/** * Finder before save content method * Article is passed by reference, but after the save, so no changes will be saved. * Method is called right after the content is saved * * @param string The context of the content passed to the plugin */ public function onContentBeforeSave($context, &$article, $isNew) { if (!$article instanceof \Hubzero\Base\Object || $context == 'com_content.article') { return; } $key = $this->_key($context); $content = ltrim($article->get($key)); if (!$content) { return; } // Is there a format already applied? if (preg_match('/^<!-- \\{FORMAT:(.*)\\} -->/i', $content, $matches)) { $format = strtolower(trim($matches[1])); if ($format != 'html') { return; } } elseif (strstr($content, '</')) { // Force apply a format? if (!$this->params->get('applyFormat')) { return; } } if ($this->params->get('sanitizeBefore', 1)) { $content = \Hubzero\Utility\Sanitize::clean($content); $content = \Hubzero\Utility\Sanitize::html($content); } if ($this->params->get('applyFormat')) { $content = preg_replace('/^(<!-- \\{FORMAT:HTML\\} -->)/i', '', $content); $content = '<!-- {FORMAT:HTML} -->' . $content; } $article->set($key, $content); }
/** * Purify the HTML content via HTML Purifier * * @param string $content Unpurified HTML content * @param boolean $trustedContent Is the content trusted? * @return string */ public static function purify($content, $trustedContent = false) { // array to hold options $options = array(); require_once dirname(__DIR__) . DS . 'helpers' . DS . 'filters' . DS . 'GroupInclude.php'; //create array of custom filters $filters = array(new \HTMLPurifier_Filter_GroupInclude()); // is this trusted content if ($trustedContent) { require_once dirname(__DIR__) . DS . 'helpers' . DS . 'filters' . DS . 'ExternalScripts.php'; require_once dirname(__DIR__) . DS . 'helpers' . DS . 'filters' . DS . 'Php.php'; $options['CSS.Trusted'] = true; $options['HTML.Trusted'] = true; $filters[] = new \HTMLPurifier_Filter_ExternalScripts(); $filters[] = new \HTMLPurifier_Filter_Php(); } // add our custom filters $options['Filter.Custom'] = $filters; // turn OFF linkify $options['AutoFormat.Linkify'] = false; // run hubzero html sanitize return \Hubzero\Utility\Sanitize::html($content, $options); }
/** * Generates RSS feed when called by URL * * @return void */ public function generateFeedTask() { // Get the approved posts $model = new Models\Posts(); $posts = $model->getPostsByStatus(1000, 0, 2); // Set the mime encoding for the document Document::setType('feed'); // Start a new feed object $doc = Document::instance(); $doc->title = Config::get('sitename') . ' ' . Lang::txt('COM_FEEDAGGREGATOR_AGGREGATED_FEED'); $doc->description = Lang::txt(Config::get('sitename') . ' ' . Lang::txt('COM_FEEDAGGREGATOR_AGGREGATED_FEED_SELECTED_READING')); $doc->copyright = Lang::txt(date("Y"), Config::get('sitename')); $doc->category = Lang::txt('COM_FEEDAGGREGATOR_EXTERNAL_CONTENT'); // Start outputing results if any found if (count($posts) > 0) { foreach ($posts as $post) { // Load individual item creator class $item = new \Hubzero\Document\Type\Feed\Item(); // sanitize ouput $item->title = preg_replace('/[\\x00-\\x1F\\x80-\\xFF]/', '', $post->title); $item->title = preg_replace("/&#?[a-z1-9]{2,8};/i", "", $post->title); $item->title = (string) strip_tags($item->title); $item->title = html_entity_decode($item->title); $item->title = Sanitize::clean($item->title); // encapsulate link in unparseable $item->link = '<![CDATA[' . $post->link . ']]>'; $item->date = date($post->created); // sanitize ouput $item->description = preg_replace('/[\\x00-\\x1F\\x80-\\xFF]/', '', $post->description); $item->description = preg_replace('/[^A-Za-z0-9 ]/', '', $item->description); $item->description = preg_replace("/&#?[a-z1-9]{2,8};/i", "", $post->description); $item->description = html_entity_decode($post->description); $item->description = Sanitize::html($post->description); $doc->addItem($item); } } // Output the feed echo $doc->render(); }
} echo $this->report->href ? '<a href="' . $this->report->href . '">' : ''; echo ucfirst($this->cat) . ' by '; echo $this->report->anon != 0 ? Lang::txt('COM_SUPPORT_REPORT_ABUSE_ANONYMOUS') : $name; echo $this->report->href ? '</a>' : ''; ?> </h4> <?php echo $this->report->subject ? '<p><strong>' . stripslashes($this->report->subject) . '</strong></p>' : ''; ?> <blockquote cite="<?php echo $this->report->anon != 0 ? Lang::txt('COM_SUPPORT_ANONYMOUS') : $name; ?> "> <p><?php echo Sanitize::html($this->report->text); ?> </p> </blockquote> </div> </div> <?php } ?> <p class="multiple-option"> <label class="option" for="subject1"><input type="radio" class="option" name="subject" id="subject1" value="<?php echo Lang::txt('COM_SUPPORT_REPORT_ABUSE_OFFENSIVE'); ?> " checked="checked" /> <?php echo Lang::txt('COM_SUPPORT_REPORT_ABUSE_OFFENSIVE');