Prepares an array from a form into something usable for the more
strict parts of HTMLPurifier_Config
| public static prepareArrayFromForm ( array $array, string | boolean $index = false, array | boolean $allowed = true, boolean $mq_fix = true, HTMLPurifier_ConfigSchema $schema = null ) : array | ||
| $array | array | $_GET or $_POST array to import |
| $index | string | boolean | Index/name that the config variables are in |
| $allowed | array | boolean | List of allowed namespaces/directives |
| $mq_fix | boolean | Boolean whether or not to enable magic quotes fix |
| $schema | HTMLPurifier_ConfigSchema | Schema to use, if not global copy |
| return | array | |
/**
* @Route("/purifierconfig")
* @Method("POST")
*
* Update HTMLPurifier configuration.
*
* @param Request $request
*
* @return RedirectResponse
*
* @throws AccessDeniedException Thrown if the user doesn't have admin access to the module
*/
public function updatepurifierconfigAction(Request $request)
{
$this->checkCsrfToken();
// Security check
if (!SecurityUtil::checkPermission('ZikulaSecurityCenterModule::', '::', ACCESS_ADMIN)) {
throw new AccessDeniedException();
}
// Load HTMLPurifier Classes
$purifier = SecurityCenterUtil::getpurifier();
// Update module variables.
$config = $request->request->get('purifierConfig', null);
$config = \HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def);
$allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def);
foreach ($allowed as $allowedDirective) {
list($namespace, $directive) = $allowedDirective;
$directiveKey = $namespace . '.' . $directive;
$def = $purifier->config->def->info[$directiveKey];
if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
if (isset($config[$namespace]) && isset($config[$namespace][$directive])) {
if (is_int($def)) {
$directiveType = abs($def);
} else {
$directiveType = isset($def->type) ? $def->type : 0;
}
switch ($directiveType) {
case \HTMLPurifier_VarParser::LOOKUP:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][$val] = true;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case \HTMLPurifier_VarParser::ALIST:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][] = $val;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case \HTMLPurifier_VarParser::HASH:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
list($i, $v) = explode(':', $val);
$i = trim($i);
$v = trim($v);
if (!empty($i) && !empty($v)) {
$config[$namespace][$directive][$i] = $v;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
}
}
if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
}
$this->setVar('htmlpurifierConfig', serialize($config));
// clear all cache and compile directories
ModUtil::apiFunc('ZikulaSettingsModule', 'admin', 'clearallcompiledcaches');
// the module configuration has been updated successfuly
$request->getSession()->getFlashBag()->add('status', $this->__('Done! Saved HTMLPurifier configuration.'));
return new RedirectResponse($this->get('router')->generate('zikulasecuritycentermodule_admin_modifyconfig', array(), RouterInterface::ABSOLUTE_URL));
}
/**
* Merges in configuration values from $_GET/$_POST to object. NOT STATIC.
*
* @param array $array $_GET or $_POST array to import
* @param string|bool $index Index/name that the config variables are in
* @param array|bool $allowed List of allowed namespaces/directives
* @param bool $mq_fix Boolean whether or not to enable magic quotes fix
*/
public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true)
{
$ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def);
$this->loadArray($ret);
}
/**
* Update HTMLPurifier configuration.
*
* @return void
*/
public function updatepurifierconfig()
{
$this->checkCsrfToken();
// Security check
if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) {
return LogUtil::registerPermissionError();
}
// Load HTMLPurifier Classes
$purifier = SecurityCenter_Util::getpurifier();
// Update module variables.
$config = FormUtil::getPassedValue('purifierConfig', null, 'POST');
$config = HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def);
//echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n";
$allowed = HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def);
foreach ($allowed as $allowedDirective) {
list($namespace, $directive) = $allowedDirective;
$directiveKey = $namespace . '.' . $directive;
$def = $purifier->config->def->info[$directiveKey];
if (isset($config[$namespace])
&& array_key_exists($directive, $config[$namespace])
&& is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
if (isset($config[$namespace]) && isset($config[$namespace][$directive])) {
if (is_int($def)) {
$directiveType = abs($def);
} else {
$directiveType = (isset($def->type) ? $def->type : 0);
}
switch ($directiveType) {
case HTMLPurifier_VarParser::LOOKUP:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][$val] = true;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case HTMLPurifier_VarParser::ALIST:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][] = $val;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case HTMLPurifier_VarParser::HASH:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
list($i, $v) = explode(':', $val);
$i = trim($i);
$v = trim($v);
if (!empty($i) && !empty($v)) {
$config[$namespace][$directive][$i] = $v;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
}
}
if (isset($config[$namespace])
&& array_key_exists($directive, $config[$namespace])
&& is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
}
//echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n"; exit;
$this->setVar('htmlpurifierConfig', serialize($config));
$purifier = SecurityCenter_Util::getpurifier(true);
// clear all cache and compile directories
ModUtil::apiFunc('Settings', 'admin', 'clearallcompiledcaches');
// the module configuration has been updated successfuly
LogUtil::registerStatus($this->__('Done! Saved HTMLPurifier configuration.'));
// This function generated no output, and so now it is complete we redirect
// the user to an appropriate page for them to carry on their work
$this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig'));
}
