/** * Map a row to an array that can be parsed by * insert_item() or insert_files_for_item(). * * @param array $row The row to map * @param array $result * @return array The result */ public function map($row, $result) { $filter = new Omeka_Filter_HtmlPurifier(); $text = $filter->filter($row[$this->_columnName]); if ($this->_elementDelimiter == '') { $texts = array($text); } else { $texts = explode($this->_elementDelimiter, $text); } if ($this->_elementId) { foreach ($texts as $text) { $result[] = array('element_id' => $this->_elementId, 'html' => $this->_isHtml ? 1 : 0, 'text' => $text); } } return $result; }
/** * Filter the 'Elements' array of the POST. * * @param Zend_Controller_Request_Abstract $post * @param Omeka_Filter_HtmlPurifier $htmlPurifierFilter * @return void **/ protected function _filterElementsFromPost($post, $htmlPurifierFilter = null) { if ($htmlPurifierFilter === null) { $htmlPurifierFilter = new Omeka_Filter_HtmlPurifier(); } // Post looks like Elements[element_id][index] = array([text], [html]) // // In some cases it doesn't look like that, for example the date field // has month, year, day. // // What we do in this case is just not do anything if there is no text field // alongside the html field. foreach ($post['Elements'] as $elementId => $texts) { foreach ($texts as $index => $values) { if (array_key_exists('text', $values)) { if (array_key_exists('html', $values) && (bool) $values['html']) { $post['Elements'][$elementId][$index]['text'] = $htmlPurifierFilter->filter($values['text']); } } } } return $post; }
public function testFilterUnallowedScriptElement() { $this->assertTrue(in_array('p', Omeka_Filter_HtmlPurifier::getDefaultAllowedHtmlElements())); $this->assertFalse(in_array('script', Omeka_Filter_HtmlPurifier::getDefaultAllowedHtmlElements())); $dirtyHtml = '<p>Bob is <script>bad</script></p>'; $cleanHtml = '<p>Bob is </p>'; $htmlPurifierFilter = new Omeka_Filter_HtmlPurifier(); $filteredHtml = $htmlPurifierFilter->filter($dirtyHtml); $this->assertEquals($cleanHtml, $filteredHtml); }