/** * This file is part of playSMS. * * playSMS is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * playSMS is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with playSMS. If not, see <http://www.gnu.org/licenses/>. */ defined('_SECURE_') or die('Forbidden'); if (!auth_isvalid()) { auth_block(); } $fn = _APPS_PATH_THEMES_ . '/' . core_themes_get() . '/welcome.php'; if (file_exists($fn)) { include $fn; } else { $information_title = $core_config['main']['information_title'] ? $core_config['main']['information_title'] : _('Welcome information'); $information_content = $core_config['main']['information_content'] ? $core_config['main']['information_content'] : _('Go to manage site menu to edit this page'); list($information_title, $information_content) = core_display_html(array($information_title, $information_content)); $tpl = array('name' => 'welcome', 'vars' => array('INFORMATION_TITLE' => htmlspecialchars_decode($information_title), 'INFORMATION_CONTENT' => htmlspecialchars_decode($information_content)), 'injects' => array('user_config')); $tpl['vars'][$doc . '_ACTIVE'] = 'class=active'; _p(tpl_apply($tpl)); }
/** * Display untrusted HTML data, protection againts XSS using HTMLPurifier() * * @param mixed $data * untrusted inputs * @return mixed */ function core_display_html($data) { $config = HTMLPurifier_Config::createDefault(); $config->set('Attr.EnableID', TRUE); $config->set('HTML.SafeObject', TRUE); $config->set('HTML.SafeEmbed', TRUE); $config->set('Output.FlashCompat', TRUE); $config->set('HTML.SafeIframe', TRUE); $config->set('URI.SafeIframeRegexp', '%^https://(www.youtube.com/embed/|player.vimeo.com/video/)%'); $config->set('HTML.Allowed', '*[style|class],p,ol,li,ul,b,u,strike,strong,blockquote,em,br,span,div,a[href|title|target|rel],img[src|alt|title|width|height|hspace|vspace],hr,font,pre,table[cellpadding|cellspacing],tr,td,th,tbody,thead,h1,h2,h3,h4,h5,iframe[src|width|height]'); $hp = new HTMLPurifier($config); if (is_array($data)) { foreach ($data as $key => $value) { if (is_array($value)) { $ret[$key] = core_display_html($value); } else { $value = $hp->purify($value); $ret[$key] = $value; } } } else { $value = $hp->purify($data); $ret = $value; } return $ret; }
function core_display_html($html) { if (is_array($html)) { foreach ($html as $item) { $ret[] = core_display_html((string) $item); } } else { $hp = new HTMLPurifier(); $ret = $hp->purify($html); } return $ret; }