Esempio n. 1
0
	/**
	 * Filters HTML source for invalid constructs and forbidden items such as XSS scripts
	 * @param string $html HTML to be filtered
	 * @return string Filtered HTML
	 */
	static function purifyHTML($html) {
		//correct absolute links and make them relative
		if (!MediabirdConfig::$disable_absolute_link_correction) {
			$html = self::correctAbsoluteLinks($html);
		}

		if(class_exists("HTMLPurifier",false)) {
			if(!isset(self::$_purifier)) {
				$config = HTMLPurifier_Config::createDefault();
				$config->set('Attr', 'EnableID', true);
				$config->set('CSS', 'AllowedProperties', array(
				'font-weight','font-style','text-align','text-decoration', //support text formatting
				'float', //support image float
				'width','height', //support image size
				'padding','padding-top','padding-right','padding-bottom','padding-left', //support image padding
				'margin','margin-left' //support indendation
				//'direction' //support RTL/LTR
				));
				if(isset(MediabirdConfig::$cache_folder)) {
					$cachePath=MediabirdConfig::$cache_folder."filter";
					if(!file_exists($cachePath)) {
						mkdir($cachePath);
					}
					$config->set('Cache', 'SerializerPath', $cachePath);
				}
				$config->set('HTML', 'Doctype', 'HTML 4.01 Strict');
				self::$_purifier = new HTMLPurifier($config);
			}
			return self::$_purifier->purify($html);
		}
		else {
			return $html;
		}
	}