/**
* include/enable HTMLPurifier
*
* @access private
* @param $config - optional config array passed to HTMLPurifier
* @return object
**/
private static function getPurifier($config = NULL)
{
if (is_object(self::$purifier)) {
return self::$purifier;
}
if (!class_exists('HTMLPurifier', false)) {
$path = CAT_Helper_Directory::getInstance()->sanitizePath(CAT_PATH . '/modules/lib_htmlpurifier/htmlpurifier/library/HTMLPurifier.auto.php');
if (!file_exists($path)) {
CAT_Object::getInstance()->printFatalError('Missing library HTMLPurifier!');
}
include $path;
}
$pconfig = HTMLPurifier_Config::createDefault();
if ($config && is_array($config)) {
foreach ($config as $key => $val) {
$pconfig->set($key, $val);
}
}
$pconfig->set('AutoFormat.Linkify', TRUE);
$pconfig->set('URI.Disable', false);
// allow most HTML but not all (no forms, for example)
$pconfig->set('HTML.Allowed', 'a[href|title],abbr[title],acronym[title],b,blockquote[cite],br,caption,cite,code,dd,del,dfn,div,dl,dt,em,h1,h2,h3,h4,h5,h6,i,img[src|alt|title|class],ins,kbd,li,ol,p,pre,s,strike,strong,sub,sup,table,tbody,td,tfoot,th,thead,tr,tt,u,ul,var');
self::$purifier = new HTMLPurifier($pconfig);
return self::$purifier;
}
//**************************************************************************
if (!defined('CAT_LOGIN_PHASE')) {
$path = isset($_SERVER['SCRIPT_FILENAME']) ? CAT_Helper_Directory::sanitizePath($_SERVER['SCRIPT_FILENAME']) : NULL;
if ($path) {
$check = str_replace('/', '\\/', CAT_Helper_Directory::sanitizePath(CAT_ADMIN_PATH));
if (preg_match('~^' . $check . '~i', $path)) {
define('CAT_REQUIRE_ADMIN', true);
if (!CAT_Users::getInstance()->is_authenticated()) {
CAT_Users::getInstance()->handleLogin();
exit(0);
}
// always enable CSRF protection in backend; does not work with
// AJAX so scripts called via AJAX should set this constant
if (!defined('CAT_AJAX_CALL')) {
//echo "class.secure is calling enableCSRFMagic<br />";
CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
global $parser;
if (!is_object($parser)) {
$parser = CAT_Helper_Template::getInstance('Dwoo');
}
// initialize template search path
$parser->setPath(CAT_THEME_PATH . '/templates');
$parser->setFallbackPath(CAT_THEME_PATH . '/templates');
}
} else {
define('CAT_REQUIRE_ADMIN', false);
}
}
if (!defined('CAT_INITIALIZED')) {
require dirname(__FILE__) . '/initialize.php';
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
$backend->print_error('You do not have permissions to modify this page!');
}
// =================
// ! Get new content
// =================
$content = $val->sanitizePost('content' . $section_id);
// for non-admins only
if (!CAT_Users::getInstance()->ami_group_member(1)) {
// if HTMLPurifier is enabled...
$r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"');
if ($r) {
// use HTMLPurifier to clean up the output
$content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true));
}
} else {
$content = $val->add_slashes($content);
}
/**
* searching in $text will be much easier this way
*/
$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0);
/**
* save
**/
$query = "REPLACE INTO `" . CAT_TABLE_PREFIX . "mod_wysiwyg` VALUES ( '{$section_id}', {$page_id}, '{$content}', '{$text}' );";
$backend->db()->query($query);
if ($backend->db()->isError()) {
trigger_error(sprintf('[%s - %s] %s', __FILE__, __LINE__, $backend->db()->getError()), E_USER_ERROR);
public function checkFTAN($mode = 'POST')
{
return CAT_Helper_Protect::checkToken($mode);
}
/**
* shows the current page
*
* @access public
* @return void
**/
public function show()
{
// ----- keep old modules happy -----
global $wb, $admin, $database, $page_id, $section_id;
global $TEXT;
$admin =& $wb;
if ($page_id == '') {
$page_id = $this->_page_id;
}
// ----- keep old modules happy -----
$this->log()->LogDebug(sprintf('showing page with ID [%s]', $page_id));
// send appropriate header
if (CAT_Helper_Page::isMaintenance() || CAT_Registry::get('MAINTENANCE_PAGE') == $page_id) {
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
header('Retry-After: 7200');
// in seconds
}
// template engine
global $parser;
// page of type menu_link
if (CAT_Sections::isMenuLink($this->_page_id)) {
$this->showMenuLink();
} else {
$do_filter = false;
// use output filter (if any)
if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/blackcatFilter/filter.php'))) {
include_once CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/blackcatFilter/filter.php');
if (function_exists('executeFilters')) {
$this->log()->LogDebug('enabling output filters');
$do_filter = true;
}
}
$this->setTemplate();
// including the template; it may calls different functions
// like page_content() etc.
ob_start();
require CAT_TEMPLATE_DIR . '/index.php';
$output = ob_get_contents();
ob_clean();
// droplets
CAT_Helper_Droplet::process($output);
// output filtering
if ($do_filter) {
$this->log()->LogDebug('executing output filters');
executeFilters($output);
}
// use HTMLPurifier to clean up the output
if (defined('ENABLE_HTMLPURIFIER') && true === ENABLE_HTMLPURIFIER) {
$this->log()->LogDebug('executing HTML Purifier');
$output = CAT_Helper_Protect::purify($output);
}
$this->log()->LogDebug('print output');
if (!headers_sent()) {
$properties = self::properties($page_id);
echo header('content-type:text/html; charset=' . (isset($properties['default_charset']) ? $properties['default_charset'] : 'utf-8'));
}
echo $output;
}
}
