Convenience constructor that creates a default configuration object.
| public static createDefault ( ) : HTMLPurifier_Config | ||
| Résultat | HTMLPurifier_Config | default object. |
function html_purify($dirty_html, $config = FALSE)
{
require_once APPPATH . 'third_party/htmlpurifier-4.6.0-standalone/HTMLPurifier.standalone.php';
if (is_array($dirty_html)) {
foreach ($dirty_html as $key => $val) {
$clean_html[$key] = html_purify($val, $config);
}
} else {
$ci =& get_instance();
switch ($config) {
//settings for rhe WYSIWYG
case 'comment':
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', $ci->config->item('charset'));
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('HTML.Allowed', 'a[href|title],img[title|src|alt],em,strong,cite,blockquote,code,ul,ol,li,dl,dt,dd,p,br,h1,h2,h3,h4,h5,h6,span,*[style]');
$config->set('AutoFormat.AutoParagraph', TRUE);
$config->set('AutoFormat.Linkify', TRUE);
$config->set('AutoFormat.RemoveEmpty', TRUE);
break;
case FALSE:
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', $ci->config->item('charset'));
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
break;
default:
show_error('The HTMLPurifier configuration labeled "' . htmlentities($config, ENT_QUOTES, 'UTF-8') . '" could not be found.');
}
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($dirty_html);
}
return $clean_html;
}
/**
* Value sanitation. Sanitize input and output with ease using one of the sanitation types below.
*
* @param string $data the string/value you wish to sanitize
* @param string $type the type of sanitation you wish to use.
* @return string the sanitized string
*/
public function sanitize($data, $type = '')
{
## Use the HTML Purifier, as it help remove malicious scripts and code. ##
## HTML Purifier 4.4.0 - Standards Compliant HTML Filtering ##
require_once 'htmlpurifier/HTMLPurifier.standalone.php';
$purifier = new HTMLPurifier();
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
// If no type if selected, it will simply run it through the HTML purifier only.
switch ($type) {
// Remove HTML tags (can have issues with invalid tags, keep that in mind!)
case 'purestring':
$data = strip_tags($data);
break;
// Only allow a-z (H & L case)
// Only allow a-z (H & L case)
case 'atoz':
$data = preg_replace('/[^a-zA-Z]+/', '', $data);
break;
// Integers only - Remove any non 0-9 and use Intval() to make sure it is an integer which comes out.
// Integers only - Remove any non 0-9 and use Intval() to make sure it is an integer which comes out.
case 'integer':
$data = intval(preg_replace('/[^0-9]+/', '', $data));
break;
}
/* HTML purifier to help prevent XSS in case anything slipped through. */
$data = $purifier->purify($data);
return $data;
}
/**
* clean the comment text field from html, in order to use it as submitted text
* uses the htmlpurifier library, or a simple strip_tags call, based on the app.yml config file
*
* @return String
* @param String - the text to be cleaned
*
* @author Guglielmo Celata
* @see http://htmlpurifier.org/
**/
public static function clean($text)
{
$allowed_html_tags = sfConfig::get('app_deppPropelActAsCommentableBehaviorPlugin_allowed_tags', array());
$use_htmlpurifier = sfConfig::get('app_deppPropelActAsCommentableBehaviorPlugin_use_htmlpurifier', false);
if ($use_htmlpurifier) {
$htmlpurifier_path = sfConfig::get('app_deppPropelActAsCommentableBehaviorPlugin_htmlpurifier_path', SF_ROOT_DIR . DIRECTORY_SEPARATOR . 'lib' . DIRECTORY_SEPARATOR . 'htmlpurifier' . DIRECTORY_SEPARATOR . 'library' . DIRECTORY_SEPARATOR);
require_once $htmlpurifier_path . 'HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML', 'Doctype', 'XHTML 1.0 Strict');
$config->set('HTML', 'Allowed', implode(',', array_keys($allowed_html_tags)));
if (isset($allowed_html_tags['a'])) {
$config->set('HTML', 'AllowedAttributes', 'a.href');
$config->set('AutoFormat', 'Linkify', true);
}
if (isset($allowed_html_tags['p'])) {
$config->set('AutoFormat', 'AutoParagraph', true);
}
$purifier = new HTMLPurifier($config);
$clean_text = $purifier->purify($text);
} else {
$allowed_html_tags_as_string = "";
foreach ($allowed_html_tags as $tag) {
$allowed_html_tags_as_string .= "{$tag}";
}
$clean_text = strip_tags($text, $allowed_html_tags_as_string);
}
return $clean_text;
}
/**
* Retrieves a scheme validator object
* @param $scheme String scheme name like http or mailto
* @param $config HTMLPurifier_Config object
* @param $config HTMLPurifier_Context object
*/
public function getScheme($scheme, $config, $context)
{
if (!$config) {
$config = HTMLPurifier_Config::createDefault();
}
$null = null;
// for the sake of passing by reference
// important, otherwise attacker could include arbitrary file
$allowed_schemes = $config->get('URI', 'AllowedSchemes');
if (!$config->get('URI', 'OverrideAllowedSchemes') && !isset($allowed_schemes[$scheme])) {
return $null;
}
if (isset($this->schemes[$scheme])) {
return $this->schemes[$scheme];
}
if (!isset($allowed_schemes[$scheme])) {
return $null;
}
$class = 'HTMLPurifier_URIScheme_' . $scheme;
if (!class_exists($class)) {
return $null;
}
$this->schemes[$scheme] = new $class();
return $this->schemes[$scheme];
}
public function getConfig()
{
if ($this->config === null) {
$this->config = \HTMLPurifier_Config::createDefault();
}
return $this->config;
}
/**
* Retrieves a scheme validator object
* @param $scheme String scheme name like http or mailto
* @param $config HTMLPurifier_Config object
* @param $config HTMLPurifier_Context object
*/
public function getScheme($scheme, $config, $context)
{
if (!$config) {
$config = HTMLPurifier_Config::createDefault();
}
// important, otherwise attacker could include arbitrary file
$allowed_schemes = $config->get('URI.AllowedSchemes');
if (!$config->get('URI.OverrideAllowedSchemes') && !isset($allowed_schemes[$scheme])) {
return;
}
if (isset($this->schemes[$scheme])) {
return $this->schemes[$scheme];
}
if (!isset($allowed_schemes[$scheme])) {
return;
}
$class = 'HTMLPurifier_URIScheme_' . $scheme;
// Case-sensitive on all non-windows systems
require_once 'HTMLPurifier/URIScheme/' . $scheme . '.php';
if (!class_exists($class)) {
return;
}
$this->schemes[$scheme] = new $class();
return $this->schemes[$scheme];
}
function html_filter_admin($html)
{
static $purifier;
if (!isset($purifier)) {
$ci = get_instance();
$ci->config->load('html_filter_admin', true, true);
$config = $ci->config->item('html_filter_admin');
if (!is_array($config)) {
$config = array();
}
if (!isset($config['allowed_tags'])) {
$config['allowed_tags'] = '';
}
$purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('Cache.SerializerPath', APPPATH . 'cache_htmlpurifier');
$purifier_config->set('Core.Encoding', 'utf-8');
$purifier_config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
$purifier_config->set('HTML.TidyLevel', 'light');
$purifier_config->set('Core.ConvertDocumentToFragment', false);
$purifier_config->set('Core.RemoveProcessingInstructions', true);
@$purifier_config->set('HTML.Allowed', $config['allowed_tags']);
$purifier_config->set('HTML.SafeEmbed', true);
$purifier_config->set('HTML.SafeObject', true);
$purifier_config->set('HTML.FlashAllowFullScreen', true);
$purifier_config->set('HTML.SafeIframe', true);
$purifier_config->set('Attr.EnableID', true);
$purifier_config->set('CSS.AllowImportant', true);
$purifier_config->set('CSS.AllowTricky', true);
$purifier_config->set('CSS.Proprietary', true);
$purifier_config->set('Core.EnableIDNA', true);
$purifier = @new HTMLPurifier($purifier_config);
}
return @$purifier->purify($html);
}
/**
* Prebehneme data HTML purifierom
* @param array
* @return void
*/
public function loadHttpData()
{
$data = $this->getForm()->getHttpData();
$name = $this->getName();
$value = isset($data[$name]) && is_scalar($data[$name]) ? $data[$name] : NULL;
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', $this->encoding);
if (!is_null($this->docType)) {
$config->set('HTML.Doctype', $this->docType);
}
$config->set('HTML.Allowed', 'p,a[href],strong,em,b,i,ul,ol,li,h1,h2,h3,h4,h5,div[class],span[class],br,sup,table[border],tr,td,th,thead,tbody,img[src],img[style]');
// $config->set('HTML.Allowed', 'p,a[href],strong,em,ul,ol,li,h1,h2,div[class],span[class],br,sup');
// $config->set('HTML.Allowed', 'p,a[href],strong,em,ul,ol,li,h2,h3,h4,h5');
// povoli lubovolny obsah pre href atribut odkazu - aby sa dali vyuzit latte links
$config->set('HTML.DefinitionID', 'enduser-customize.html tutorial');
// $config->set('HTML.DefinitionRev', 1);
// $config->set('Cache.DefinitionImpl', null); // remove this later!
$def = $config->getHTMLDefinition(true);
$def->addAttribute('a', 'href*', 'Text');
$purifier = new HTMLPurifier($config);
// var_dump($value);
// kedze CKEDITOR to escapuje a neviem ho prinutit aby to nerobil, tak to tu dam naspat, Purifier to nasledne aj tak spravne zescapuje
// $value = html_entity_decode($value);
// var_dump($value);
// var_dump($purifier->purify($value));die();
$this->setValue($purifier->purify($value));
}
function scrape($url, $path, $parse)
{
$config = HTMLPurifier_Config::createDefault();
$config->set('Core.Encoding', 'UTF-8');
//encoding of output
$config->set('HTML.Doctype', 'XHTML 1.1');
//doctype of output
$purifier = new HTMLPurifier($config);
$dirty_html = file_get_contents($url);
$clean_html = $purifier->purify($dirty_html);
$html = str_get_html($clean_html);
switch ($parse) {
case 'tag':
$ret = $html->find($path)->tag;
break;
case 'outertext':
$ret = $html->find($path)->outertext;
break;
case 'innertext':
$ret = $html->find($path)->innertext;
break;
case 'plaintext':
$ret = $html->find($path)->plaintext;
break;
default:
$ret = $html->find($path);
break;
}
// clean up memory
$html->clear();
unset($dirty_html);
unset($clean_html);
unset($html);
return $ret;
}
/**
* Adds an element to the allowedElements list
*
* Security::addpurifierelement("cms", Array("attributes" => Array("name" => "Text")));
*
* @param elementname elementname to add to the allowedelements
* @param elementconfig array with config options for the new element; currently only 'attributes' are supported
*/
public static function addpurifierelement($elementname, $elementconfig = array())
{
// Create a new configuration object, or load it if there is already one set
if (Security::$htmlpurifierconfig != False) {
$config = Security::$htmlpurifierconfig;
} else {
$config = HTMLPurifier_Config::createDefault();
$config->autoFinalize = false;
// To allow for later changes to the config
if (is_array($settings = Kohana::config('purifier.settings'))) {
// Load the settings
$config->loadArray($settings);
}
}
if (!isset($elementconfig["attributes"]) or !is_array($elementconfig["attributes"])) {
$elementconfig["attributes"] = array();
}
$config->set('Core.Encoding', "UTF-8");
$config->set('HTML.DefinitionID', 'cms-specific');
$config->set('Cache.DefinitionImpl', null);
// Do not use caching
$def = $config->getHTMLDefinition(true);
$element = $def->addElement($elementname, 'Inline', 'Flow', 'Common', $elementconfig["attributes"]);
// Save configuration for later use
Security::$htmlpurifierconfig = $config;
}
public static function text($str)
{
$config = HTMLPurifier_Config::createDefault();
$cache_dir = Tiny::getPath('cache') . "/htmlpurifier/";
if (!file_exists($cache_dir)) {
File::mkdir($cache_dir);
}
$config = HTMLPurifier_Config::createDefault();
//配置 缓存目录
$config->set('Cache.SerializerPath', $cache_dir);
//设置cache目录
//配置 允许flash
$config->set('HTML.SafeEmbed', true);
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
//$config->set('HTML.Allowed', 'p');
//$config->set('AutoFormat.AutoParagraph', true);
//$config->set('AutoFormat.RemoveEmpty', true);
//允许<a>的target属性
$def = $config->getHTMLDefinition(true);
$def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
$purifier = new HTMLPurifier($config);
if (get_magic_quotes_gpc()) {
$str = stripslashes($str);
$str = $purifier->purify($str);
$str = addslashes($str);
} else {
$str = $purifier->purify($str);
}
return self::sql($str);
}
/**
* Create custom post types
*/
function cvtx_init()
{
// Tagesordnungspunkte
register_post_type('cvtx_top', array('labels' => array('name' => __('Agenda points', 'cvtx'), 'singular_name' => __('Agenda point', 'cvtx'), 'add_new_item' => __('Create agenda point', 'cvtx'), 'edit_item' => __('Edit agenda point', 'cvtx'), 'view_item' => __('View agenda point', 'cvtx'), 'menu_name' => __('agenda points (menu_name)', 'cvtx'), 'new_item' => __('New agenda point', 'cvtx'), 'search_items' => __('Search agenda points', 'cvtx'), 'not_found' => __('No agenda points found', 'cvtx'), 'not_found_in_trash' => __('No agenda points found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_top_small.png', 'rewrite' => array('slug' => __('agenda points (slug)', 'cvtx')), 'supports' => array('title', 'editor')));
// Anträge
register_post_type('cvtx_antrag', array('labels' => array('name' => __('Resolutions', 'cvtx'), 'singular_name' => __('Resolution', 'cvtx'), 'add_new_item' => __('Create resolution', 'cvtx'), 'edit_item' => __('Edit resolution', 'cvtx'), 'view_item' => __('View resolution', 'cvtx'), 'menu_name' => __('resolutions (menu_name)', 'cvtx'), 'new_item' => __('New resolution', 'cvtx'), 'search_items' => __('Search resolutions', 'cvtx'), 'not_found' => __('No resolutions found', 'cvtx'), 'not_found_in_trash' => __('No resolutions found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_antrag_small.png', 'rewrite' => array('slug' => __('resolutions (slug)', 'cvtx')), 'supports' => array('title', 'editor')));
// Änderungsanträge
register_post_type('cvtx_aeantrag', array('labels' => array('name' => __('Amendments', 'cvtx'), 'singular_name' => __('Amendment', 'cvtx'), 'add_new_item' => __('Create amendment', 'cvtx'), 'edit_item' => __('Edit amendment', 'cvtx'), 'view_item' => __('View amendment', 'cvtx'), 'menu_name' => __('amendments (menu_name)', 'cvtx'), 'new_item' => __('New amendment', 'cvtx'), 'search_items' => __('Search amendment', 'cvtx'), 'not_found' => __('No amendments found', 'cvtx'), 'not_found_in_trash' => __('No amendments found in Trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_aeantrag_small.png', 'rewrite' => array('slug' => __('amendments (slug)', 'cvtx')), 'supports' => array('editor')));
// Applications
register_post_type('cvtx_application', array('labels' => array('name' => __('Applications', 'cvtx'), 'singular_name' => __('Application', 'cvtx'), 'add_new_item' => __('Create application', 'cvtx'), 'edit_item' => __('Edit application', 'cvtx'), 'view_item' => __('View application', 'cvtx'), 'menu_name' => __('Applications', 'cvtx'), 'new_item' => __('New application', 'cvtx'), 'search_items' => __('Search applications', 'cvtx'), 'not_found' => __('No applications found', 'cvtx'), 'not_found_in_trash' => __('No applications found in Trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'rewrite' => array('slug' => __('applications (slug)', 'cvtx')), 'supports' => array('title', 'editor')));
// Reader
register_post_type('cvtx_reader', array('labels' => array('name' => __('Readers', 'cvtx'), 'singular_name' => __('Reader', 'cvtx'), 'add_new_item' => __('Create reader', 'cvtx'), 'new_item' => __('New reader', 'cvtx'), 'edit_item' => __('Edit reader', 'cvtx'), 'view_item' => __('View reader', 'cvtx'), 'menu_name' => __('readers (menu_name)', 'cvtx'), 'search_items' => __('Search reader', 'cvtx'), 'not_found' => __('No readers found', 'cvtx'), 'not_found_in_trash' => __('No readers found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'menu_icon' => CVTX_PLUGIN_URL . 'images/cvtx_reader_small.png', 'rewrite' => array('slug' => __('readers (slug)', 'cvtx')), 'supports' => array('title')));
register_post_type('cvtx_event', array('labels' => array('name' => __('Events', 'cvtx'), 'singular_name' => __('Event', 'cvtx'), 'add_new_item' => __('Create event', 'cvtx'), 'new_item' => __('New event', 'cvtx'), 'edit_item' => __('Edit event', 'cvtx'), 'view_item' => __('View event', 'cvtx'), 'menu_name' => __('Events', 'cvtx'), 'search_items' => __('Search event', 'cvtx'), 'not_found' => __('No events found', 'cvtx'), 'not_found_in_trash' => __('No events found in trash', 'cvtx')), 'public' => true, '_builtin' => false, 'has_archive' => false, 'rewrite' => array('slug' => 'veranstaltungen'), 'supports' => array('title', 'editor')));
// Register reader taxonomy to Anträgen
register_taxonomy('cvtx_tax_reader', 'cvtx_antrag', array('hierarchical' => true, 'label' => __('Readers', 'cvtx'), 'show_ui' => false, 'query_var' => true, 'rewrite' => false));
// Register reader taxonomy to amendments
register_taxonomy('cvtx_tax_reader', 'cvtx_aeantrag', array('hierarchical' => true, 'label' => __('Readers', 'cvtx'), 'show_ui' => false, 'query_var' => true, 'rewrite' => false));
// Register reader taxonomy to applications
register_taxonomy('cvtx_tax_reader', 'cvtx_application', array('hierarchical' => true, 'label' => __('Readers', 'cvtx'), 'show_ui' => false, 'query_var' => true, 'rewrite' => false));
// Register taxonomy of "Überweisen an" to Anträge
register_taxonomy('cvtx_tax_assign_to', array('cvtx_antrag', 'cvtx_aeantrag'), array('hierarchical' => false, 'label' => 'Überwiesen an', 'show_ui' => true, 'show_admin_column' => true, 'query_var' => true, 'rewrite' => true));
// Initialize HTML Purifier if plugin activated
if (is_plugin_active('html-purified/html-purified.php')) {
global $html_purifier, $cvtx_purifier, $cvtx_purifier_config;
$cvtx_purifier = $html_purifier->get_purifier();
$cvtx_purifier_config = HTMLPurifier_Config::createDefault();
$cvtx_purifier_config->set('HTML.Doctype', 'XHTML 1.1');
$cvtx_purifier_config->set('HTML.Allowed', 'strong,b,em,i,h1,h2,h3,h4,ul,ol,li,br,p,del,ins,code,span[style|class],a[href],div');
$cvtx_purifier_config->set('Attr.AllowedClasses', 'color-red,color-lila,color-grau,color-green');
$cvtx_purifier_config->set('CSS.AllowedProperties', 'text-decoration');
}
}
/**
* 过滤数据 重组
* @param array $data
* @param array $modelfield
*/
public function filterData($data = array(), $modelfield = array())
{
$newmodelfield = $this->parseModelField($modelfield);
$newdata = $data;
foreach ($data as $k => $d) {
if (key_exists($k, $newmodelfield)) {
switch ($newmodelfield[$k]['type']) {
case 'editor':
//编辑器过滤XSS
Vendor('Htmlpurifier.library.HTMLPurifier#auto');
$config = \HTMLPurifier_Config::createDefault();
$purifier = new \HTMLPurifier($config);
$newdata[$k] = $purifier->purify(htmlspecialchars_decode($d));
break;
case 'position':
//推荐位
$newdata[$k] = implode(',', $d);
break;
case 'checkbox':
$newdata[$k] = implode(',', $d);
break;
}
}
}
return $newdata;
}
protected function _comment($params)
{
$pageId = (int) $params['page'];
$itemId = (int) $params['id'];
$sql = "SELECT * FROM news WHERE page_id = {$pageId} AND id = {$itemId}";
$query = $this->kobros->db->query($sql);
$news = array();
while ($res = $query->fetch(PDO::FETCH_OBJ)) {
$news[] = $res;
}
if (!sizeof($news)) {
throw new Exception('No news be here');
}
$item = $news[0];
$now = new DateTime();
$now = $now->format('Y-m-d H:i:s');
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$dirty_html = strip_tags($_POST['comment']);
$clean_html = $purifier->purify($dirty_html);
$sql = "INSERT INTO news_comments (news_id, comment, created) VALUES(?, ?, ?)";
$stmt = $this->kobros->db->prepare($sql);
$stmt->execute(array($item->id, $clean_html, $now));
header("Location: {$_SERVER['HTTP_REFERER']}");
}
function smarty_modifier_xoops_html_purifier($html, $ecoding = null, $doctype = null)
{
require_once XOOPS_LIBRARY_PATH . '/htmlpurifier/library/HTMLPurifier.auto.php';
$encoding = $encoding ? $encoding : _CHARSET;
$doctypeArr = array("HTML 4.01 Strict", "HTML 4.01 Transitional", "XHTML 1.0 Strict", "XHTML 1.0 Transitional", "XHTML 1.1");
$config = HTMLPurifier_Config::createDefault();
if (in_array($doctype, $doctypeArr)) {
$config->set('HTML.Doctype', $doctype);
}
if ($_conv = $encoding !== 'UTF-8' && function_exists('mb_convert_encoding')) {
$_substitute = mb_substitute_character();
mb_substitute_character('none');
$html = mb_convert_encoding($html, 'UTF-8', $encoding);
$config->set('Core.Encoding', 'UTF-8');
} else {
$config->set('Core.Encoding', $encoding);
}
$purifier = new HTMLPurifier($config);
$html = $purifier->purify($html);
if ($_conv) {
$html = mb_convert_encoding($html, $encoding, 'UTF-8');
mb_substitute_character($_substitute);
}
return $html;
}
function execute()
{
global $xoopsUser;
// HTMLPurifier runs with PHP5 only
if (version_compare(PHP_VERSION, '5.0.0') < 0) {
die('Turn postcommon_post_htmlpurify4guest.php off because this filter cannot run with PHP4');
}
if (is_object($xoopsUser)) {
return true;
}
// use HTMLPurifier inside ImpressCMS
if (!class_exists('icms_core_HTMLFilter')) {
$this->purifier =& icms_core_HTMLFilter::getInstance();
$this->method = 'htmlpurify';
} else {
// use HTMLPurifier inside Protector
require_once dirname(dirname(__FILE__)) . '/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache', 'SerializerPath', XOOPS_TRUST_PATH . '/modules/protector/configs');
$config->set('Core', 'Encoding', _CHARSET);
//$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
$this->purifier = new HTMLPurifier($config);
$this->method = 'purify';
}
$_POST = $this->purify_recursive($_POST);
}
/**
* constructor, this is a singleton class please don't use this but make a call like this : $var =& DBPurifier::getInstance()
* @access private
*/
function DbPurifier()
{
$config = HTMLPurifier_Config::createDefault();
$config->set('Core', 'Encoding', 'UTF-8');
$config->set('Core', 'XHTML', true);
parent::HTMLPurifier($config);
}
public function purify($html, $options = array())
{
if (empty($html)) {
return '';
}
require_once Config::get('HTML_PURIFIER');
require_once 'HTMLPurifier.func.php';
$html = Util\toUTF8String($html);
$config = \HTMLPurifier_Config::createDefault();
$config->set('AutoFormat.AutoParagraph', false);
$config->set('AutoFormat.RemoveEmpty.RemoveNbsp', true);
//$config->set('AutoFormat.RemoveEmpty', true);//slows down htmls parsing
//$config->set('AutoFormat.RemoveSpansWithoutAttributes', true); //medium slows down htmls parsing
$config->set('HTML.ForbiddenElements', array('head'));
$config->set('HTML.SafeIframe', true);
$config->set('HTML.TargetBlank', true);
$config->set('URI.DefaultScheme', 'https');
$config->set('Attr.EnableID', true);
if (!empty($options)) {
foreach ($options as $k => $v) {
$config->set($k, $v);
}
}
$purifier = new \HTMLPurifier($config);
// This storage is freed on error
Cache::set('memory', str_repeat('*', 1024 * 1024));
register_shutdown_function(array($this, 'onScriptShutdown'));
$html = $purifier->purify($html);
Cache::remove('memory');
$html = str_replace('/preview/#', '#', $html);
return $html;
}
/**
* Base configuration of HTML Purifier for codendi.
*/
protected function getCodendiConfig()
{
$config = HTMLPurifier_Config::createDefault();
$this->setConfigAttribute($config, 'Core', 'Encoding', 'UTF-8');
$this->setConfigAttribute($config, 'Cache', 'SerializerPath', $GLOBALS['codendi_cache_dir']);
return $config;
}
/**
* Returns HTML Purifier instance matching the configuration
*
* @param array $local_config Local HTML Purifier configuration
*
* @return \HTMLPurifier
*
* @access private
*
* @static
*/
private static function __instance(array $config)
{
$config_key = md5(json_encode($config));
if (!isset(self::$_instances[$config_key])) {
/**
* Grab HTML Purifier default configuration
*/
$hp_default_config = \HTMLPurifier_Config::createDefault();
/**
* Grab HTML Purifier user configuration (global and local)
*/
$hp_user_config = json_decode(HTML_PURIFIER_CONFIG, true);
$hp_user_config += $config;
/**
* Add HTML Purifier user configuration
*/
foreach ($hp_user_config as $key => $value) {
if (is_array($value)) {
call_user_func_array(array($hp_default_config, 'set'), array($key) + $value);
} else {
$hp_default_config->set($key, $value);
}
}
self::$_instances[$config_key] = new \HTMLPurifier($hp_default_config);
}
return self::$_instances[$config_key];
}
/**
* Create config.
*
* @return HTMLPurifier_Config
*/
public function getConfig()
{
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.DefinitionID', 'Garp3');
$config->set('HTML.DefinitionRev', 5);
$config->set('HTML.Doctype', 'HTML 4.01 Transitional');
$config->set('HTML.Trusted', true);
$config->set('HTML.AllowedElements', array('a', 'abbr', 'acronym', 'b', 'blockquote', 'br', 'caption', 'cite', 'code', 'dd', 'del', 'dfn', 'div', 'dl', 'dt', 'em', 'embed', 'figure', 'figcaption', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'iframe', 'img', 'ins', 'kbd', 'li', 'object', 'ol', 'p', 'param', 'pre', 's', 'small', 'span', 'strong', 'sub', 'sup', 'u', 'ul', 'var'));
$config->set('AutoFormat.RemoveEmpty', true);
$config->set('AutoFormat.RemoveSpansWithoutAttributes', true);
$config->set('AutoFormat.RemoveEmpty.RemoveNbsp', true);
$config->set('Output.TidyFormat', true);
$config->set('Attr.AllowedClasses', $this->_getAllowedClasses());
$config->set('CSS.AllowedProperties', array('font-weight', 'font-style', 'float', 'vertical-align', 'width', 'height'));
$config->set('CSS.MaxImgLength', null);
$config->set('Cache.SerializerPath', $this->_getCachePath());
$config->set('URI.MakeAbsolute', true);
$config->set('URI.Base', (string) new Garp_Util_FullUrl('/'));
$config->set('Filter.Custom', array(new Garp_Service_HTMLPurifier_Filter_MyIframe(), new Garp_Service_HTMLPurifier_Filter_MyEmbed()));
// add proprietary elements
if ($def = $config->maybeGetRawHTMLDefinition()) {
$def->addAttribute('a', 'target', 'Enum#_blank,_self');
$iframe = $def->addElement('iframe', 'Inline', 'Custom: #PCDATA', 'Common', array('src*' => 'URI', 'width*' => 'Number', 'height*' => 'Number', 'frameborder' => 'Text', 'scrolling' => 'Text', 'allowtransparency' => 'Text'));
$embed = $def->addElement('embed', 'Inline', 'Custom: #PCDATA', 'Common', array('src*' => 'URI', 'type*' => 'Text', 'width*' => 'Number', 'height*' => 'Number', 'allowscriptaccess' => 'Text'));
$figure = $def->addElement('figure', 'Inline', 'Flow', 'Common', array('class*' => 'Text'));
$figcaption = $def->addElement('figcaption', 'Inline', 'Inline', 'Common', array());
}
return $config;
}
public static function Save(Affiliation $dbAffiliation, $newAffiliation, $org_name, Member $CurrentMember)
{
$org_name = Convert::raw2sql($org_name);
// attempt to retrieve Org by the submitted name
$org = Org::get()->filter('Name', $org_name)->First();
if (!$org) {
// no org matched, create a new org of that name and associate it
$org = new Org();
$org->Name = $org_name;
$org->write();
}
$config = HTMLPurifier_Config::createDefault();
// Remove any CSS or inline styles
$config->set('CSS.AllowedProperties', array());
$purifier = new HTMLPurifier($config);
$dbAffiliation->OrganizationID = $org->ID;
$dbAffiliation->JobTitle = $newAffiliation->JobTitle;
$dbAffiliation->MemberID = $CurrentMember->ID;
$dbAffiliation->StartDate = $newAffiliation->StartDate;
$dbAffiliation->EndDate = !empty($newAffiliation->EndDate) ? $newAffiliation->EndDate : null;
$dbAffiliation->Current = $newAffiliation->Current == 1 ? true : false;
if (empty($newAffiliation->EndDate)) {
$dbAffiliation->Current = true;
}
$dbAffiliation->write();
}
/**
* Returns the singleton instance of HTML Purifier. If no instance has
* been created, a new instance will be created. Configuration options
* for HTML Purifier can be set in `APPPATH/config/purifier.php` in the
* "settings" key.
*
* $purifier = Security::htmlpurifier();
*
* @return HTMLPurifier
*/
public static function htmlpurifier()
{
if (!Security::$htmlpurifier) {
if (!class_exists('HTMLPurifier_Config', FALSE)) {
if (kohana::$config->load('purifier')->get('preload')) {
// Load the all of HTML Purifier right now.
// This increases performance with a slight hit to memory usage.
require Kohana::find_file('vendor', 'htmlpurifier/library/HTMLPurifier.includes');
}
// Load the HTML Purifier auto loader
require Kohana::find_file('vendor', 'htmlpurifier/library/HTMLPurifier.auto');
}
// Create a new configuration object
$config = HTMLPurifier_Config::createDefault();
if (!kohana::$config->load('purifier')->get('finalize')) {
// Allow configuration to be modified
$config->autoFinalize = FALSE;
}
// Use the same character set as Kohana
$config->set('Core.Encoding', Kohana::$charset);
if (is_array($settings = kohana::$config->load('purifier')->get('settings'))) {
// Load the settings
$config->loadArray($settings);
}
// Configure additional options
$config = Security::configure($config);
// Create the purifier instance
Security::$htmlpurifier = new HTMLPurifier($config);
}
return Security::$htmlpurifier;
}
function testLineNumbers()
{
// . . . . . . . . . .
// 01234567890123 01234567890123 0123456789012345 0123456789012 012345
$html = "<b>Line 1</b>\n<i>Line 2</i>\nStill Line 2<br\n/>Now Line 4\n\n<br />";
$expect = array(0 => new HTMLPurifier_Token_Start('b'), 1 => new HTMLPurifier_Token_Text('Line 1'), 2 => new HTMLPurifier_Token_End('b'), 3 => new HTMLPurifier_Token_Text("\n"), 4 => new HTMLPurifier_Token_Start('i'), 5 => new HTMLPurifier_Token_Text('Line 2'), 6 => new HTMLPurifier_Token_End('i'), 7 => new HTMLPurifier_Token_Text("\nStill Line 2"), 8 => new HTMLPurifier_Token_Empty('br'), 9 => new HTMLPurifier_Token_Text("Now Line 4\n\n"), 10 => new HTMLPurifier_Token_Empty('br'));
$context = new HTMLPurifier_Context();
$config = HTMLPurifier_Config::createDefault();
$output = $this->DirectLex->tokenizeHTML($html, $config, $context);
$this->assertIdentical($output, $expect);
$context = new HTMLPurifier_Context();
$config = HTMLPurifier_Config::create(array('Core.MaintainLineNumbers' => true));
$expect[0]->position(1, 0);
$expect[1]->position(1, 3);
$expect[2]->position(1, 9);
$expect[3]->position(2, -1);
$expect[4]->position(2, 0);
$expect[5]->position(2, 3);
$expect[6]->position(2, 9);
$expect[7]->position(3, -1);
$expect[8]->position(3, 12);
$expect[9]->position(4, 2);
$expect[10]->position(6, 0);
$output = $this->DirectLex->tokenizeHTML($html, $config, $context);
$this->assertIdentical($output, $expect);
}
/**
* Cross-site scripting (XSS) 공격을 방어하기 위해서 위험 문자열을 제거한다.
* @param string $data
*/
function kboard_xssfilter($data)
{
global $kboard_xssfilter_active;
if (is_array($data)) {
return array_map('kboard_xssfilter', $data);
}
if ($kboard_xssfilter_active) {
if (!$GLOBALS['KBOARD']['HTMLPurifier'] || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) {
$HTMLPurifier_Config = HTMLPurifier_Config::createDefault();
$HTMLPurifier_Config->set('HTML.SafeIframe', true);
$HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)');
$HTMLPurifier_Config->set('HTML.TidyLevel', 'light');
$HTMLPurifier_Config->set('HTML.SafeObject', true);
$HTMLPurifier_Config->set('HTML.SafeEmbed', true);
$HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank'));
$HTMLPurifier_Config->set('Output.FlashCompat', true);
$HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier');
$GLOBALS['KBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config;
$GLOBALS['KBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance();
unset($HTMLPurifier_Config);
}
$data = $GLOBALS['KBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KBOARD']['HTMLPurifier_Config']);
}
return kboard_safeiframe($data);
}
/**
* Convert user input to HTML
* Do not call this function recursively.
*
* @param string $text Text we want to parse
* @param Title $title
* @param ParserOptions $options
* @param bool $linestart
* @param bool $clearState
* @param int $revid Number to pass in {{REVISIONID}}
* @return ParserOutputInterface A ParserOutput
*/
public function parse($text, Title $title, ParserOptions $options, $lineStart = true, $clearState = true, $revId = null)
{
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$text = $purifier->purify($text);
return new ParserOutput($text);
}
function execute()
{
// HTMLPurifier runs with PHP5 only
if (version_compare(PHP_VERSION, '5.0.0') < 0) {
die('Turn postcommon_post_htmlpurify4everyone.php off because this filter cannot run with PHP4');
}
/*
if ( file_exists( XOOPS_ROOT_PATH.'/class/icms.htmlpurifier.php' ) ) {
// use HTMLPurifier inside ImpressCMS
if ( ! class_exists( 'icms_HTMLPurifier' ) ) {
require_once ICMS_ROOT_PATH.'/class/icms.htmlpurifier.php' ;
}
// $pure =& icms_HTMLPurifier::getPurifierInstance() ;
// $_POST = $pure->icms_html_purifier( $_POST , 'protector' ) ;
$this->purifier =& icms_HTMLPurifier::getPurifierInstance() ;
$this->method = 'icms_html_purifier' ;
} else {
*/
// use HTMLPurifier inside Protector
require_once dirname(dirname(__FILE__)) . '/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache', 'SerializerPath', XOOPS_TRUST_PATH . '/modules/protector/configs');
$config->set('Core', 'Encoding', _CHARSET);
//$config->set('HTML', 'Doctype', 'HTML 4.01 Transitional');
$this->purifier = new HTMLPurifier($config);
$this->method = 'purify';
// }
$_POST = $this->purify_recursive($_POST);
}
/**
* Cross-site scripting (XSS) 공격을 방어하기 위해서 위험한 문자열을 제거한다.
* @param string $data
*/
function kboard_xssfilter($data)
{
global $kboard_xssfilter_active;
if (is_array($data)) {
return array_map('kboard_xssfilter', $data);
}
if ($kboard_xssfilter_active) {
if (!isset($GLOBALS['KBOARD']) || !isset($GLOBALS['KBOARD']['HTMLPurifier']) && !$GLOBALS['KBOARD']['HTMLPurifier'] || !isset($GLOBALS['KBOARD']['HTMLPurifier_Config']) || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) {
$HTMLPurifier_Config = HTMLPurifier_Config::createDefault();
$HTMLPurifier_Config->set('URI.AllowedSchemes', array('http' => true, 'https' => true, 'mailto' => true));
$HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)');
$HTMLPurifier_Config->set('HTML.SafeIframe', true);
$HTMLPurifier_Config->set('HTML.SafeObject', true);
$HTMLPurifier_Config->set('HTML.SafeEmbed', true);
$HTMLPurifier_Config->set('HTML.TidyLevel', 'light');
$HTMLPurifier_Config->set('HTML.FlashAllowFullScreen', true);
$HTMLPurifier_Config->set('HTML.AllowedElements', 'img,div,a,strong,font,span,em,br,p,u,i,b,sup,sub,small,table,thead,tbody,tfoot,tr,td,th,caption,pre,code,ul,li,ol,big,code,blockquote,center,hr,h1,h2,h3,h4,h5,h6,iframe');
$HTMLPurifier_Config->set('HTML.AllowedAttributes', 'a.href,a.target,img.src,iframe.src,iframe.frameborder,*.id,*.alt,*.style,*.class,*.title,*.width,*.height,*.border,*.colspan,*.rowspan');
$HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank'));
$HTMLPurifier_Config->set('Output.FlashCompat', true);
$HTMLPurifier_Config->set('Core.RemoveInvalidImg', true);
$HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier');
$GLOBALS['KBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config;
$GLOBALS['KBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance();
unset($HTMLPurifier_Config);
}
$data = $GLOBALS['KBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KBOARD']['HTMLPurifier_Config']);
}
return $data;
}
/**
* Build new instance
* @param type $config
* @return
*/
public static function setInstance($config = null)
{
if (is_null($config)) {
$config = HTMLPurifier_Config::createDefault();
}
self::$_instance = new HTMLPurifier($config);
}
public function saveAction()
{
$form = new News_Form_Article();
$formData = $this->_request->getPost();
$form->populate($formData);
if (!$form->isValid($formData)) {
$appSession = Zend_Registry::get('appSession');
$appSession->articleForm = $form;
$this->_forward('index');
return;
}
$news = new News_Model_News();
if ($this->_getParam('id')) {
if (!($article = $news->getRowInstance($this->_getParam('id')))) {
$this->_helper->FlashMessenger->addMessage($this->view->translate('The article doesn\'t exist.'));
$this->_redirect('/news');
return;
}
} else {
$article = $news->createRow();
}
require_once 'htmlpurifier/library/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$cleanHtml = $purifier->purify($form->getValue('content'));
$article->title = $form->getValue('title');
$article->date = $form->getValue('date');
$article->excerpt = $form->getValue('excerpt');
$article->content = $cleanHtml;
$article->save();
$this->_helper->FlashMessenger->addMessage($this->view->translate('The article has been saved.'));
$this->_redirect('/news');
}
