Use this instead of Gdn_Format::Html() when you do not want magic formatting.
public static htmlFilter ( mixed $Mixed ) : string | ||
$Mixed | mixed | An object, array, or string to be formatted. |
return | string | HTML |
/** * Filters an unsafe HTML string and returns it. * * @param string $html The HTML to filter. * @param bool $convertNewlines Whether to convert new lines to html br tags. * @param bool $filter Whether to filter HTML or not. * @return string The filtered HTML string. */ protected function formatContent($html, $convertNewlines = false, $filter = false) { $str = $html; if ($filter) { $str = Gdn_Format::htmlFilter($str); } if ($convertNewlines) { $str = preg_replace('/(\\015\\012)|(\\015)|(\\012)/', '<br>', $str); } // $str = strip_tags($str, ['b', 'i', 'p', 'strong', 'em', 'br']); return $str; }
/** * Output markup for extended profile fields. * * @param array $profileFields Formatted profile fields. * @param array $allFields Extended profile field data. * @param array $magicLabels "Magic" labels configured on the Profile Extender plug-in class. */ function extendedProfileFields($profileFields, $allFields, $magicLabels = []) { foreach ($profileFields as $name => $value) { // Skip empty and hidden fields. if (!$value || !val('OnProfile', $allFields[$name])) { continue; } // Non-magic fields must be plain text, but we'll auto-link if (!in_array($name, $magicLabels)) { $value = Gdn_Format::links(Gdn_Format::text($value)); } $class = 'Profile' . Gdn_Format::alphaNumeric($name); $label = Gdn_Format::text($allFields[$name]['Label']); $filteredVal = Gdn_Format::htmlFilter($value); echo " <dt class=\"ProfileExtend {$class}\">{$label}</dt> "; echo " <dd class=\"ProfileExtend {$class}\">{$filteredVal}</dd> "; } }
/** * Sanitize a string according to the filter specified _Filter in the data array. * * The valid values for _Filter are: * * - none: No sanitization. * - filter: Sanitize using {@link Gdn_Format::htmlFilter()}. * - safe: Sanitize using {@link htmlspecialchars()}. * * @param string $string The string to sanitize. * @return string Returns the sanitized string. */ protected function sanitize($string) { switch ($this->data('_Filter', 'safe')) { case 'none': return $string; case 'filter': return Gdn_Format::htmlFilter($string); case 'safe': default: return htmlspecialchars($string); } }
/** * Adds an error to the errors collection and optionally relates it to the * specified FieldName. Errors added with this method can be rendered with * $this->Errors(). * * @param mixed $ErrorCode * - <b>string</b>: The translation code that represents the error to display. * - <b>Exception</b>: The exception to display the message for. * @param string $FieldName The name of the field to relate the error to. */ public function addError($Error, $FieldName = '') { if (is_string($Error)) { $ErrorCode = $Error; } elseif (is_a($Error, 'Gdn_UserException')) { $ErrorCode = '@' . Gdn_Format::htmlFilter($Error->getMessage()); } elseif (is_a($Error, 'Exception')) { // Strip the extra information out of the exception. $Parts = explode('|', $Error->getMessage()); $Message = htmlspecialchars($Parts[0]); if (count($Parts) >= 3) { $FileSuffix = ": {$Parts[1]}->{$Parts[2]}(...)"; } else { $FileSuffix = ""; } if (debug()) { $ErrorCode = '@<pre>' . $Message . "\n" . '## ' . $Error->getFile() . '(' . $Error->getLine() . ")" . $FileSuffix . "\n" . htmlspecialchars($Error->getTraceAsString()) . '</pre>'; } else { $ErrorCode = '@' . htmlspecialchars(strip_tags($Error->getMessage())); } } if ($FieldName == '') { $FieldName = '<General Error>'; } if (!is_array($this->_ValidationResults)) { $this->_ValidationResults = array(); } if (!array_key_exists($FieldName, $this->_ValidationResults)) { $this->_ValidationResults[$FieldName] = array($ErrorCode); } else { if (!is_array($this->_ValidationResults[$FieldName])) { $this->_ValidationResults[$FieldName] = array($this->_ValidationResults[$FieldName], $ErrorCode); } else { $this->_ValidationResults[$FieldName][] = $ErrorCode; } } }
/** * "Table" layout for discussions. Mimics more traditional forum discussion layout. */ $Session = Gdn::session(); include_once $this->fetchViewLocation('helper_functions', 'discussions', 'vanilla'); include_once $this->fetchViewLocation('table_functions', 'discussions', 'vanilla'); /** * Render the page. */ $PagerOptions = array('Wrapper' => '<div %1$s>%2$s</div>', 'RecordCount' => $this->data('CountDiscussions'), 'CurrentRecords' => $this->data('Discussions')->numRows()); if ($this->data('_PagerUrl')) { $PagerOptions['Url'] = $this->data('_PagerUrl'); } echo '<h1 class="H HomepageTitle">' . $this->data('Title') . '</h1>'; $Description = $this->data('Category.Description', $this->Description()); echo wrapIf(Gdn_Format::htmlFilter($Description), 'div', array('class' => 'P PageDescription')); $this->fireEvent('AfterDescription'); include $this->fetchViewLocation('Subtree', 'Categories', 'Vanilla'); echo '<div class="PageControls Top">'; PagerModule::write($PagerOptions); echo Gdn_Theme::Module('NewDiscussionModule', $this->data('_NewDiscussionProperties', array('CssClass' => 'Button Action Primary'))); $this->fireEvent('PageControls'); echo '</div>'; if ($this->DiscussionData->numRows() > 0 || isset($this->AnnounceData) && is_object($this->AnnounceData) && $this->AnnounceData->numRows() > 0) { ?> <div class="DataTableWrap"> <table class="DataTable DiscussionsTable"> <thead> <?php WriteDiscussionHeading(); ?>
/** * Display custom fields on Profile. */ public function userInfoModule_onBasicInfo_handler($Sender) { if ($Sender->User->Banned) { return; } try { // Get the custom fields $ProfileFields = Gdn::userModel()->getMeta($Sender->User->UserID, 'Profile.%', 'Profile.'); // Import from CustomProfileFields if available if (!count($ProfileFields) && is_object($Sender->User) && c('Plugins.CustomProfileFields.SuggestedFields', false)) { $ProfileFields = Gdn::userModel()->getAttribute($Sender->User->UserID, 'CustomProfileFields', false); if ($ProfileFields) { // Migrate to UserMeta & delete original Gdn::userModel()->setMeta($Sender->User->UserID, $ProfileFields, 'Profile.'); Gdn::userModel()->saveAttribute($Sender->User->UserID, 'CustomProfileFields', false); } } // Send them off for magic formatting $ProfileFields = $this->parseSpecialFields($ProfileFields); // Get all field data, error check $AllFields = $this->getProfileFields(); if (!is_array($AllFields) || !is_array($ProfileFields)) { return; } // DateOfBirth is special case that core won't handle // Hack it in here instead if (c('ProfileExtender.Fields.DateOfBirth.OnProfile')) { // Do not use Gdn_Format::Date because it shifts to local timezone $BirthdayStamp = Gdn_Format::toTimestamp($Sender->User->DateOfBirth); if ($BirthdayStamp) { $ProfileFields['DateOfBirth'] = date(t('Birthday Format', 'F j, Y'), $BirthdayStamp); $AllFields['DateOfBirth'] = array('Label' => t('Birthday'), 'OnProfile' => true); } } // Display all non-hidden fields $ProfileFields = array_reverse($ProfileFields); foreach ($ProfileFields as $Name => $Value) { // Skip empty and hidden fields. if (!$Value || !val('OnProfile', $AllFields[$Name])) { continue; } // Non-magic fields must be plain text, but we'll auto-link if (!in_array($Name, $this->MagicLabels)) { $Value = Gdn_Format::links(Gdn_Format::text($Value)); } echo ' <dt class="ProfileExtend Profile' . Gdn_Format::alphaNumeric($Name) . '">' . Gdn_Format::text($AllFields[$Name]['Label']) . '</dt> '; echo ' <dd class="ProfileExtend Profile' . Gdn_Format::alphaNumeric($Name) . '">' . Gdn_Format::htmlFilter($Value) . '</dd> '; } } catch (Exception $ex) { // No errors } }
/** * Takes a mixed variable, filters unsafe HTML and returns it. * Does "magic" formatting of links, mentions, link embeds, emoji, & linebreaks. * * @param mixed $Mixed An object, array, or string to be formatted. * @return string */ public static function html($Mixed) { if (!is_string($Mixed)) { return self::to($Mixed, 'Html'); } else { if (self::isHtml($Mixed)) { // Purify HTML $Mixed = Gdn_Format::htmlFilter($Mixed); // Links $Mixed = Gdn_Format::links($Mixed); // Mentions & Hashes $Mixed = Gdn_Format::mentions($Mixed); // Emoji $Mixed = Emoji::instance()->translateToHtml($Mixed); // nl2br if (C('Garden.Format.ReplaceNewlines', true)) { $Mixed = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Mixed); $Mixed = fixNl2Br($Mixed); } $Result = $Mixed; // $Result = $Result. // "<h3>Html</h3><pre>".nl2br(htmlspecialchars(str_replace("<br />", "\n", $Mixed)))."</pre>". // "<h3>Formatted</h3><pre>".nl2br(htmlspecialchars(str_replace("<br />", "\n", $Result)))."</pre>"; } else { // The text does not contain html and does not have to be purified. // This is an optimization because purifying is very slow and memory intense. $Result = htmlspecialchars($Mixed, ENT_NOQUOTES, C('Garden.Charset', 'UTF-8')); $Result = Gdn_Format::mentions($Result); $Result = Gdn_Format::links($Result); $Result = Emoji::instance()->translateToHtml($Result); if (C('Garden.Format.ReplaceNewlines', true)) { $Result = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Result); $Result = fixNl2Br($Result); } } return $Result; } }
/** * Takes a mixed variable, filters unsafe HTML and returns it. * * Does "magic" formatting of links, mentions, link embeds, emoji, & linebreaks. * * @param mixed $Mixed An object, array, or string to be formatted. * @return string HTML */ public static function html($Mixed) { if (!is_string($Mixed)) { return self::to($Mixed, 'Html'); } else { if (self::isHtml($Mixed)) { // Purify HTML $Mixed = Gdn_Format::htmlFilter($Mixed); // nl2br if (c('Garden.Format.ReplaceNewlines', true)) { $Mixed = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Mixed); $Mixed = fixNl2Br($Mixed); } $Result = Gdn_Format::processHTML($Mixed); } else { // The text does not contain HTML and does not have to be purified. // This is an optimization because purifying is very slow and memory intense. $Result = htmlspecialchars($Mixed, ENT_NOQUOTES, 'UTF-8'); if (c('Garden.Format.ReplaceNewlines', true)) { $Result = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Result); $Result = fixNl2Br($Result); } $Result = Gdn_Format::processHTML($Result); } return $Result; } }