address Email address.
	* @param int $hex_encoding Optional. Set to 1 to enable hex encoding.
	* @return string Converted email address.
	*/
	function antiSpamBotMail($email_address, $hex_encoding = 0)
	{
	if (is_array($email_address)) {
	foreach ($email_address as $key => $value) {
	$email_address[$key] = antiSpamBotMail($value, $hex_encoding);
	}
	return $email_address;
	}
	if (is_object($email_address)) {
	foreach (get_object_vars($email_address) as $key => $value) {
	$email_address->{$key} = antiSpamBotMail($value, $hex_encoding);
	}
	return $email_address;
	}
	$email_no_spam_address = '';
	for ($i = 0, $len = strlen($email_address); $i < $len; $i++) {
	$j = rand(0, 1 + $hex_encoding);
	if ($j == 0) {
	$email_no_spam_address .= '&#' . ord($email_address[$i]) . ';';
	} elseif ($j == 1) {
	$email_no_spam_address .= $email_address[$i];
	} elseif ($j == 2) {
	$email_no_spam_address .= '%' . sprintf('%0'.dechex(ord($email_address[$i])).'s', 2);
	}
	}

	$email_no_spam_address = str_replace('@', '@', $email_no_spam_address);

	return $email_no_spam_address;
	}

	/**
	* Set cookie domain with .domain.ext for multi sub domain
	*
	* @param sting $domain
	* @return string $return domain ( .domain.com )
	*/
	function splitCrossDomain($domain)
	{
	// domain must be string
	if (! is_string($domain)) {
	return $domain;
	}

	// make it domain lower
	$domain = strtolower($domain);
	$domain = preg_replace('/((http\|ftp)s?\|sftp\|xmp):\/\//i', '', $domain);
	$domain = preg_replace('/\/.*$/', '', $domain);
	$is_ip = filter_var($domain, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4);
	if (!$is_ip) {
	$is_ip = filter_var($domain, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6);
	}
	if (!$is_ip) {
	$parse = parse_url('http://'.$domain.'/');
	$domain = isset($parse['host']) ? $parse['host'] : null;
	if ($domain === null) {
	return null;
	}
	}
	if (!preg_match('/^((\[[0-9a-f:]+\])\|(\d{1,3}(\.\d{1,3}){3})\|[a-z0-9\-\.]+)(:\d+)?$/i', $domain)
	\|\| $is_ip
	\|\| $domain == '127.0.0.1'
	\|\| $domain == 'localhost'
	) {
	return $domain;
	}

	$domain = preg_replace('/[~!@#$%^&*()+`\{\}\]\[\/\\\'\;\<\>\,\"\?\=\\|]/', '', $domain);
	if (strpos($domain, '.') !== false) {
	if (preg_match('/(.\.)+(.\.)+(.*)/', $domain)) {
	$return = '.'.preg_replace('/(.\.)+(.\.)+(.*)/', '$2$3', $domain);
	} else {
	$return = '.'.$domain;
	}
	} else {
	$return = $domain;
	}

	return $return;
	}