function phorum_htmlpurifier_migrate_sigs($offset) { global $PHORUM; if (!$offset) { return; } // bail out quick if $offset == 0 // theoretically, we could get rid of this multi-request // doo-hickery if safe mode is off @set_time_limit(0); // attempt to let this run $increment = $PHORUM['mod_htmlpurifier']['migrate-sigs-increment']; require_once dirname(__FILE__) . '/../migrate.php'; // migrate signatures // do this in batches so we don't run out of time/space $end = $offset + $increment; $user_ids = array(); for ($i = $offset; $i < $end; $i++) { $user_ids[] = $i; } $userinfos = phorum_db_user_get_fields($user_ids, 'signature'); foreach ($userinfos as $i => $user) { if (empty($user['signature'])) { continue; } $sig = $user['signature']; // perform standard Phorum processing on the sig $sig = str_replace(array("&", "<", ">"), array("&", "<", ">"), $sig); $sig = preg_replace("/<((http|https|ftp):\\/\\/[a-z0-9;\\/\\?:@=\\&\$\\-_\\.\\+!*'\\(\\),~%]+?)>/i", "\$1", $sig); // prepare fake data to pass to migration function $fake_data = array(array("author" => "", "email" => "", "subject" => "", 'body' => $sig)); list($fake_message) = phorum_htmlpurifier_migrate($fake_data); $user['signature'] = $fake_message['body']; if (!phorum_api_user_save($user)) { exit('Error while saving user data'); } } unset($userinfos); // free up memory // query for highest ID in database $type = $PHORUM['DBCONFIG']['type']; $sql = "select MAX(user_id) from {$PHORUM['user_table']}"; $row = phorum_db_interact(DB_RETURN_ROW, $sql); $top_id = (int) $row[0]; $offset += $increment; if ($offset > $top_id) { // test for end condition echo 'Migration finished'; $PHORUM['mod_htmlpurifier']['migrate-sigs'] = FALSE; phorum_htmlpurifier_commit_settings(); return TRUE; } $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra = 'admin.php?module=modsettings&mod=htmlpurifier&migrate-sigs=' . $offset; // relies on output buffering to work header("Location: http://{$host}{$uri}/{$extra}"); exit; }
/** * Purifies a data array */ function phorum_htmlpurifier_format($data) { $PHORUM = $GLOBALS["PHORUM"]; $purifier =& HTMLPurifier::getInstance(); $cache_serial = $PHORUM['mod_htmlpurifier']['body_cache_serial']; foreach ($data as $message_id => $message) { if (isset($message['body'])) { if ($message_id) { // we're dealing with a real message, not a fake, so // there a number of shortcuts that can be taken if (isset($message['meta']['htmlpurifier_light'])) { // format hook was called outside of Phorum's normal // functions, do the abridged purification $data[$message_id]['body'] = $purifier->purify($message['body']); continue; } if (!empty($PHORUM['args']['purge'])) { // purge the cache, must be below the following if unset($message['meta']['body_cache']); } if (isset($message['meta']['body_cache']) && isset($message['meta']['body_cache_serial']) && $message['meta']['body_cache_serial'] == $cache_serial) { // cached version is present, bail out early $data[$message_id]['body'] = base64_decode($message['meta']['body_cache']); continue; } } // migration might edit this array, that's why it's defined // so early $updated_message = array(); // create the $body variable if ($message_id && !isset($message['meta']['body_cache_serial'])) { // perform migration $fake_data = array(); list($signature, $edit_message) = phorum_htmlpurifier_remove_sig_and_editmessage($message); $fake_data[$message_id] = $message; $fake_data = phorum_htmlpurifier_migrate($fake_data); $body = $fake_data[$message_id]['body']; $body = str_replace("<phorum break>\n", "\n", $body); $updated_message['body'] = $body; // save it in $body .= $signature . $edit_message; // add it back in } else { // reverse Phorum's pre-processing $body = $message['body']; // order is important $body = str_replace("<phorum break>\n", "\n", $body); $body = str_replace(array('<', '>', '&', '"'), array('<', '>', '&', '"'), $body); if (!$message_id && defined('PHORUM_CONTROL_CENTER')) { // we're in control.php, so it was double-escaped $body = str_replace(array('<', '>', '&', '"'), array('<', '>', '&', '"'), $body); } } $body = $purifier->purify($body); // dynamically update the cache (MUST BE DONE HERE!) // this is inefficient because it's one db call per // cache miss, but once the cache is in place things are // a lot zippier. if ($message_id) { // make sure it's not a fake id $updated_message['meta'] = $message['meta']; $updated_message['meta']['body_cache'] = base64_encode($body); $updated_message['meta']['body_cache_serial'] = $cache_serial; phorum_db_update_message($message_id, $updated_message); } // must not get overloaded until after we cache it, otherwise // we'll inadvertently change the original text $data[$message_id]['body'] = $body; } } return $data; }