From 4c4d7b854e1636054f45af92ba6651ddd050d911 Mon Sep 17 00:00:00 2001
From: Pierre <pierre@hubert.fr>
Date: Sun, 7 Jan 2018 17:53:39 +0100
Subject: [PATCH] Added a function to check the security of HTML source

---
 functions/requests.php | 36 ++++++++++++++++++++++++++++++------
 1 file changed, 30 insertions(+), 6 deletions(-)

diff --git a/functions/requests.php b/functions/requests.php
index 393e0e5..cebc3fa 100644
--- a/functions/requests.php
+++ b/functions/requests.php
@@ -69,21 +69,45 @@ function toInt($input) : int{
 /**
  * Remove HTML markup codes (<, >)
  *
- * @param String $input The string to change
- * @return String The updated string
+ * @param string $input The string to change
+ * @return string The updated string
  */
-function removeHTMLnodes($input){
+function removeHTMLnodes(string $input) : string {
 	$output = str_replace("<", "&lt;", $input);
 	return str_replace(">", "&gt;", $output);
 }
 
+/**
+ * Check the security of an HTML string
+ * 
+ * @param string $input The string to check
+ * @return bool TRUE if the string is safe to insert / FALSE else
+ */
+function checkHTMLstring(string $string) : bool {
+
+	//Check for script or style or meta tag
+	if(str_ireplace(array("<string", "<style", "<meta"), "", $string) != $string)
+		return false;
+	
+	//Check for onclick, onkeyup, onmousehover tag
+	if(str_ireplace(array("onclick", "onkeyup", "onmousehover"), "", $string) != $string)
+		return false;
+
+	//Check for images integrated to the post
+	if(preg_match("/data:image/", $string))
+		return false;
+
+	//The message is valid
+	return true;
+}
+
 /**
  * Check a string before inserting it
  *
- * @param String $string The string to check
- * @return Boolean True if the string is valid / false else
+ * @param string $string The string to check
+ * @return bool True if the string is valid / false else
  */
-function check_string_before_insert($string){
+function check_string_before_insert(string $string) : bool {
 
 	//First, empty string are invalid
 	if($string == "")