/** * output filter to implement html purifier * * @param \Zikula_Event $event event object * * @return mixed modified event data */ public function outputFilter(Zikula_Event $event) { if (System::getVar('outputfilter') > 1) { return; } // recursive call for arrays // [removed as it's duplicated in datautil] // prepare htmlpurifier class static $safecache; $purifier = SecurityCenterUtil::getpurifier(); $md5 = md5($event->data); // check if the value is in the safecache if (isset($safecache[$md5])) { $event->data = $safecache[$md5]; } else { // save renderer delimiters $event->data = str_replace('{', '%VIEW_LEFT_DELIMITER%', $event->data); $event->data = str_replace('}', '%VIEW_RIGHT_DELIMITER%', $event->data); $event->data = $purifier->purify($event->data); // restore renderer delimiters $event->data = str_replace('%VIEW_LEFT_DELIMITER%', '{', $event->data); $event->data = str_replace('%VIEW_RIGHT_DELIMITER%', '}', $event->data); // cache the value $safecache[$md5] = $event->data; } return $event->data; }
/** * @Route("/purifierconfig") * @Method("POST") * * Update HTMLPurifier configuration. * * @param Request $request * * @return RedirectResponse * * @throws AccessDeniedException Thrown if the user doesn't have admin access to the module */ public function updatepurifierconfigAction(Request $request) { $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('ZikulaSecurityCenterModule::', '::', ACCESS_ADMIN)) { throw new AccessDeniedException(); } // Load HTMLPurifier Classes $purifier = SecurityCenterUtil::getpurifier(); // Update module variables. $config = $request->request->get('purifierConfig', null); $config = \HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def); $allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def); foreach ($allowed as $allowedDirective) { list($namespace, $directive) = $allowedDirective; $directiveKey = $namespace . '.' . $directive; $def = $purifier->config->def->info[$directiveKey]; if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } if (isset($config[$namespace]) && isset($config[$namespace][$directive])) { if (is_int($def)) { $directiveType = abs($def); } else { $directiveType = isset($def->type) ? $def->type : 0; } switch ($directiveType) { case \HTMLPurifier_VarParser::LOOKUP: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][$val] = true; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case \HTMLPurifier_VarParser::ALIST: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][] = $val; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case \HTMLPurifier_VarParser::HASH: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { list($i, $v) = explode(':', $val); $i = trim($i); $v = trim($v); if (!empty($i) && !empty($v)) { $config[$namespace][$directive][$i] = $v; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; } } if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } } $this->setVar('htmlpurifierConfig', serialize($config)); // clear all cache and compile directories ModUtil::apiFunc('ZikulaSettingsModule', 'admin', 'clearallcompiledcaches'); // the module configuration has been updated successfuly $request->getSession()->getFlashBag()->add('status', $this->__('Done! Saved HTMLPurifier configuration.')); return new RedirectResponse($this->get('router')->generate('zikulasecuritycentermodule_admin_modifyconfig', array(), RouterInterface::ABSOLUTE_URL)); }