ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
htmlpurifier.php
Go to the documentation of this file.
1<?php
2
23// Note: Cache data is base64 encoded because Phorum insists on flinging
24// to the user and expecting it to come back unharmed, newlines and
25// all, which ain't happening. It's slower, it takes up more space, but
26// at least it won't get mutilated
27
32{
33 $PHORUM = $GLOBALS["PHORUM"];
34
35 $purifier =& HTMLPurifier::getInstance();
36 $cache_serial = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
37
38 foreach($data as $message_id => $message){
39 if(isset($message['body'])) {
40
41 if ($message_id) {
42 // we're dealing with a real message, not a fake, so
43 // there a number of shortcuts that can be taken
44
45 if (isset($message['meta']['htmlpurifier_light'])) {
46 // format hook was called outside of Phorum's normal
47 // functions, do the abridged purification
48 $data[$message_id]['body'] = $purifier->purify($message['body']);
49 continue;
50 }
51
52 if (!empty($PHORUM['args']['purge'])) {
53 // purge the cache, must be below the following if
54 unset($message['meta']['body_cache']);
55 }
56
57 if (
58 isset($message['meta']['body_cache']) &&
59 isset($message['meta']['body_cache_serial']) &&
60 $message['meta']['body_cache_serial'] == $cache_serial
61 ) {
62 // cached version is present, bail out early
63 $data[$message_id]['body'] = base64_decode($message['meta']['body_cache']);
64 continue;
65 }
66 }
67
68 // migration might edit this array, that's why it's defined
69 // so early
70 $updated_message = array();
71
72 // create the $body variable
73 if (
74 $message_id && // message must be real to migrate
75 !isset($message['meta']['body_cache_serial'])
76 ) {
77 // perform migration
78 $fake_data = array();
79 list($signature, $edit_message) = phorum_htmlpurifier_remove_sig_and_editmessage($message);
80 $fake_data[$message_id] = $message;
81 $fake_data = phorum_htmlpurifier_migrate($fake_data);
82 $body = $fake_data[$message_id]['body'];
83 $body = str_replace("<phorum break>\n", "\n", $body);
84 $updated_message['body'] = $body; // save it in
85 $body .= $signature . $edit_message; // add it back in
86 } else {
87 // reverse Phorum's pre-processing
88 $body = $message['body'];
89 // order is important
90 $body = str_replace("<phorum break>\n", "\n", $body);
91 $body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
92 if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
93 // we're in control.php, so it was double-escaped
94 $body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
95 }
96 }
97
98 $body = $purifier->purify($body);
99
100 // dynamically update the cache (MUST BE DONE HERE!)
101 // this is inefficient because it's one db call per
102 // cache miss, but once the cache is in place things are
103 // a lot zippier.
104
105 if ($message_id) { // make sure it's not a fake id
106 $updated_message['meta'] = $message['meta'];
107 $updated_message['meta']['body_cache'] = base64_encode($body);
108 $updated_message['meta']['body_cache_serial'] = $cache_serial;
109 phorum_db_update_message($message_id, $updated_message);
110 }
111
112 // must not get overloaded until after we cache it, otherwise
113 // we'll inadvertently change the original text
114 $data[$message_id]['body'] = $body;
115
116 }
117 }
118
119 return $data;
120}
121
122// -----------------------------------------------------------------------
123// This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
124// keep this code in-sync with Phorum
125
130{
131 $phorum_sig = '';
132 if(isset($row["user"]["signature"])
133 && isset($row['meta']['show_signature']) && $row['meta']['show_signature']==1){
134 $phorum_sig=trim($row["user"]["signature"]);
135 if(!empty($phorum_sig)){
136 $phorum_sig="\n\n$phorum_sig";
137 }
138 }
139 return $phorum_sig;
140}
141
146{
147 $PHORUM = $GLOBALS['PHORUM'];
148 $editmessage = '';
149 if(isset($row['meta']['edit_count']) && $row['meta']['edit_count'] > 0) {
150 $editmessage = str_replace ("%count%", $row['meta']['edit_count'], $PHORUM["DATA"]["LANG"]["EditedMessage"]);
151 $editmessage = str_replace ("%lastedit%", phorum_date($PHORUM["short_date_time"],$row['meta']['edit_date']), $editmessage);
152 $editmessage = str_replace ("%lastuser%", $row['meta']['edit_username'], $editmessage);
153 $editmessage = "\n\n\n\n$editmessage";
154 }
155 return $editmessage;
156}
157
158// End fragile code
159// -----------------------------------------------------------------------
160
166{
169 $replacements = array();
170 // we need to remove add <phorum break> as that is the form these
171 // extra bits are in.
172 if ($signature) $replacements[str_replace("\n", "<phorum break>\n", $signature)] = '';
173 if ($editmessage) $replacements[str_replace("\n", "<phorum break>\n", $editmessage)] = '';
174 $row['body'] = strtr($row['body'], $replacements);
175 return array($signature, $editmessage);
176}
177
185{
186 $PHORUM = $GLOBALS["PHORUM"];
187 unset($message['meta']['body_cache']); // invalidate the cache
188 $message['meta']['body_cache_serial'] = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
189 return $message;
190}
191
196{
197 $PHORUM = $GLOBALS["PHORUM"];
198 $purifier =& HTMLPurifier::getInstance();
199 $text = $purifier->purify($array[1]);
200 $source = htmlspecialchars($array[0]);
201 return "<blockquote cite=\"$source\">\n$text\n</blockquote>";
202}
203
209{
210 require_once(dirname(__FILE__).'/htmlpurifier/HTMLPurifier.auto.php');
211 require(dirname(__FILE__).'/init-config.php');
212
215
216 // increment revision.txt if you want to invalidate the cache
217 $GLOBALS['PHORUM']['mod_htmlpurifier']['body_cache_serial'] = $config->getSerial();
218
219 // load migration
220 if (file_exists(dirname(__FILE__) . '/migrate.php')) {
221 include(dirname(__FILE__) . '/migrate.php');
222 } else {
223 echo '<strong>Error:</strong> No migration path specified for HTML Purifier, please check
224 <tt>modes/htmlpurifier/migrate.bbcode.php</tt> for instructions on
225 how to migrate from your previous markup language.';
226 exit;
227 }
228
229 if (!function_exists('phorum_htmlpurifier_migrate')) {
230 // Dummy function
231 function phorum_htmlpurifier_migrate($data) {return $data;}
232 }
233
234}
235
241{
242 if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
243 if (!empty($message['body'])) {
244 $body = $message['body'];
245 // de-entity-ize contents
246 $body = str_replace(array('&lt;','&gt;','&amp;'), array('<','>','&'), $body);
247 $purifier =& HTMLPurifier::getInstance();
248 $body = $purifier->purify($body);
249 // re-entity-ize contents
250 $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
251 $message['body'] = $body;
252 }
253 }
254 return $message;
255}
256
258{
259 // don't show this message if it's a WYSIWYG editor, since it will
260 // then be handled automatically
261 if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
262 $i = $GLOBALS['PHORUM']['DATA']['MODE'];
263 if ($i == 'quote' || $i == 'edit' || $i == 'moderation') {
264 ?>
265 <div>
266 <p>
267 <strong>Notice:</strong> HTML has been scrubbed for your safety.
268 If you would like to see the original, turn off WYSIWYG mode
269 (consult your administrator for details.)
270 </p>
271 </div>
272 <?php
273 }
274 return;
275 }
276 if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) return;
277 ?><div class="htmlpurifier-help">
278 <p>
279 <strong>HTML input</strong> is enabled. Make sure you escape all HTML and
280 angled brackets with <code>&amp;lt;</code> and <code>&amp;gt;</code>.
281 </p><?php
282 $purifier =& HTMLPurifier::getInstance();
283 $config = $purifier->config;
284 if ($config->get('AutoFormat.AutoParagraph')) {
285 ?><p>
286 <strong>Auto-paragraphing</strong> is enabled. Double
287 newlines will be converted to paragraphs; for single
288 newlines, use the <code>pre</code> tag.
289 </p><?php
290 }
291 $html_definition = $config->getDefinition('HTML');
292 $allowed = array();
293 foreach ($html_definition->info as $name => $x) $allowed[] = "<code>$name</code>";
294 sort($allowed);
295 $allowed_text = implode(', ', $allowed);
296 ?><p><strong>Allowed tags:</strong> <?php
297 echo $allowed_text;
298 ?>.</p><?php
299 ?>
300 </p>
301 <p>
302 For inputting literal code such as HTML and PHP for display, use
303 CDATA tags to auto-escape your angled brackets, and <code>pre</code>
304 to preserve newlines:
305 </p>
306 <pre>&lt;pre&gt;&lt;![CDATA[
307<em>Place code here</em>
308]]&gt;&lt;/pre&gt;</pre>
309 <p>
310 Power users, you can hide this notice with:
311 <pre>.htmlpurifier-help {display:none;}</pre>
312 </p>
313 </div><?php
314}
315
316// vim: et sw=4 sts=4
$source
Definition: linkback.php:22
An exception for terminatinating execution or to throw for unit testing.
static getInstance($prototype=null)
Singleton for enforcing just one HTML Purifier in your system.
$i
Definition: disco.tpl.php:19
$x
Definition: example_009.php:98
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
phorum_htmlpurifier_remove_sig_and_editmessage(&$row)
Removes the signature and edit message from a message.
phorum_htmlpurifier_editor_after_subject()
phorum_htmlpurifier_format($data)
HTML Purifier Phorum Mod.
phorum_htmlpurifier_generate_editmessage($row)
Generates an edit message based on a message array.
phorum_htmlpurifier_generate_sig($row)
Generates a signature based on a message array.
phorum_htmlpurifier_common()
Ensure that our format hook is processed last.
phorum_htmlpurifier_posting($message)
Indicate that data is fully HTML and not from migration, invalidate previous caches.
phorum_htmlpurifier_quote($array)
Overload quoting mechanism to prevent default, mail-style quote from happening.
phorum_htmlpurifier_before_editor($message)
Pre-emptively performs purification if it looks like a WYSIWYG editor is being used.
phorum_htmlpurifier_get_config($default=false)
Initializes the appropriate configuration from either a PHP file or a module configuration value.
Definition: init-config.php:8
PHP
Definition: index.php:3
$PHORUM['mod_htmlpurifier']['directives']
Definition: settings.php:28
if($format !==null) $name
Definition: metadata.php:146
catch(Exception $e) $message
phorum_htmlpurifier_migrate($data)
'format' hook style function that will be called to convert legacy markup into HTML.
defined( 'APPLICATION_ENV')||define( 'APPLICATION_ENV'
Definition: bootstrap.php:27
$text
Definition: errorreport.php:18