/**
* output filter to implement html purifier
*
* @param \Zikula_Event $event event object
*
* @return mixed modified event data
*/
public function outputFilter(Zikula_Event $event)
{
if (System::getVar('outputfilter') > 1) {
return;
}
// recursive call for arrays
// [removed as it's duplicated in datautil]
// prepare htmlpurifier class
static $safecache;
$purifier = SecurityCenterUtil::getpurifier();
$md5 = md5($event->data);
// check if the value is in the safecache
if (isset($safecache[$md5])) {
$event->data = $safecache[$md5];
} else {
// save renderer delimiters
$event->data = str_replace('{', '%VIEW_LEFT_DELIMITER%', $event->data);
$event->data = str_replace('}', '%VIEW_RIGHT_DELIMITER%', $event->data);
$event->data = $purifier->purify($event->data);
// restore renderer delimiters
$event->data = str_replace('%VIEW_LEFT_DELIMITER%', '{', $event->data);
$event->data = str_replace('%VIEW_RIGHT_DELIMITER%', '}', $event->data);
// cache the value
$safecache[$md5] = $event->data;
}
return $event->data;
}
/**
* @Route("/purifierconfig")
* @Method("POST")
*
* Update HTMLPurifier configuration.
*
* @param Request $request
*
* @return RedirectResponse
*
* @throws AccessDeniedException Thrown if the user doesn't have admin access to the module
*/
public function updatepurifierconfigAction(Request $request)
{
$this->checkCsrfToken();
// Security check
if (!SecurityUtil::checkPermission('ZikulaSecurityCenterModule::', '::', ACCESS_ADMIN)) {
throw new AccessDeniedException();
}
// Load HTMLPurifier Classes
$purifier = SecurityCenterUtil::getpurifier();
// Update module variables.
$config = $request->request->get('purifierConfig', null);
$config = \HTMLPurifier_Config::prepareArrayFromForm($config, false, true, true, $purifier->config->def);
$allowed = \HTMLPurifier_Config::getAllowedDirectivesForForm(true, $purifier->config->def);
foreach ($allowed as $allowedDirective) {
list($namespace, $directive) = $allowedDirective;
$directiveKey = $namespace . '.' . $directive;
$def = $purifier->config->def->info[$directiveKey];
if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
if (isset($config[$namespace]) && isset($config[$namespace][$directive])) {
if (is_int($def)) {
$directiveType = abs($def);
} else {
$directiveType = isset($def->type) ? $def->type : 0;
}
switch ($directiveType) {
case \HTMLPurifier_VarParser::LOOKUP:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][$val] = true;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case \HTMLPurifier_VarParser::ALIST:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
$val = trim($val);
if (!empty($val)) {
$config[$namespace][$directive][] = $val;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
case \HTMLPurifier_VarParser::HASH:
$value = explode(PHP_EOL, $config[$namespace][$directive]);
$config[$namespace][$directive] = array();
foreach ($value as $val) {
list($i, $v) = explode(':', $val);
$i = trim($i);
$v = trim($v);
if (!empty($i) && !empty($v)) {
$config[$namespace][$directive][$i] = $v;
}
}
if (empty($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
}
break;
}
}
if (isset($config[$namespace]) && array_key_exists($directive, $config[$namespace]) && is_null($config[$namespace][$directive])) {
unset($config[$namespace][$directive]);
if (count($config[$namespace]) <= 0) {
unset($config[$namespace]);
}
}
}
$this->setVar('htmlpurifierConfig', serialize($config));
// clear all cache and compile directories
ModUtil::apiFunc('ZikulaSettingsModule', 'admin', 'clearallcompiledcaches');
// the module configuration has been updated successfuly
$request->getSession()->getFlashBag()->add('status', $this->__('Done! Saved HTMLPurifier configuration.'));
return new RedirectResponse($this->get('router')->generate('zikulasecuritycentermodule_admin_modifyconfig', array(), RouterInterface::ABSOLUTE_URL));
}
