Prepares an array from a form into something usable for the more
strict parts of HTMLPurifier_Config
public static prepareArrayFromForm ( array $array, string | boolean $index = false, array | boolean $allowed = true, boolean $mq_fix = true, HTMLPurifier_ConfigSchema $schema = null ) : array | ||
$array | array | $_GET or $_POST array to import |
$index | string | boolean | Index/name that the config variables are in |
$allowed | array | boolean | List of allowed namespaces/directives |
$mq_fix | boolean | Boolean whether or not to enable magic quotes fix |
$schema | HTMLPurifier_ConfigSchema | Schema to use, if not global copy |
return | array |
/** * @Route("/purifierconfig") * @Method("POST") * * Update HTMLPurifier configuration. * * @param Request $request * * @return RedirectResponse * * @throws AccessDeniedException Thrown if the user doesn't have admin access to the module */ public function updatepurifierconfigAction(Request $request) { $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('ZikulaSecurityCenterModule::', '::', ACCESS_ADMIN)) { throw new AccessDeniedException(); } // Load HTMLPurifier Classes $purifier = SecurityCenterUtil::getpurifier(); // Update module variables. $config = $request->request->get('purifierConfig', null); $config = \HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def); $allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def); foreach ($allowed as $allowedDirective) { list($namespace, $directive) = $allowedDirective; $directiveKey = $namespace . '.' . $directive; $def = $purifier->config->def->info[$directiveKey]; if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } if (isset($config[$namespace]) && isset($config[$namespace][$directive])) { if (is_int($def)) { $directiveType = abs($def); } else { $directiveType = isset($def->type) ? $def->type : 0; } switch ($directiveType) { case \HTMLPurifier_VarParser::LOOKUP: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][$val] = true; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case \HTMLPurifier_VarParser::ALIST: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][] = $val; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case \HTMLPurifier_VarParser::HASH: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { list($i, $v) = explode(':', $val); $i = trim($i); $v = trim($v); if (!empty($i) && !empty($v)) { $config[$namespace][$directive][$i] = $v; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; } } if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } } $this->setVar('htmlpurifierConfig', serialize($config)); // clear all cache and compile directories ModUtil::apiFunc('ZikulaSettingsModule', 'admin', 'clearallcompiledcaches'); // the module configuration has been updated successfuly $request->getSession()->getFlashBag()->add('status', $this->__('Done! Saved HTMLPurifier configuration.')); return new RedirectResponse($this->get('router')->generate('zikulasecuritycentermodule_admin_modifyconfig', array(), RouterInterface::ABSOLUTE_URL)); }
/** * Merges in configuration values from $_GET/$_POST to object. NOT STATIC. * * @param array $array $_GET or $_POST array to import * @param string|bool $index Index/name that the config variables are in * @param array|bool $allowed List of allowed namespaces/directives * @param bool $mq_fix Boolean whether or not to enable magic quotes fix */ public function mergeArrayFromForm($array, $index = false, $allowed = true, $mq_fix = true) { $ret = HTMLPurifier_Config::prepareArrayFromForm($array, $index, $allowed, $mq_fix, $this->def); $this->loadArray($ret); }
/** * Update HTMLPurifier configuration. * * @return void */ public function updatepurifierconfig() { $this->checkCsrfToken(); // Security check if (!SecurityUtil::checkPermission('SecurityCenter::', '::', ACCESS_ADMIN)) { return LogUtil::registerPermissionError(); } // Load HTMLPurifier Classes $purifier = SecurityCenter_Util::getpurifier(); // Update module variables. $config = FormUtil::getPassedValue('purifierConfig', null, 'POST'); $config = HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def); //echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n"; $allowed = HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def); foreach ($allowed as $allowedDirective) { list($namespace, $directive) = $allowedDirective; $directiveKey = $namespace . '.' . $directive; $def = $purifier->config->def->info[$directiveKey]; if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } if (isset($config[$namespace]) && isset($config[$namespace][$directive])) { if (is_int($def)) { $directiveType = abs($def); } else { $directiveType = (isset($def->type) ? $def->type : 0); } switch ($directiveType) { case HTMLPurifier_VarParser::LOOKUP: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][$val] = true; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case HTMLPurifier_VarParser::ALIST: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { $val = trim($val); if (!empty($val)) { $config[$namespace][$directive][] = $val; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; case HTMLPurifier_VarParser::HASH: $value = explode(PHP_EOL, $config[$namespace][$directive]); $config[$namespace][$directive] = array(); foreach ($value as $val) { list($i, $v) = explode(':', $val); $i = trim($i); $v = trim($v); if (!empty($i) && !empty($v)) { $config[$namespace][$directive][$i] = $v; } } if (empty($config[$namespace][$directive])) { unset($config[$namespace][$directive]); } break; } } if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) { unset($config[$namespace][$directive]); if (count($config[$namespace]) <= 0) { unset($config[$namespace]); } } } //echo "\r\n\r\n<pre>" . print_r($config, true) . "</pre>\r\n\r\n"; exit; $this->setVar('htmlpurifierConfig', serialize($config)); $purifier = SecurityCenter_Util::getpurifier(true); // clear all cache and compile directories ModUtil::apiFunc('Settings', 'admin', 'clearallcompiledcaches'); // the module configuration has been updated successfuly LogUtil::registerStatus($this->__('Done! Saved HTMLPurifier configuration.')); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work $this->redirect(ModUtil::url('SecurityCenter', 'admin', 'modifyconfig')); }