ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
htmlpurifier.php
Go to the documentation of this file.
1 <?php
2 
23 // Note: Cache data is base64 encoded because Phorum insists on flinging
24 // to the user and expecting it to come back unharmed, newlines and
25 // all, which ain't happening. It's slower, it takes up more space, but
26 // at least it won't get mutilated
27 
31 function phorum_htmlpurifier_format($data)
32 {
33  $PHORUM = $GLOBALS["PHORUM"];
34 
35  $purifier =& HTMLPurifier::getInstance();
36  $cache_serial = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
37 
38  foreach($data as $message_id => $message){
39  if(isset($message['body'])) {
40 
41  if ($message_id) {
42  // we're dealing with a real message, not a fake, so
43  // there a number of shortcuts that can be taken
44 
45  if (isset($message['meta']['htmlpurifier_light'])) {
46  // format hook was called outside of Phorum's normal
47  // functions, do the abridged purification
48  $data[$message_id]['body'] = $purifier->purify($message['body']);
49  continue;
50  }
51 
52  if (!empty($PHORUM['args']['purge'])) {
53  // purge the cache, must be below the following if
54  unset($message['meta']['body_cache']);
55  }
56 
57  if (
58  isset($message['meta']['body_cache']) &&
59  isset($message['meta']['body_cache_serial']) &&
60  $message['meta']['body_cache_serial'] == $cache_serial
61  ) {
62  // cached version is present, bail out early
63  $data[$message_id]['body'] = base64_decode($message['meta']['body_cache']);
64  continue;
65  }
66  }
67 
68  // migration might edit this array, that's why it's defined
69  // so early
70  $updated_message = array();
71 
72  // create the $body variable
73  if (
74  $message_id && // message must be real to migrate
75  !isset($message['meta']['body_cache_serial'])
76  ) {
77  // perform migration
78  $fake_data = array();
79  list($signature, $edit_message) = phorum_htmlpurifier_remove_sig_and_editmessage($message);
80  $fake_data[$message_id] = $message;
81  $fake_data = phorum_htmlpurifier_migrate($fake_data);
82  $body = $fake_data[$message_id]['body'];
83  $body = str_replace("<phorum break>\n", "\n", $body);
84  $updated_message['body'] = $body; // save it in
85  $body .= $signature . $edit_message; // add it back in
86  } else {
87  // reverse Phorum's pre-processing
88  $body = $message['body'];
89  // order is important
90  $body = str_replace("<phorum break>\n", "\n", $body);
91  $body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
92  if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
93  // we're in control.php, so it was double-escaped
94  $body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
95  }
96  }
97 
98  $body = $purifier->purify($body);
99 
100  // dynamically update the cache (MUST BE DONE HERE!)
101  // this is inefficient because it's one db call per
102  // cache miss, but once the cache is in place things are
103  // a lot zippier.
104 
105  if ($message_id) { // make sure it's not a fake id
106  $updated_message['meta'] = $message['meta'];
107  $updated_message['meta']['body_cache'] = base64_encode($body);
108  $updated_message['meta']['body_cache_serial'] = $cache_serial;
109  phorum_db_update_message($message_id, $updated_message);
110  }
111 
112  // must not get overloaded until after we cache it, otherwise
113  // we'll inadvertently change the original text
114  $data[$message_id]['body'] = $body;
115 
116  }
117  }
118 
119  return $data;
120 }
121 
122 // -----------------------------------------------------------------------
123 // This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
124 // keep this code in-sync with Phorum
125 
129 function phorum_htmlpurifier_generate_sig($row)
130 {
131  $phorum_sig = '';
132  if(isset($row["user"]["signature"])
133  && isset($row['meta']['show_signature']) && $row['meta']['show_signature']==1){
134  $phorum_sig=trim($row["user"]["signature"]);
135  if(!empty($phorum_sig)){
136  $phorum_sig="\n\n$phorum_sig";
137  }
138  }
139  return $phorum_sig;
140 }
141 
145 function phorum_htmlpurifier_generate_editmessage($row)
146 {
147  $PHORUM = $GLOBALS['PHORUM'];
148  $editmessage = '';
149  if(isset($row['meta']['edit_count']) && $row['meta']['edit_count'] > 0) {
150  $editmessage = str_replace ("%count%", $row['meta']['edit_count'], $PHORUM["DATA"]["LANG"]["EditedMessage"]);
151  $editmessage = str_replace ("%lastedit%", phorum_date($PHORUM["short_date_time"],$row['meta']['edit_date']), $editmessage);
152  $editmessage = str_replace ("%lastuser%", $row['meta']['edit_username'], $editmessage);
153  $editmessage = "\n\n\n\n$editmessage";
154  }
155  return $editmessage;
156 }
157 
158 // End fragile code
159 // -----------------------------------------------------------------------
160 
165 function phorum_htmlpurifier_remove_sig_and_editmessage(&$row)
166 {
167  $signature = phorum_htmlpurifier_generate_sig($row);
168  $editmessage = phorum_htmlpurifier_generate_editmessage($row);
169  $replacements = array();
170  // we need to remove add <phorum break> as that is the form these
171  // extra bits are in.
172  if ($signature) $replacements[str_replace("\n", "<phorum break>\n", $signature)] = '';
173  if ($editmessage) $replacements[str_replace("\n", "<phorum break>\n", $editmessage)] = '';
174  $row['body'] = strtr($row['body'], $replacements);
175  return array($signature, $editmessage);
176 }
177 
184 function phorum_htmlpurifier_posting($message)
185 {
186  $PHORUM = $GLOBALS["PHORUM"];
187  unset($message['meta']['body_cache']); // invalidate the cache
188  $message['meta']['body_cache_serial'] = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
189  return $message;
190 }
191 
195 function phorum_htmlpurifier_quote($array)
196 {
197  $PHORUM = $GLOBALS["PHORUM"];
198  $purifier =& HTMLPurifier::getInstance();
199  $text = $purifier->purify($array[1]);
200  $source = htmlspecialchars($array[0]);
201  return "<blockquote cite=\"$source\">\n$text\n</blockquote>";
202 }
203 
208 function phorum_htmlpurifier_common()
209 {
210  require_once(dirname(__FILE__).'/htmlpurifier/HTMLPurifier.auto.php');
211  require(dirname(__FILE__).'/init-config.php');
212 
213  $config = phorum_htmlpurifier_get_config();
214  HTMLPurifier::getInstance($config);
215 
216  // increment revision.txt if you want to invalidate the cache
217  $GLOBALS['PHORUM']['mod_htmlpurifier']['body_cache_serial'] = $config->getSerial();
218 
219  // load migration
220  if (file_exists(dirname(__FILE__) . '/migrate.php')) {
221  include(dirname(__FILE__) . '/migrate.php');
222  } else {
223  echo '<strong>Error:</strong> No migration path specified for HTML Purifier, please check
224  <tt>modes/htmlpurifier/migrate.bbcode.php</tt> for instructions on
225  how to migrate from your previous markup language.';
226  exit;
227  }
228 
229  if (!function_exists('phorum_htmlpurifier_migrate')) {
230  // Dummy function
231  function phorum_htmlpurifier_migrate($data) {return $data;}
232  }
233 
234 }
235 
240 function phorum_htmlpurifier_before_editor($message)
241 {
242  if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
243  if (!empty($message['body'])) {
244  $body = $message['body'];
245  // de-entity-ize contents
246  $body = str_replace(array('&lt;','&gt;','&amp;'), array('<','>','&'), $body);
247  $purifier =& HTMLPurifier::getInstance();
248  $body = $purifier->purify($body);
249  // re-entity-ize contents
250  $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
251  $message['body'] = $body;
252  }
253  }
254  return $message;
255 }
256 
257 function phorum_htmlpurifier_editor_after_subject()
258 {
259  // don't show this message if it's a WYSIWYG editor, since it will
260  // then be handled automatically
261  if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
262  $i = $GLOBALS['PHORUM']['DATA']['MODE'];
263  if ($i == 'quote' || $i == 'edit' || $i == 'moderation') {
264  ?>
265  <div>
266  <p>
267  <strong>Notice:</strong> HTML has been scrubbed for your safety.
268  If you would like to see the original, turn off WYSIWYG mode
269  (consult your administrator for details.)
270  </p>
271  </div>
272  <?php
273  }
274  return;
275  }
276  if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) return;
277  ?><div class="htmlpurifier-help">
278  <p>
279  <strong>HTML input</strong> is enabled. Make sure you escape all HTML and
280  angled brackets with <code>&amp;lt;</code> and <code>&amp;gt;</code>.
281  </p><?php
282  $purifier =& HTMLPurifier::getInstance();
283  $config = $purifier->config;
284  if ($config->get('AutoFormat.AutoParagraph')) {
285  ?><p>
286  <strong>Auto-paragraphing</strong> is enabled. Double
287  newlines will be converted to paragraphs; for single
288  newlines, use the <code>pre</code> tag.
289  </p><?php
290  }
291  $html_definition = $config->getDefinition('HTML');
292  $allowed = array();
293  foreach ($html_definition->info as $name => $x) $allowed[] = "<code>$name</code>";
294  sort($allowed);
295  $allowed_text = implode(', ', $allowed);
296  ?><p><strong>Allowed tags:</strong> <?php
297  echo $allowed_text;
298  ?>.</p><?php
299  ?>
300  </p>
301  <p>
302  For inputting literal code such as HTML and PHP for display, use
303  CDATA tags to auto-escape your angled brackets, and <code>pre</code>
304  to preserve newlines:
305  </p>
306  <pre>&lt;pre&gt;&lt;![CDATA[
307 <em>Place code here</em>
308 ]]&gt;&lt;/pre&gt;</pre>
309  <p>
310  Power users, you can hide this notice with:
311  <pre>.htmlpurifier-help {display:none;}</pre>
312  </p>
313  </div><?php
314 }
315 
316 // vim: et sw=4 sts=4
to
File written to
Definition: 01pharSimple.php:86
$x
$x
Definition: example_009.php:98
phorum_htmlpurifier_generate_editmessage
phorum_htmlpurifier_generate_editmessage($row)
Generates an edit message based on a message array.
Definition: htmlpurifier.php:145
phorum_htmlpurifier_migrate
phorum_htmlpurifier_migrate($data)
&#39;format&#39; hook style function that will be called to convert legacy markup into HTML.
Definition: migrate.bbcode.php:26
$PHORUM
$PHORUM['mod_htmlpurifier']['directives']
Definition: settings.php:28
$GLOBALS
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
Definition: generate-standalone.php:18
phorum_htmlpurifier_quote
phorum_htmlpurifier_quote($array)
Overload quoting mechanism to prevent default, mail-style quote from happening.
Definition: htmlpurifier.php:195
p
p
Definition: langcheck.php:169
phorum_htmlpurifier_get_config
phorum_htmlpurifier_get_config($default=false)
Initializes the appropriate configuration from either a PHP file or a module configuration value...
Definition: init-config.php:8
phorum_htmlpurifier_editor_after_subject
phorum_htmlpurifier_editor_after_subject()
Definition: htmlpurifier.php:257
phorum_htmlpurifier_common
phorum_htmlpurifier_common()
Ensure that our format hook is processed last.
Definition: htmlpurifier.php:208
phorum_htmlpurifier_posting
phorum_htmlpurifier_posting($message)
Indicate that data is fully HTML and not from migration, invalidate previous caches.
Definition: htmlpurifier.php:184
input
input
Definition: langcheck.php:166
HTMLPurifier\getInstance
static getInstance($prototype=null)
Singleton for enforcing just one HTML Purifier in your system.
Definition: HTMLPurifier.php:286
phorum_htmlpurifier_remove_sig_and_editmessage
phorum_htmlpurifier_remove_sig_and_editmessage(&$row)
Removes the signature and edit message from a message.
Definition: htmlpurifier.php:165
phorum_htmlpurifier_generate_sig
phorum_htmlpurifier_generate_sig($row)
Generates a signature based on a message array.
Definition: htmlpurifier.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
phorum_htmlpurifier_before_editor
phorum_htmlpurifier_before_editor($message)
Pre-emptively performs purification if it looks like a WYSIWYG editor is being used.
Definition: htmlpurifier.php:240
$text
$text
Definition: example_020.php:127
phorum_htmlpurifier_format
phorum_htmlpurifier_format($data)
HTML Purifier Phorum Mod.
Definition: htmlpurifier.php:31
defined
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'
Definition: bootstrap.php:27