/**
* This file is part of playSMS.
*
* playSMS is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* playSMS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with playSMS. If not, see <http://www.gnu.org/licenses/>.
*/
defined('_SECURE_') or die('Forbidden');
if (!auth_isvalid()) {
auth_block();
}
$fn = _APPS_PATH_THEMES_ . '/' . core_themes_get() . '/welcome.php';
if (file_exists($fn)) {
include $fn;
} else {
$information_title = $core_config['main']['information_title'] ? $core_config['main']['information_title'] : _('Welcome information');
$information_content = $core_config['main']['information_content'] ? $core_config['main']['information_content'] : _('Go to manage site menu to edit this page');
list($information_title, $information_content) = core_display_html(array($information_title, $information_content));
$tpl = array('name' => 'welcome', 'vars' => array('INFORMATION_TITLE' => htmlspecialchars_decode($information_title), 'INFORMATION_CONTENT' => htmlspecialchars_decode($information_content)), 'injects' => array('user_config'));
$tpl['vars'][$doc . '_ACTIVE'] = 'class=active';
_p(tpl_apply($tpl));
}
/**
* Display untrusted HTML data, protection againts XSS using HTMLPurifier()
*
* @param mixed $data
* untrusted inputs
* @return mixed
*/
function core_display_html($data)
{
$config = HTMLPurifier_Config::createDefault();
$config->set('Attr.EnableID', TRUE);
$config->set('HTML.SafeObject', TRUE);
$config->set('HTML.SafeEmbed', TRUE);
$config->set('Output.FlashCompat', TRUE);
$config->set('HTML.SafeIframe', TRUE);
$config->set('URI.SafeIframeRegexp', '%^https://(www.youtube.com/embed/|player.vimeo.com/video/)%');
$config->set('HTML.Allowed', '*[style|class],p,ol,li,ul,b,u,strike,strong,blockquote,em,br,span,div,a[href|title|target|rel],img[src|alt|title|width|height|hspace|vspace],hr,font,pre,table[cellpadding|cellspacing],tr,td,th,tbody,thead,h1,h2,h3,h4,h5,iframe[src|width|height]');
$hp = new HTMLPurifier($config);
if (is_array($data)) {
foreach ($data as $key => $value) {
if (is_array($value)) {
$ret[$key] = core_display_html($value);
} else {
$value = $hp->purify($value);
$ret[$key] = $value;
}
}
} else {
$value = $hp->purify($data);
$ret = $value;
}
return $ret;
}
function core_display_html($html)
{
if (is_array($html)) {
foreach ($html as $item) {
$ret[] = core_display_html((string) $item);
}
} else {
$hp = new HTMLPurifier();
$ret = $hp->purify($html);
}
return $ret;
}
