/** * Generate the JavaScript that will set TinyMCE's configuration: * - Parse all configurations into JSON objects to be used in JavaScript * - Includes TinyMCE and configurations using the {@link Requirements} system * * @return array */ protected function getConfig() { $settings = $this->getSettings(); // https://www.tinymce.com/docs/configure/url-handling/#document_base_url $settings['document_base_url'] = Director::absoluteBaseURL(); // https://www.tinymce.com/docs/api/class/tinymce.editormanager/#baseURL $tinyMCEBaseURL = Controller::join_links(Director::absoluteBaseURL(), $this->config()->get('base_dir') ?: ADMIN_THIRDPARTY_DIR . '/tinymce'); $settings['baseURL'] = $tinyMCEBaseURL; // map all plugins to absolute urls for loading $plugins = array(); foreach ($this->getPlugins() as $plugin => $path) { if (!$path) { // Empty paths: Convert to urls in standard base url $path = Controller::join_links($tinyMCEBaseURL, "plugins/{$plugin}/plugin.min.js"); } elseif (!Director::is_absolute_url($path)) { // Non-absolute urls are made absolute $path = Director::absoluteURL($path); } $plugins[$plugin] = $path; } // https://www.tinymce.com/docs/configure/integration-and-setup/#external_plugins if ($plugins) { $settings['external_plugins'] = $plugins; } // https://www.tinymce.com/docs/configure/editor-appearance/#groupingtoolbarcontrols $buttons = $this->getButtons(); $settings['toolbar'] = []; foreach ($buttons as $rowButtons) { $row = implode(' ', $rowButtons); if (count($buttons) > 1) { $settings['toolbar'][] = $row; } else { $settings['toolbar'] = $row; } } // https://www.tinymce.com/docs/configure/content-appearance/#content_css $settings['content_css'] = $this->getEditorCSS(); // https://www.tinymce.com/docs/configure/editor-appearance/#theme_url $theme = $this->getTheme(); if (!Director::is_absolute_url($theme)) { $theme = Controller::join_links($tinyMCEBaseURL, "themes/{$theme}/theme.min.js"); } $settings['theme_url'] = $theme; // Send back return $settings; }
/** * Get remote File given url * * @param string $fileUrl Absolute URL * @return array * @throws HTTPResponse_Exception */ protected function viewfile_getRemoteFileByURL($fileUrl) { if (!Director::is_absolute_url($fileUrl)) { throw $this->getErrorFor(_t("HTMLEditorField_Toolbar.ERROR_ABSOLUTE", "Only absolute urls can be embedded")); } $scheme = strtolower(parse_url($fileUrl, PHP_URL_SCHEME)); $allowed_schemes = self::config()->fileurl_scheme_whitelist; if (!$scheme || $allowed_schemes && !in_array($scheme, $allowed_schemes)) { throw $this->getErrorFor(_t("HTMLEditorField_Toolbar.ERROR_SCHEME", "This file scheme is not included in the whitelist")); } $domain = strtolower(parse_url($fileUrl, PHP_URL_HOST)); $allowed_domains = self::config()->fileurl_domain_whitelist; if (!$domain || $allowed_domains && !in_array($domain, $allowed_domains)) { throw $this->getErrorFor(_t("HTMLEditorField_Toolbar.ERROR_HOSTNAME", "This file hostname is not included in the whitelist")); } return [null, $fileUrl]; }
public function testIsAbsoluteUrl() { $this->assertTrue(Director::is_absolute_url('http://test.com/testpage')); $this->assertTrue(Director::is_absolute_url('ftp://test.com')); $this->assertFalse(Director::is_absolute_url('test.com/testpage')); $this->assertFalse(Director::is_absolute_url('/relative')); $this->assertFalse(Director::is_absolute_url('relative')); $this->assertFalse(Director::is_absolute_url("/relative/?url=http://foo.com")); $this->assertFalse(Director::is_absolute_url("/relative/#http://foo.com")); $this->assertTrue(Director::is_absolute_url("https://test.com/?url=http://foo.com")); $this->assertTrue(Director::is_absolute_url("trickparseurl:http://test.com")); $this->assertTrue(Director::is_absolute_url('//test.com')); $this->assertTrue(Director::is_absolute_url('/////test.com')); $this->assertTrue(Director::is_absolute_url(' ///test.com')); $this->assertTrue(Director::is_absolute_url('http:test.com')); $this->assertTrue(Director::is_absolute_url('//http://test.com')); }