Esempio n. 1
0
    public function ProcessShortcodeBBAction($parent)
    {
        global $bb_dir, $bb_pref_lang, $bb_revision_num, $bb_writeperms;
        $info = $this->GetInfo($parent->GetSID());
        if ($_REQUEST["sc_action"] == "bb_image_upload_ajaxupload") {
            BB_RunPluginAction("pre_bb_content_shortcode_bb_image_upload_ajaxupload");
            $msg = BB_ValidateAJAXUpload();
            if ($msg != "") {
                echo htmlspecialchars(BB_Translate($msg));
                exit;
            }
            // Use official magic numbers for each format to determine the real content type.
            $data = file_get_contents($_FILES["Filedata"]["tmp_name"]);
            $type = BB_GetImageType($data);
            if ($type != "gif" && $type != "jpg" && $type != "png") {
                echo htmlspecialchars(BB_Translate("Uploaded file is not a valid web image.  Must be PNG, JPG, or GIF."));
                exit;
            }
            if (!is_dir($bb_dir . "/images")) {
                mkdir($bb_dir . "/images", 0777, true);
            }
            $dirfile = preg_replace('/\\.+/', ".", preg_replace('/[^A-Za-z0-9_.\\-]/', "_", $bb_pref_lang . "_" . ($bb_revision_num > -1 ? $bb_revision_num . "_" : "") . trim($_FILES["Filedata"]["name"])));
            if ($dirfile == ".") {
                $dirfile = "";
            }
            if ($dirfile == "") {
                echo htmlspecialchars(BB_Translate("A filename was not specified."));
                exit;
            }
            $pos = strrpos($dirfile, ".");
            if ($pos === false || substr($dirfile, $pos + 1) != $type) {
                $dirfile .= "." . $type;
            }
            if (!@move_uploaded_file($_FILES["Filedata"]["tmp_name"], $bb_dir . "/images/" . $dirfile)) {
                echo htmlspecialchars(BB_Translate("Unable to move temporary file to final location.  Check the permissions of the target directory and destination file."));
                exit;
            }
            @chmod($bb_dir . "/images/" . $dirfile, 0444 | $bb_writeperms);
            $info["src"] = "images/" . $dirfile;
            if (!$parent->SaveShortcode($info)) {
                echo htmlspecialchars(BB_Translate("Unable to save the shortcode."));
                exit;
            }
            echo "OK";
            BB_RunPluginAction("post_bb_content_shortcode_bb_image_upload_ajaxupload");
        } else {
            if ($_REQUEST["sc_action"] == "bb_image_upload_submit") {
                BB_RunPluginAction("pre_bb_content_shortcode_bb_image_upload_submit");
                $imginfo = BB_IsValidHTMLImage($_REQUEST["url"], array("protocol" => "http"));
                if (!$imginfo["success"]) {
                    BB_PropertyFormError($imginfo["error"]);
                }
                $dirfile = preg_replace('/\\.+/', ".", preg_replace('/[^A-Za-z0-9_.\\-]/', "_", $_REQUEST["destfile"]));
                if ($dirfile == ".") {
                    $dirfile = "";
                }
                // Automatically calculate the new filename based on the URL.
                if ($dirfile == "") {
                    $dirfile = $bb_pref_lang . "_" . ($bb_revision_num > -1 ? $bb_revision_num . "_" : "") . BB_MakeFilenameFromURL($imginfo["url"], $imginfo["type"]);
                }
                if (!is_dir($bb_dir . "/images")) {
                    mkdir($bb_dir . "/images", 0777, true);
                }
                if (BB_WriteFile($bb_dir . "/images/" . $dirfile, $imginfo["data"]) === false) {
                    BB_PropertyFormError("Unable to save the image.");
                }
                $info["src"] = "images/" . $dirfile;
                if (!$parent->SaveShortcode($info)) {
                    BB_PropertyFormError("Unable to save the shortcode.");
                }
                ?>
<div class="success"><?php 
                echo htmlspecialchars(BB_Translate("Image transferred."));
                ?>
</div>
<script type="text/javascript">
LoadProperties(<?php 
                echo $parent->CreateShortcodePropertiesJS("");
                ?>
);
ReloadIFrame();
</script>
<?php 
                BB_RunPluginAction("post_bb_content_shortcode_bb_image_upload_submit");
            } else {
                if ($_REQUEST["sc_action"] == "bb_image_upload") {
                    $parent->CreateShortcodeUploader("", array(), "Configure Image", "Image", "image", "*.png;*.jpg;*.gif", "Web Image Files");
                } else {
                    if ($_REQUEST["sc_action"] == "bb_image_configure_submit") {
                        BB_RunPluginAction("pre_bb_content_shortcode_bb_image_configure_submit");
                        $src = trim($_REQUEST["src"]);
                        if ($info["src"] != $src) {
                            if ($src != "") {
                                $imginfo = BB_IsValidHTMLImage($src, array("protocol" => "http"));
                                if (!$imginfo["success"] && function_exists("fsockopen")) {
                                    BB_PropertyFormError("'Image URL' field does not point to a valid image file.");
                                }
                            }
                            $info["src"] = $src;
                        }
                        $info["alt"] = $_REQUEST["alt"];
                        $info["opt-caption"] = $_REQUEST["opt-caption"] == "enable";
                        $info["opt-caption-width"] = (int) $_REQUEST["opt-caption-width"];
                        if ($info["opt-caption-width"] < 0) {
                            $info["opt-caption-width"] = 0;
                        }
                        if (!$parent->SaveShortcode($info)) {
                            BB_PropertyFormError("Unable to save the shortcode.");
                        }
                        ?>
<div class="success"><?php 
                        echo htmlspecialchars(BB_Translate("Options saved."));
                        ?>
</div>
<script type="text/javascript">
CloseProperties();
ReloadIFrame();
</script>
<?php 
                        BB_RunPluginAction("post_bb_content_shortcode_bb_image_configure_submit");
                    } else {
                        if ($_REQUEST["sc_action"] == "bb_image_configure") {
                            BB_RunPluginAction("pre_bb_content_shortcode_bb_image_configure");
                            $desc = "<br />";
                            $desc .= $parent->CreateShortcodePropertiesLink(BB_Translate("Upload/Transfer Image"), "bb_image_upload");
                            $options = array("title" => "Configure Image", "desc" => "Configure the image or upload/transfer a new image.", "htmldesc" => $desc, "bb_action" => $_REQUEST["bb_action"], "hidden" => array("sid" => $parent->GetSID(), "sc_action" => "bb_image_configure_submit"), "fields" => array(array("title" => "Image URL", "type" => "text", "name" => "src", "value" => $info["src"], "desc" => "The URL of this image."), array("title" => "Alternate Text", "type" => "text", "name" => "alt", "value" => $info["alt"], "desc" => "The alternate text to display if images are not able to be seen (e.g. visually impaired visitors)."), array("title" => "Display Caption", "type" => "select", "name" => "opt-caption", "options" => array("enable" => "Enable", "disable" => "Disable"), "select" => $info["opt-caption"] ? "enable" : "disable", "desc" => "Display the alternate text as a caption below the image."), array("title" => "Caption Width", "type" => "text", "name" => "opt-caption-width", "value" => $info["opt-caption-width"], "desc" => "The width in pixels to constrain the caption to.  Typically the width of the image.")), "submit" => "Save", "focus" => true);
                            BB_RunPluginActionInfo("bb_content_shortcode_bb_image_configure_options", $options);
                            BB_PropertyForm($options);
                            BB_RunPluginAction("post_bb_content_shortcode_bb_image_configure");
                        }
                    }
                }
            }
        }
    }
Esempio n. 2
0
function BB_HTMLPurifyForWYMEditor($data, $options)
{
    if (isset($options["shortcodes"]) && (!$options["shortcodes"] || !isset($options["shortcode_placeholder"]) || !isset($options["shortcode_ids"]))) {
        unset($options["shortcodes"]);
    }
    if (isset($options["validate_img"]) && !$options["validate_img"]) {
        unset($options["validate_img"]);
    }
    // Let HTML Purifier do the heavy-lifting (removes XSS, etc).
    // If the 'p' tag ever accepts more than 'class', the 'class' extraction code while generating pretty HTML will need rewriting.
    $config = array("Attr.EnableID" => isset($options["shortcodes"]), "HTML.Allowed" => "p[class],strong,em,sup,sub,a[title|href],ul[class],ol[class],li[class],h1[class],h2[class],h3[class],h4[class],h5[class],h6[class],pre[class],blockquote[class],img[" . (isset($options["shortcodes"]) ? "id|class|" : "") . "src|alt]");
    if (isset($options["allowed_classes"]) && is_array($options["allowed_classes"])) {
        $config["Attr.AllowedClasses"] = $options["allowed_classes"];
    }
    $data = BB_HTMLPurify($data, $config);
    // Replace newlines outside of 'pre' tags with spaces.
    $data2 = "";
    $lastpos = 0;
    $pos = strpos($data, "<pre");
    $pos2 = strpos($data, "</pre>");
    $pos3 = strpos($data, ">", $pos);
    while ($pos !== false && $pos2 !== false && $pos3 !== false && $pos3 < $pos2) {
        $data2 .= Str::ReplaceNewlines(" ", substr($data, $lastpos, $pos3 + 1 - $lastpos));
        $data2 .= Str::ReplaceNewlines("\n", substr($data, $pos3 + 1, $pos2 - $pos3 - 1));
        $data2 .= "</pre>";
        $lastpos = $pos2 + 6;
        $pos = strpos($data, "<pre", $lastpos);
        $pos2 = strpos($data, "</pre>", $lastpos);
        $pos3 = strpos($data, ">", $pos);
    }
    $data = $data2 . Str::ReplaceNewlines(" ", substr($data, $lastpos));
    // Process the DOM to create consistent input and output.
    require_once ROOT_PATH . "/" . SUPPORT_PATH . "/simple_html_dom.php";
    $html = new simple_html_dom();
    $html2 = new simple_html_dom();
    // Make sure all elements and text are inside a top-level tag.
    $html->load("<body>" . $data . "</body>");
    $bodytags = array("p" => true, "ul" => true, "ol" => true, "h1" => true, "h2" => true, "h3" => true, "h4" => true, "h5" => true, "h6" => true, "pre" => true, "blockquote" => true);
    $rows = $html->find("body text");
    foreach ($rows as $row) {
        $row2 = $row;
        while ($row2->parent()->tag != "body") {
            $row2 = $row2->parent();
        }
        if (!isset($bodytags[$row2->tag])) {
            $row2->outertext = "<p>" . $row2->outertext . "</p>";
        }
    }
    $html->load($html->save());
    $body = $html->find("body", 0);
    $rows = $body->children();
    foreach ($rows as $row) {
        if (!isset($bodytags[$row->tag])) {
            $row->outertext = "<p>" . $row->outertext . "</p>";
        }
    }
    $html->load($html->save());
    $rows = $html->find("blockquote text");
    foreach ($rows as $row) {
        $row2 = $row;
        while ($row2->parent()->tag != "blockquote") {
            $row2 = $row2->parent();
        }
        if (!isset($bodytags[$row2->tag])) {
            $row2->outertext = "<p>" . $row2->outertext . "</p>";
        }
    }
    $html->load($html->save());
    // Clean up 'li' elements.  WYMEditor only allows a limited number of tags (a good thing).
    $rows = $html->find("li");
    foreach ($rows as $row) {
        $row->innertext = strip_tags($row->innertext, "<strong><em><sup><sub><a><img><ul><ol><li>");
    }
    // Replace &nbsp; with spaces.
    $data = $html->save();
    $data = str_replace(array("&nbsp;", "&#160;", " "), array(" ", " ", " "), $data);
    $html->load($data);
    // Process shortcodes or images.
    if (isset($options["shortcodes"])) {
        // Remove invalid 'img' tags.
        $rows = $html->find("img");
        foreach ($rows as $row) {
            if (!isset($row->class) || $row->class != $options["shortcode_placeholder"] || !isset($row->id) || !isset($options["shortcode_ids"][$row->id])) {
                $row->outertext = "";
            } else {
                $row->src = $options["shortcode_ids"][$row->id];
            }
        }
        $html->load($html->save());
        // Move text inside the special 'p.wrap-shortcode' class to separate 'p' tags.
        $rows = $html->find("p.wrap-shortcode img");
        foreach ($rows as $row) {
            $str = $row->parent()->innertext;
            $pos = strpos($str, "<img ");
            $pos2 = strpos($str, "/>", $pos);
            $str2 = substr($str, 0, $pos);
            $str3 = substr($str, $pos2 + 2);
            $str = substr($str, $pos, $pos2 + 2 - $pos);
            if ($str2 != "" || $str3 != "") {
                $row->parent()->outertext = ($str2 == "" ? "" : "<p>" . $str2 . "</p>") . "<p class=\"" . $row->parent()->class . "\">" . $str . "</p>" . ($str3 == "" ? "" : "<p>" . $str3 . "</p>");
            }
        }
        $html->load($html->save());
    } else {
        if (isset($options["validate_img"])) {
            // Download each 'img' 'src' and check them for valid web output (only allow JPEG, PNG, and GIF).
            $imgopts = array("protocol" => isset($options["validate_img_protocol"]) ? $options["validate_img_protocol"] : "", "allow_gif" => isset($options["validate_img_allow_gif"]) ? $options["validate_img_allow_gif"] : true, "allow_jpg" => isset($options["validate_img_allow_jpg"]) ? $options["validate_img_allow_jpg"] : true, "allow_png" => isset($options["validate_img_allow_png"]) ? $options["validate_img_allow_png"] : true);
            $rows = $html->find("img");
            foreach ($rows as $row) {
                if (!isset($row->src)) {
                    $row->outertext = "";
                } else {
                    $imginfo = BB_IsValidHTMLImage($row->src, $imgopts);
                    if (!$imginfo["success"]) {
                        $row->outertext = "";
                    }
                }
            }
            $html->load($html->save());
        }
    }
    // Remove special classes that are improperly used.
    $specials = array("wrap-start" => "p", "wrap-end" => "p", "table-row" => "p", "table-cell" => "p", "table-end" => "p");
    if (isset($options["shortcodes"])) {
        $specials["wrap-shortcode"] = array("p", "img");
    }
    if (isset($options["additional_specials"])) {
        $specials = array_merge($specials, $options["additional_specials"]);
    }
    foreach ($specials as $class => $tags) {
        $rows = $html->find("." . $class);
        foreach ($rows as $row) {
            if (is_string($tags)) {
                $valid = true;
            } else {
                $html2->load($row->innertext);
                $row2 = $html2->find($tags[1], 0);
                $valid = $row2 ? true : false;
            }
            $valid = $valid && (is_string($tags) && $row->tag == $tags || is_array($tags) && $row->tag == $tags[0]);
            if (!$valid) {
                $row->class = BB_HTMLRemoveClass($row->class, $class);
            }
            if ($row->class == "") {
                unset($row->class);
            }
        }
        $html->load($html->save());
    }
    // Remove empty elements without a class attribute.
    do {
        $found = false;
        $stack = array();
        $body = $html->find("body", 0);
        $stack[] = array("rows" => $body->children(), "pos" => 0);
        while (count($stack)) {
            $pos = count($stack) - 1;
            if ($stack[$pos]["pos"] >= count($stack[$pos]["rows"])) {
                $stack = array_slice($stack, 0, -1);
                if (count($stack)) {
                    $pos = count($stack) - 1;
                    $row = $stack[$pos]["rows"][$stack[$pos]["pos"]];
                    if (!$found && trim($row->innertext) !== $row->innertext) {
                        $row->innertext = trim($row->innertext);
                        $found = true;
                    }
                    $stack[$pos]["pos"]++;
                }
            } else {
                $row = $stack[$pos]["rows"][$stack[$pos]["pos"]];
                $rows = $row->children();
                if (count($rows)) {
                    $stack[] = array("rows" => $rows, "pos" => 0);
                } else {
                    if (!isset($row->class) && trim($row->innertext) == "") {
                        $row->outertext = "";
                        $found = true;
                    } else {
                        if (trim($row->innertext) !== $row->innertext) {
                            $row->innertext = trim($row->innertext);
                            $found = true;
                        }
                    }
                    $stack[$pos]["pos"]++;
                }
            }
        }
        $html->load($html->save());
    } while ($found);
    $body = $html->find("body", 0);
    $data = $body->innertext;
    // Finalize 'li' tag cleanup.
    $data = preg_replace('/<\\/li>\\s+/', "</li>", $data);
    return $data;
}