Use this instead of Gdn_Format::Html() when you do not want magic formatting.
| public static htmlFilter ( mixed $Mixed ) : string | ||
| $Mixed | mixed | An object, array, or string to be formatted. |
| return | string | HTML |
/**
* Filters an unsafe HTML string and returns it.
*
* @param string $html The HTML to filter.
* @param bool $convertNewlines Whether to convert new lines to html br tags.
* @param bool $filter Whether to filter HTML or not.
* @return string The filtered HTML string.
*/
protected function formatContent($html, $convertNewlines = false, $filter = false)
{
$str = $html;
if ($filter) {
$str = Gdn_Format::htmlFilter($str);
}
if ($convertNewlines) {
$str = preg_replace('/(\\015\\012)|(\\015)|(\\012)/', '<br>', $str);
}
// $str = strip_tags($str, ['b', 'i', 'p', 'strong', 'em', 'br']);
return $str;
}
/**
* Output markup for extended profile fields.
*
* @param array $profileFields Formatted profile fields.
* @param array $allFields Extended profile field data.
* @param array $magicLabels "Magic" labels configured on the Profile Extender plug-in class.
*/
function extendedProfileFields($profileFields, $allFields, $magicLabels = [])
{
foreach ($profileFields as $name => $value) {
// Skip empty and hidden fields.
if (!$value || !val('OnProfile', $allFields[$name])) {
continue;
}
// Non-magic fields must be plain text, but we'll auto-link
if (!in_array($name, $magicLabels)) {
$value = Gdn_Format::links(Gdn_Format::text($value));
}
$class = 'Profile' . Gdn_Format::alphaNumeric($name);
$label = Gdn_Format::text($allFields[$name]['Label']);
$filteredVal = Gdn_Format::htmlFilter($value);
echo " <dt class=\"ProfileExtend {$class}\">{$label}</dt> ";
echo " <dd class=\"ProfileExtend {$class}\">{$filteredVal}</dd> ";
}
}
/**
* Sanitize a string according to the filter specified _Filter in the data array.
*
* The valid values for _Filter are:
*
* - none: No sanitization.
* - filter: Sanitize using {@link Gdn_Format::htmlFilter()}.
* - safe: Sanitize using {@link htmlspecialchars()}.
*
* @param string $string The string to sanitize.
* @return string Returns the sanitized string.
*/
protected function sanitize($string)
{
switch ($this->data('_Filter', 'safe')) {
case 'none':
return $string;
case 'filter':
return Gdn_Format::htmlFilter($string);
case 'safe':
default:
return htmlspecialchars($string);
}
}
/**
* Adds an error to the errors collection and optionally relates it to the
* specified FieldName. Errors added with this method can be rendered with
* $this->Errors().
*
* @param mixed $ErrorCode
* - <b>string</b>: The translation code that represents the error to display.
* - <b>Exception</b>: The exception to display the message for.
* @param string $FieldName The name of the field to relate the error to.
*/
public function addError($Error, $FieldName = '')
{
if (is_string($Error)) {
$ErrorCode = $Error;
} elseif (is_a($Error, 'Gdn_UserException')) {
$ErrorCode = '@' . Gdn_Format::htmlFilter($Error->getMessage());
} elseif (is_a($Error, 'Exception')) {
// Strip the extra information out of the exception.
$Parts = explode('|', $Error->getMessage());
$Message = htmlspecialchars($Parts[0]);
if (count($Parts) >= 3) {
$FileSuffix = ": {$Parts[1]}->{$Parts[2]}(...)";
} else {
$FileSuffix = "";
}
if (debug()) {
$ErrorCode = '@<pre>' . $Message . "\n" . '## ' . $Error->getFile() . '(' . $Error->getLine() . ")" . $FileSuffix . "\n" . htmlspecialchars($Error->getTraceAsString()) . '</pre>';
} else {
$ErrorCode = '@' . htmlspecialchars(strip_tags($Error->getMessage()));
}
}
if ($FieldName == '') {
$FieldName = '<General Error>';
}
if (!is_array($this->_ValidationResults)) {
$this->_ValidationResults = array();
}
if (!array_key_exists($FieldName, $this->_ValidationResults)) {
$this->_ValidationResults[$FieldName] = array($ErrorCode);
} else {
if (!is_array($this->_ValidationResults[$FieldName])) {
$this->_ValidationResults[$FieldName] = array($this->_ValidationResults[$FieldName], $ErrorCode);
} else {
$this->_ValidationResults[$FieldName][] = $ErrorCode;
}
}
}
/**
* "Table" layout for discussions. Mimics more traditional forum discussion layout.
*/
$Session = Gdn::session();
include_once $this->fetchViewLocation('helper_functions', 'discussions', 'vanilla');
include_once $this->fetchViewLocation('table_functions', 'discussions', 'vanilla');
/**
* Render the page.
*/
$PagerOptions = array('Wrapper' => '<div %1$s>%2$s</div>', 'RecordCount' => $this->data('CountDiscussions'), 'CurrentRecords' => $this->data('Discussions')->numRows());
if ($this->data('_PagerUrl')) {
$PagerOptions['Url'] = $this->data('_PagerUrl');
}
echo '<h1 class="H HomepageTitle">' . $this->data('Title') . '</h1>';
$Description = $this->data('Category.Description', $this->Description());
echo wrapIf(Gdn_Format::htmlFilter($Description), 'div', array('class' => 'P PageDescription'));
$this->fireEvent('AfterDescription');
include $this->fetchViewLocation('Subtree', 'Categories', 'Vanilla');
echo '<div class="PageControls Top">';
PagerModule::write($PagerOptions);
echo Gdn_Theme::Module('NewDiscussionModule', $this->data('_NewDiscussionProperties', array('CssClass' => 'Button Action Primary')));
$this->fireEvent('PageControls');
echo '</div>';
if ($this->DiscussionData->numRows() > 0 || isset($this->AnnounceData) && is_object($this->AnnounceData) && $this->AnnounceData->numRows() > 0) {
?>
<div class="DataTableWrap">
<table class="DataTable DiscussionsTable">
<thead>
<?php
WriteDiscussionHeading();
?>
/**
* Display custom fields on Profile.
*/
public function userInfoModule_onBasicInfo_handler($Sender)
{
if ($Sender->User->Banned) {
return;
}
try {
// Get the custom fields
$ProfileFields = Gdn::userModel()->getMeta($Sender->User->UserID, 'Profile.%', 'Profile.');
// Import from CustomProfileFields if available
if (!count($ProfileFields) && is_object($Sender->User) && c('Plugins.CustomProfileFields.SuggestedFields', false)) {
$ProfileFields = Gdn::userModel()->getAttribute($Sender->User->UserID, 'CustomProfileFields', false);
if ($ProfileFields) {
// Migrate to UserMeta & delete original
Gdn::userModel()->setMeta($Sender->User->UserID, $ProfileFields, 'Profile.');
Gdn::userModel()->saveAttribute($Sender->User->UserID, 'CustomProfileFields', false);
}
}
// Send them off for magic formatting
$ProfileFields = $this->parseSpecialFields($ProfileFields);
// Get all field data, error check
$AllFields = $this->getProfileFields();
if (!is_array($AllFields) || !is_array($ProfileFields)) {
return;
}
// DateOfBirth is special case that core won't handle
// Hack it in here instead
if (c('ProfileExtender.Fields.DateOfBirth.OnProfile')) {
// Do not use Gdn_Format::Date because it shifts to local timezone
$BirthdayStamp = Gdn_Format::toTimestamp($Sender->User->DateOfBirth);
if ($BirthdayStamp) {
$ProfileFields['DateOfBirth'] = date(t('Birthday Format', 'F j, Y'), $BirthdayStamp);
$AllFields['DateOfBirth'] = array('Label' => t('Birthday'), 'OnProfile' => true);
}
}
// Display all non-hidden fields
$ProfileFields = array_reverse($ProfileFields);
foreach ($ProfileFields as $Name => $Value) {
// Skip empty and hidden fields.
if (!$Value || !val('OnProfile', $AllFields[$Name])) {
continue;
}
// Non-magic fields must be plain text, but we'll auto-link
if (!in_array($Name, $this->MagicLabels)) {
$Value = Gdn_Format::links(Gdn_Format::text($Value));
}
echo ' <dt class="ProfileExtend Profile' . Gdn_Format::alphaNumeric($Name) . '">' . Gdn_Format::text($AllFields[$Name]['Label']) . '</dt> ';
echo ' <dd class="ProfileExtend Profile' . Gdn_Format::alphaNumeric($Name) . '">' . Gdn_Format::htmlFilter($Value) . '</dd> ';
}
} catch (Exception $ex) {
// No errors
}
}
/**
* Takes a mixed variable, filters unsafe HTML and returns it.
* Does "magic" formatting of links, mentions, link embeds, emoji, & linebreaks.
*
* @param mixed $Mixed An object, array, or string to be formatted.
* @return string
*/
public static function html($Mixed)
{
if (!is_string($Mixed)) {
return self::to($Mixed, 'Html');
} else {
if (self::isHtml($Mixed)) {
// Purify HTML
$Mixed = Gdn_Format::htmlFilter($Mixed);
// Links
$Mixed = Gdn_Format::links($Mixed);
// Mentions & Hashes
$Mixed = Gdn_Format::mentions($Mixed);
// Emoji
$Mixed = Emoji::instance()->translateToHtml($Mixed);
// nl2br
if (C('Garden.Format.ReplaceNewlines', true)) {
$Mixed = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Mixed);
$Mixed = fixNl2Br($Mixed);
}
$Result = $Mixed;
// $Result = $Result.
// "<h3>Html</h3><pre>".nl2br(htmlspecialchars(str_replace("<br />", "\n", $Mixed)))."</pre>".
// "<h3>Formatted</h3><pre>".nl2br(htmlspecialchars(str_replace("<br />", "\n", $Result)))."</pre>";
} else {
// The text does not contain html and does not have to be purified.
// This is an optimization because purifying is very slow and memory intense.
$Result = htmlspecialchars($Mixed, ENT_NOQUOTES, C('Garden.Charset', 'UTF-8'));
$Result = Gdn_Format::mentions($Result);
$Result = Gdn_Format::links($Result);
$Result = Emoji::instance()->translateToHtml($Result);
if (C('Garden.Format.ReplaceNewlines', true)) {
$Result = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Result);
$Result = fixNl2Br($Result);
}
}
return $Result;
}
}
/**
* Takes a mixed variable, filters unsafe HTML and returns it.
*
* Does "magic" formatting of links, mentions, link embeds, emoji, & linebreaks.
*
* @param mixed $Mixed An object, array, or string to be formatted.
* @return string HTML
*/
public static function html($Mixed)
{
if (!is_string($Mixed)) {
return self::to($Mixed, 'Html');
} else {
if (self::isHtml($Mixed)) {
// Purify HTML
$Mixed = Gdn_Format::htmlFilter($Mixed);
// nl2br
if (c('Garden.Format.ReplaceNewlines', true)) {
$Mixed = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Mixed);
$Mixed = fixNl2Br($Mixed);
}
$Result = Gdn_Format::processHTML($Mixed);
} else {
// The text does not contain HTML and does not have to be purified.
// This is an optimization because purifying is very slow and memory intense.
$Result = htmlspecialchars($Mixed, ENT_NOQUOTES, 'UTF-8');
if (c('Garden.Format.ReplaceNewlines', true)) {
$Result = preg_replace("/(\r\n)|(\r)|(\n)/", "<br />", $Result);
$Result = fixNl2Br($Result);
}
$Result = Gdn_Format::processHTML($Result);
}
return $Result;
}
}
