예제 #1
0
 /**
  * include/enable HTMLPurifier
  *
  * @access private
  * @param  $config - optional config array passed to HTMLPurifier
  * @return object
  **/
 private static function getPurifier($config = NULL)
 {
     if (is_object(self::$purifier)) {
         return self::$purifier;
     }
     if (!class_exists('HTMLPurifier', false)) {
         $path = CAT_Helper_Directory::getInstance()->sanitizePath(CAT_PATH . '/modules/lib_htmlpurifier/htmlpurifier/library/HTMLPurifier.auto.php');
         if (!file_exists($path)) {
             CAT_Object::getInstance()->printFatalError('Missing library HTMLPurifier!');
         }
         include $path;
     }
     $pconfig = HTMLPurifier_Config::createDefault();
     if ($config && is_array($config)) {
         foreach ($config as $key => $val) {
             $pconfig->set($key, $val);
         }
     }
     $pconfig->set('AutoFormat.Linkify', TRUE);
     $pconfig->set('URI.Disable', false);
     // allow most HTML but not all (no forms, for example)
     $pconfig->set('HTML.Allowed', 'a[href|title],abbr[title],acronym[title],b,blockquote[cite],br,caption,cite,code,dd,del,dfn,div,dl,dt,em,h1,h2,h3,h4,h5,h6,i,img[src|alt|title|class],ins,kbd,li,ol,p,pre,s,strike,strong,sub,sup,table,tbody,td,tfoot,th,thead,tr,tt,u,ul,var');
     self::$purifier = new HTMLPurifier($pconfig);
     return self::$purifier;
 }
예제 #2
0
 //**************************************************************************
 if (!defined('CAT_LOGIN_PHASE')) {
     $path = isset($_SERVER['SCRIPT_FILENAME']) ? CAT_Helper_Directory::sanitizePath($_SERVER['SCRIPT_FILENAME']) : NULL;
     if ($path) {
         $check = str_replace('/', '\\/', CAT_Helper_Directory::sanitizePath(CAT_ADMIN_PATH));
         if (preg_match('~^' . $check . '~i', $path)) {
             define('CAT_REQUIRE_ADMIN', true);
             if (!CAT_Users::getInstance()->is_authenticated()) {
                 CAT_Users::getInstance()->handleLogin();
                 exit(0);
             }
             // always enable CSRF protection in backend; does not work with
             // AJAX so scripts called via AJAX should set this constant
             if (!defined('CAT_AJAX_CALL')) {
                 //echo "class.secure is calling enableCSRFMagic<br />";
                 CAT_Helper_Protect::getInstance()->enableCSRFMagic();
             }
             global $parser;
             if (!is_object($parser)) {
                 $parser = CAT_Helper_Template::getInstance('Dwoo');
             }
             // initialize template search path
             $parser->setPath(CAT_THEME_PATH . '/templates');
             $parser->setFallbackPath(CAT_THEME_PATH . '/templates');
         }
     } else {
         define('CAT_REQUIRE_ADMIN', false);
     }
 }
 if (!defined('CAT_INITIALIZED')) {
     require dirname(__FILE__) . '/initialize.php';
예제 #3
0
파일: save.php 프로젝트: ircoco/BlackCatCMS
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
    $backend->print_error('You do not have permissions to modify this page!');
}
// =================
// ! Get new content
// =================
$content = $val->sanitizePost('content' . $section_id);
// for non-admins only
if (!CAT_Users::getInstance()->ami_group_member(1)) {
    // if HTMLPurifier is enabled...
    $r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"');
    if ($r) {
        // use HTMLPurifier to clean up the output
        $content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true));
    }
} else {
    $content = $val->add_slashes($content);
}
/**
 *	searching in $text will be much easier this way
 */
$text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0);
/**
 *  save
 **/
$query = "REPLACE INTO `" . CAT_TABLE_PREFIX . "mod_wysiwyg` VALUES ( '{$section_id}', {$page_id}, '{$content}', '{$text}' );";
$backend->db()->query($query);
if ($backend->db()->isError()) {
    trigger_error(sprintf('[%s - %s] %s', __FILE__, __LINE__, $backend->db()->getError()), E_USER_ERROR);
예제 #4
0
 public function checkFTAN($mode = 'POST')
 {
     return CAT_Helper_Protect::checkToken($mode);
 }
예제 #5
0
파일: Page.php 프로젝트: ircoco/BlackCatCMS
 /**
  * shows the current page
  *
  * @access public
  * @return void
  **/
 public function show()
 {
     // ----- keep old modules happy -----
     global $wb, $admin, $database, $page_id, $section_id;
     global $TEXT;
     $admin =& $wb;
     if ($page_id == '') {
         $page_id = $this->_page_id;
     }
     // ----- keep old modules happy -----
     $this->log()->LogDebug(sprintf('showing page with ID [%s]', $page_id));
     // send appropriate header
     if (CAT_Helper_Page::isMaintenance() || CAT_Registry::get('MAINTENANCE_PAGE') == $page_id) {
         header('HTTP/1.1 503 Service Temporarily Unavailable');
         header('Status: 503 Service Temporarily Unavailable');
         header('Retry-After: 7200');
         // in seconds
     }
     // template engine
     global $parser;
     // page of type menu_link
     if (CAT_Sections::isMenuLink($this->_page_id)) {
         $this->showMenuLink();
     } else {
         $do_filter = false;
         // use output filter (if any)
         if (file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/blackcatFilter/filter.php'))) {
             include_once CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/blackcatFilter/filter.php');
             if (function_exists('executeFilters')) {
                 $this->log()->LogDebug('enabling output filters');
                 $do_filter = true;
             }
         }
         $this->setTemplate();
         // including the template; it may calls different functions
         // like page_content() etc.
         ob_start();
         require CAT_TEMPLATE_DIR . '/index.php';
         $output = ob_get_contents();
         ob_clean();
         // droplets
         CAT_Helper_Droplet::process($output);
         // output filtering
         if ($do_filter) {
             $this->log()->LogDebug('executing output filters');
             executeFilters($output);
         }
         // use HTMLPurifier to clean up the output
         if (defined('ENABLE_HTMLPURIFIER') && true === ENABLE_HTMLPURIFIER) {
             $this->log()->LogDebug('executing HTML Purifier');
             $output = CAT_Helper_Protect::purify($output);
         }
         $this->log()->LogDebug('print output');
         if (!headers_sent()) {
             $properties = self::properties($page_id);
             echo header('content-type:text/html; charset=' . (isset($properties['default_charset']) ? $properties['default_charset'] : 'utf-8'));
         }
         echo $output;
     }
 }