public function create()
{
access::verify_csrf();
$form = $this->_get_theme_form();
if ($form->validate()) {
$session = Session::instance();
$extract_path = $session->get_once("theme_extract_path");
$v = new View("admin_themeroller_progress.html");
$task_def = Task_Definition::factory()->callback("themeroller_task::create_theme")->description(t("Generate theme from a themeroller archive"))->name(t("Generate theme"));
$v->task = task::create($task_def, array("path" => $extract_path, "user_name" => SafeString::purify(identity::active_user()->name), "original_name" => SafeString::purify($form->theme->original->value), "theme_name" => SafeString::purify($form->theme->theme_name->value), "display_name" => SafeString::purify($form->theme->display_name->value), "description" => SafeString::purify($form->theme->description->value), "author_url" => SafeString::purify($form->theme->author_url->value), "info_url" => SafeString::purify($form->theme->info_url->value), "discuss_url" => SafeString::purify($form->theme->discuss_url->value), "is_admin" => $session->get("themeroller_is_admin")));
json::reply(array("html" => (string) $v));
} else {
json::reply(array("result" => "error", "html" => (string) $form));
}
}
/**
* Returns a string that is safe to be used in HTML (XSS protection),
* purifying (filtering) the given HTML to ensure that the result contains
* only non-malicious HTML.
*
* Example:<pre>
* <div><?= html::purify($item->title) ?>
* </pre>
*/
static function purify($html)
{
return SafeString::purify($html);
}
public function purify_safe_html_test()
{
$safe_string = SafeString::of_safe_html("hello <p >world</p>");
$actual = SafeString::purify($safe_string);
$this->assert_equal("hello <p >world</p>", $actual);
}
