Esempio n. 1
0
 /**
  * @return array validation rules for model attributes.
  * @internal you should only define rules for those attributes that will receive user inputs
  */
 public function rules()
 {
     // On ajoute un filtre CHtmlPurifier avant l'enregistrement des données. Il sert ici moins à la protection contre
     // les attaques XSS qu'à s'assurer que le code HTML de l'actualité est valide.
     // Cette condition est indispensable pour que la classe DOMHelper puisse tronquer correctement
     // le texte pour construire des résumés (en page d'accueil par exemple)
     $htmlPurifier = new CHtmlPurifier();
     $htmlPurifier->setOptions(array('HTML.SafeIframe' => true, 'URI.SafeIframeRegexp' => '%www.youtube.com/embed/%'));
     return array(array('news_id, language_id, title', 'required'), array('title, description, keywords', 'length', 'max' => 255), array('language_id', 'exist', 'attributeName' => 'id', 'className' => 'Language'), array('news_id', 'exist', 'attributeName' => 'id', 'className' => 'News'), array('content', 'filter', 'filter' => array($htmlPurifier, 'purify')), array('tagsString', 'length', 'max' => 255), array('created_at, updated_at', 'safe'), array('news_id, language_id, title, slug, description, keywords, content, tagsString, tagIdFilter, enabled, eventDate', 'safe', 'on' => 'search'));
 }
 /**
  * @inheritDoc IFieldType::prepValueFromPost()
  *
  * @param mixed $value
  *
  * @return mixed
  */
 public function prepValueFromPost($value)
 {
     // Temporary fix (hopefully) for a Redactor bug where some HTML will get submitted when the field is blank,
     // if any text was typed into the field, and then deleted
     if ($value == '<p><br></p>') {
         $value = '';
     }
     if ($value) {
         // Swap any pagebreak <hr>'s with <!--pagebreak-->'s
         $value = preg_replace('/<hr class="redactor_pagebreak".*?>/', '<!--pagebreak-->', $value);
         if ($this->getSettings()->purifyHtml) {
             $purifier = new \CHtmlPurifier();
             $purifier->setOptions(array('Attr.AllowedFrameTargets' => array('_blank'), 'HTML.AllowedComments' => array('pagebreak')));
             $value = $purifier->purify($value);
         }
         if ($this->getSettings()->cleanupHtml) {
             // Remove <span> and <font> tags
             $value = preg_replace('/<(?:span|font)\\b[^>]*>/', '', $value);
             $value = preg_replace('/<\\/(?:span|font)>/', '', $value);
             // Remove inline styles
             $value = preg_replace('/(<(?:h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|b|i|u|a)\\b[^>]*)\\s+style="[^"]*"/', '$1', $value);
             // Remove empty tags
             $value = preg_replace('/<(h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|a|b|i|u)\\s*><\\/\\1>/', '', $value);
         }
     }
     // Find any element URLs and swap them with ref tags
     $value = preg_replace_callback('/(href=|src=)([\'"])[^\'"]+?#(\\w+):(\\d+)(:' . HandleValidator::$handlePattern . ')?\\2/', function ($matches) {
         return $matches[1] . $matches[2] . '{' . $matches[3] . ':' . $matches[4] . (!empty($matches[5]) ? $matches[5] : ':url') . '}' . $matches[2];
     }, $value);
     return $value;
 }
Esempio n. 3
0
 public function htmlFilter($value)
 {
     $p = new CHtmlPurifier();
     $p->setOptions(array('HTML.Allowed' => ''));
     return $p->purify($value);
 }
 /**
  * @inheritDoc IFieldType::prepValueFromPost()
  *
  * @param mixed $value
  *
  * @return mixed
  */
 public function prepValueFromPost($value)
 {
     // Temporary fix (hopefully) for a Redactor bug where some HTML will get submitted when the field is blank,
     // if any text was typed into the field, and then deleted
     if ($value == '<p><br></p>') {
         $value = '';
     }
     if ($value) {
         // Swap any pagebreak <hr>'s with <!--pagebreak-->'s
         $value = preg_replace('/<hr class="redactor_pagebreak".*?>/', '<!--pagebreak-->', $value);
         if ($this->getSettings()->purifyHtml) {
             $purifier = new \CHtmlPurifier();
             $purifier->setOptions(array('Attr.AllowedFrameTargets' => array('_blank'), 'HTML.AllowedComments' => array('pagebreak')));
             $value = $purifier->purify($value);
         }
         if ($this->getSettings()->cleanupHtml) {
             // Remove <span> and <font> tags
             $value = preg_replace('/<(?:span|font)\\b[^>]*>/', '', $value);
             $value = preg_replace('/<\\/(?:span|font)>/', '', $value);
             // Remove inline styles
             $value = preg_replace('/(<(?:h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|b|i|u|a)\\b[^>]*)\\s+style="[^"]*"/', '$1', $value);
             // Remove empty tags
             $value = preg_replace('/<(h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|a|b|i|u)\\s*><\\/\\1>/', '', $value);
         }
     }
     // Find any element URLs and swap them with ref tags
     $value = preg_replace_callback('/(href=|src=)([\'"])[^\'"#]+?(#[^\'"#]+)?(?:#|%23)(\\w+):(\\d+)(:' . HandleValidator::$handlePattern . ')?\\2/', function ($matches) {
         $refTag = '{' . $matches[4] . ':' . $matches[5] . (!empty($matches[6]) ? $matches[6] : ':url') . '}';
         $hash = !empty($matches[3]) ? $matches[3] : '';
         if ($hash) {
             // Make sure that the hash isn't actually part of the parsed URL
             // (someone's Entry URL Format could be "#{slug}", etc.)
             $url = craft()->elements->parseRefs($refTag);
             if (mb_strpos($url, $hash) !== false) {
                 $hash = '';
             }
         }
         return $matches[1] . $matches[2] . $refTag . $hash . $matches[2];
     }, $value);
     // Encode any 4-byte UTF-8 characters.
     $value = StringHelper::encodeMb4($value);
     return $value;
 }