/**
* @return array validation rules for model attributes.
* @internal you should only define rules for those attributes that will receive user inputs
*/
public function rules()
{
// On ajoute un filtre CHtmlPurifier avant l'enregistrement des données. Il sert ici moins à la protection contre
// les attaques XSS qu'à s'assurer que le code HTML de l'actualité est valide.
// Cette condition est indispensable pour que la classe DOMHelper puisse tronquer correctement
// le texte pour construire des résumés (en page d'accueil par exemple)
$htmlPurifier = new CHtmlPurifier();
$htmlPurifier->setOptions(array('HTML.SafeIframe' => true, 'URI.SafeIframeRegexp' => '%www.youtube.com/embed/%'));
return array(array('news_id, language_id, title', 'required'), array('title, description, keywords', 'length', 'max' => 255), array('language_id', 'exist', 'attributeName' => 'id', 'className' => 'Language'), array('news_id', 'exist', 'attributeName' => 'id', 'className' => 'News'), array('content', 'filter', 'filter' => array($htmlPurifier, 'purify')), array('tagsString', 'length', 'max' => 255), array('created_at, updated_at', 'safe'), array('news_id, language_id, title, slug, description, keywords, content, tagsString, tagIdFilter, enabled, eventDate', 'safe', 'on' => 'search'));
}
/**
* @inheritDoc IFieldType::prepValueFromPost()
*
* @param mixed $value
*
* @return mixed
*/
public function prepValueFromPost($value)
{
// Temporary fix (hopefully) for a Redactor bug where some HTML will get submitted when the field is blank,
// if any text was typed into the field, and then deleted
if ($value == '<p><br></p>') {
$value = '';
}
if ($value) {
// Swap any pagebreak <hr>'s with <!--pagebreak-->'s
$value = preg_replace('/<hr class="redactor_pagebreak".*?>/', '<!--pagebreak-->', $value);
if ($this->getSettings()->purifyHtml) {
$purifier = new \CHtmlPurifier();
$purifier->setOptions(array('Attr.AllowedFrameTargets' => array('_blank'), 'HTML.AllowedComments' => array('pagebreak')));
$value = $purifier->purify($value);
}
if ($this->getSettings()->cleanupHtml) {
// Remove <span> and <font> tags
$value = preg_replace('/<(?:span|font)\\b[^>]*>/', '', $value);
$value = preg_replace('/<\\/(?:span|font)>/', '', $value);
// Remove inline styles
$value = preg_replace('/(<(?:h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|b|i|u|a)\\b[^>]*)\\s+style="[^"]*"/', '$1', $value);
// Remove empty tags
$value = preg_replace('/<(h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|a|b|i|u)\\s*><\\/\\1>/', '', $value);
}
}
// Find any element URLs and swap them with ref tags
$value = preg_replace_callback('/(href=|src=)([\'"])[^\'"]+?#(\\w+):(\\d+)(:' . HandleValidator::$handlePattern . ')?\\2/', function ($matches) {
return $matches[1] . $matches[2] . '{' . $matches[3] . ':' . $matches[4] . (!empty($matches[5]) ? $matches[5] : ':url') . '}' . $matches[2];
}, $value);
return $value;
}
public function htmlFilter($value)
{
$p = new CHtmlPurifier();
$p->setOptions(array('HTML.Allowed' => ''));
return $p->purify($value);
}
/**
* @inheritDoc IFieldType::prepValueFromPost()
*
* @param mixed $value
*
* @return mixed
*/
public function prepValueFromPost($value)
{
// Temporary fix (hopefully) for a Redactor bug where some HTML will get submitted when the field is blank,
// if any text was typed into the field, and then deleted
if ($value == '<p><br></p>') {
$value = '';
}
if ($value) {
// Swap any pagebreak <hr>'s with <!--pagebreak-->'s
$value = preg_replace('/<hr class="redactor_pagebreak".*?>/', '<!--pagebreak-->', $value);
if ($this->getSettings()->purifyHtml) {
$purifier = new \CHtmlPurifier();
$purifier->setOptions(array('Attr.AllowedFrameTargets' => array('_blank'), 'HTML.AllowedComments' => array('pagebreak')));
$value = $purifier->purify($value);
}
if ($this->getSettings()->cleanupHtml) {
// Remove <span> and <font> tags
$value = preg_replace('/<(?:span|font)\\b[^>]*>/', '', $value);
$value = preg_replace('/<\\/(?:span|font)>/', '', $value);
// Remove inline styles
$value = preg_replace('/(<(?:h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|b|i|u|a)\\b[^>]*)\\s+style="[^"]*"/', '$1', $value);
// Remove empty tags
$value = preg_replace('/<(h1|h2|h3|h4|h5|h6|p|div|blockquote|pre|strong|em|a|b|i|u)\\s*><\\/\\1>/', '', $value);
}
}
// Find any element URLs and swap them with ref tags
$value = preg_replace_callback('/(href=|src=)([\'"])[^\'"#]+?(#[^\'"#]+)?(?:#|%23)(\\w+):(\\d+)(:' . HandleValidator::$handlePattern . ')?\\2/', function ($matches) {
$refTag = '{' . $matches[4] . ':' . $matches[5] . (!empty($matches[6]) ? $matches[6] : ':url') . '}';
$hash = !empty($matches[3]) ? $matches[3] : '';
if ($hash) {
// Make sure that the hash isn't actually part of the parsed URL
// (someone's Entry URL Format could be "#{slug}", etc.)
$url = craft()->elements->parseRefs($refTag);
if (mb_strpos($url, $hash) !== false) {
$hash = '';
}
}
return $matches[1] . $matches[2] . $refTag . $hash . $matches[2];
}, $value);
// Encode any 4-byte UTF-8 characters.
$value = StringHelper::encodeMb4($value);
return $value;
}
