Singleton for enforcing just one HTML Purifier in your system
public static getInstance ( HTMLPurifier | HTMLPurifier_Config $prototype = null ) : HTMLPurifier | ||
$prototype | HTMLPurifier | HTMLPurifier_Config | Optional prototype HTMLPurifier instance to overload singleton with, or HTMLPurifier_Config instance to configure the generated version with. |
return | HTMLPurifier |
/** * Cross-site scripting (XSS) 공격을 방어하기 위해서 위험한 문자열을 제거한다. * @param string $data */ function kboard_xssfilter($data) { global $kboard_xssfilter_active; if (is_array($data)) { return array_map('kboard_xssfilter', $data); } if ($kboard_xssfilter_active) { if (!isset($GLOBALS['KBOARD']) || !isset($GLOBALS['KBOARD']['HTMLPurifier']) && !$GLOBALS['KBOARD']['HTMLPurifier'] || !isset($GLOBALS['KBOARD']['HTMLPurifier_Config']) || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) { $HTMLPurifier_Config = HTMLPurifier_Config::createDefault(); $HTMLPurifier_Config->set('URI.AllowedSchemes', array('http' => true, 'https' => true, 'mailto' => true)); $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)'); $HTMLPurifier_Config->set('HTML.SafeIframe', true); $HTMLPurifier_Config->set('HTML.SafeObject', true); $HTMLPurifier_Config->set('HTML.SafeEmbed', true); $HTMLPurifier_Config->set('HTML.TidyLevel', 'light'); $HTMLPurifier_Config->set('HTML.FlashAllowFullScreen', true); $HTMLPurifier_Config->set('HTML.AllowedElements', 'img,div,a,strong,font,span,em,br,p,u,i,b,sup,sub,small,table,thead,tbody,tfoot,tr,td,th,caption,pre,code,ul,li,ol,big,code,blockquote,center,hr,h1,h2,h3,h4,h5,h6,iframe'); $HTMLPurifier_Config->set('HTML.AllowedAttributes', 'a.href,a.target,img.src,iframe.src,iframe.frameborder,*.id,*.alt,*.style,*.class,*.title,*.width,*.height,*.border,*.colspan,*.rowspan'); $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank')); $HTMLPurifier_Config->set('Output.FlashCompat', true); $HTMLPurifier_Config->set('Core.RemoveInvalidImg', true); $HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier'); $GLOBALS['KBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config; $GLOBALS['KBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance(); unset($HTMLPurifier_Config); } $data = $GLOBALS['KBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KBOARD']['HTMLPurifier_Config']); } return $data; }
/** * Cross-site scripting (XSS) 공격을 방어하기 위해서 위험 문자열을 제거한다. * @param string $data */ function kboard_xssfilter($data) { global $kboard_xssfilter_active; if (is_array($data)) { return array_map('kboard_xssfilter', $data); } if ($kboard_xssfilter_active) { if (!$GLOBALS['KBOARD']['HTMLPurifier'] || !$GLOBALS['KBOARD']['HTMLPurifier_Config']) { $HTMLPurifier_Config = HTMLPurifier_Config::createDefault(); $HTMLPurifier_Config->set('HTML.SafeIframe', true); $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)'); $HTMLPurifier_Config->set('HTML.TidyLevel', 'light'); $HTMLPurifier_Config->set('HTML.SafeObject', true); $HTMLPurifier_Config->set('HTML.SafeEmbed', true); $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank')); $HTMLPurifier_Config->set('Output.FlashCompat', true); $HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads/kboard_htmlpurifier'); $GLOBALS['KBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config; $GLOBALS['KBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance(); unset($HTMLPurifier_Config); } $data = $GLOBALS['KBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KBOARD']['HTMLPurifier_Config']); } return kboard_safeiframe($data); }
public function testCanLoadHTMLPurifier() { $this->config = HTMLPurifier_Config::createDefault(); $this->config->set('Core.EscapeNonASCIICharacters', false); $this->config->set('URI.DisableResources', true); $this->purifier = HTMLPurifier::getInstance($this->config); $this->assertPurification('<img src="foo.jpg" />', ''); }
protected function writeHTMLDiv($html) { $this->startElement('div'); $purifier = HTMLPurifier::getInstance(); $html = $purifier->purify($html); $this->writeAttribute('xmlns', 'http://www.w3.org/1999/xhtml'); $this->writeRaw($html); $this->endElement(); }
protected function appendHTMLDiv($document, $node, $html) { $purifier = HTMLPurifier::getInstance(); $html = $purifier->purify($html); $dom_html = $document->createDocumentFragment(); $dom_html->appendXML($html); $dom_div = $document->createElement('div'); $dom_div->setAttribute('xmlns', 'http://www.w3.org/1999/xhtml'); $dom_div->appendChild($dom_html); $node->appendChild($dom_div); }
/** * @return Parser */ public function createCreoleEx() { $creole = new Creole(); $creole->wikiUrl = 'http://www.example.com/wiki/'; $creole->externalWikis = ['Wiki-A' => 'http://www.wiki-a.com/wiki-a/', 'Wiki-B' => 'https://www.wiki-b.com/wiki-b/']; $creole->useRawHtml = true; $creole->rawHtmlFilter = function ($input) { $config = \HTMLPurifier_Config::createDefault(); $purifier = \HTMLPurifier::getInstance($config); return $purifier->purify($input); }; return $creole; }
/** * Define the form elements. * *@return void */ private function _registerElements() { //URL: $youtubeURL = isset($_POST['youtubeurl']) ? HTMLPurifier::getInstance()->purify(trim($_POST['youtubeurl'])) : ''; $this->addElement('text', 'youtubeurl', array('label' => __('Youtube URL'), 'value' => $youtubeURL, 'validators' => array(array('callback', false, array('callback' => array($this, 'validateYoutubeUrl'), 'options' => array()))), 'order' => 1, 'required' => true)); // Collection: $this->addElement('select', 'youtubecollection', array('label' => __('Collection'), 'description' => __('To which collection would you like to add the YouTube video?'), 'value' => '0', 'order' => 2, 'multiOptions' => $this->_getCollectionOptions())); // User Role: $this->addElement('select', 'youtubeuserrole', array('label' => __('User Role'), 'description' => __('Which role does the Youtube user/channel play in the creation of the new Omeka item?'), 'value' => 'Publisher', 'order' => 3, 'multiOptions' => $this->_getRoleOptions())); // Visibility (public vs private): $this->addElement('checkbox', 'youtubepublic', array('label' => __('Public Visibility'), 'description' => __('Would you like to make the video public in Omeka?'), 'checked' => 'checked', 'order' => 4)); if (version_compare(OMEKA_VERSION, '2.2.1') >= 0) { $this->addElement('hash', 'youtube_token'); } // Submit: $this->addElement('submit', 'youtube-import-submit', array('label' => __('Import Video'))); //Display Groups: $this->addDisplayGroup(array('youtubeurl', 'youtubecollection', 'youtubeuserrole', 'youtubepublic'), 'fields'); $this->addDisplayGroup(array('youtube-import-submit'), 'submit_buttons'); }
/** * XSS 공격을 방어하기 위해서 위험 문자열을 제거한다. * @param string $data */ function kingkongboard_xssfilter($data) { if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { if (is_array($data)) { return array_map('kingkongboard_xssfilter', $data); } $HTMLPurifier_Config = HTMLPurifier_Config::createDefault(); $HTMLPurifier_Config->set('HTML.SafeIframe', true); $HTMLPurifier_Config->set('URI.SafeIframeRegexp', '(.*)'); $HTMLPurifier_Config->set('HTML.TidyLevel', 'light'); $HTMLPurifier_Config->set('HTML.SafeObject', true); $HTMLPurifier_Config->set('HTML.SafeEmbed', true); $HTMLPurifier_Config->set('Attr.AllowedFrameTargets', array('_blank')); $HTMLPurifier_Config->set('Output.FlashCompat', true); $HTMLPurifier_Config->set('Cache.SerializerPath', WP_CONTENT_DIR . '/uploads'); $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config'] = $HTMLPurifier_Config; $GLOBALS['KINGKONGBOARD']['HTMLPurifier'] = HTMLPurifier::getInstance(); unset($HTMLPurifier_Config); $data = $GLOBALS['KINGKONGBOARD']['HTMLPurifier']->purify(stripslashes($data), $GLOBALS['KINGKONGBOARD']['HTMLPurifier_Config']); return kingkongboard_safeiframe($data); } else { return $data; } }
public function addAction() { $data = $_POST; $destination = HTMLPurifier::getInstance()->purify(trim($data['path'])); $form = $this->_getForm(); $valid = $form->isValid($this->getRequest()->getPost()); if (!$valid) { $taggingSession = new Zend_Session_Namespace('tagging'); $taggingSession->post = serialize($_POST); $this->_helper->redirector->gotoUrl($destination . '#tagging-form'); } // Currently, tags are allowed only on items. if (HTMLPurifier::getInstance()->purify(trim($data['record_type'])) != 'Item') { $this->_helper->flashMessenger(__('This record does not accept tags.'), 'warning'); $this->_helper->redirector->gotoUrl($destination); } // Security check. $record = get_record_by_id(HTMLPurifier::getInstance()->purify(trim($data['record_type'])), (int) HTMLPurifier::getInstance()->purify(trim($data['record_id']))); if (!$record) { $this->_helper->flashMessenger(__('Record does not exist.'), 'warning'); $this->_helper->redirector->gotoUrl($destination); } // Moderation or not. $user = current_user(); // If the user can moderate, the proposition is automatically approved. $moderationRoles = unserialize(get_option('tagging_moderate_roles')); if (in_array($user->role, $moderationRoles)) { $status = 'approved'; } else { if (empty($user)) { $user_id = 0; $requireModeration = (bool) get_option('tagging_public_require_moderation'); } else { $user_id = $user->id; $requireModerationRoles = unserialize(get_option('tagging_require_moderation_roles')); $requireModeration = in_array($user->role, $requireModerationRoles); } $status = $requireModeration ? 'proposed' : 'allowed'; } // Default values for tagging. $data['ip'] = $_SERVER['REMOTE_ADDR']; $data['user_agent'] = $_SERVER['HTTP_USER_AGENT']; $data['status'] = $status; // Need getValue to run the filter. $userTagging = HTMLPurifier::getInstance()->purify(trim($form->getElement('tagging')->getValue())); $proposedTaggingsNames = explode(get_option('tag_delimiter'), $userTagging); // Prepare checks of existing tags. $db = get_db(); $recordTags = $record->getTags(); $recordTaggings = $db->getTable('Tagging')->findByRecord($record); $recordTagsNames = $this->_getTagsNames($recordTags); $recordTaggingsNames = $this->_getTagsNames($recordTaggings); // There is one tagging by tag to simplify management. $tagsToAdd = array(); $approvedExistingTags = array(); foreach ($proposedTaggingsNames as $proposedTag) { $data['name'] = $proposedTag; $tagging = new Tagging(); $tagging->user_id = $user_id; $tagging->setArray($data); $sanitizedName = $tagging->sanitizeName(); // Check the quality of tag. if (!$sanitizedName) { continue; } // Check if this tagging is not a duplicate. if (in_array($sanitizedName, $tagsToAdd)) { continue; } // Check if this tagging is not already set. if (in_array($sanitizedName, $recordTagsNames)) { continue; } // Check size of a tag. if (strlen($sanitizedName) > get_option('tagging_max_length_tag')) { $this->_helper->flashMessenger(__('Individual tags can\'t be longer than %d characters.', get_option('tagging_max_length_tag')), 'error'); continue; } // Check if this tagging is not already saved. if (in_array($sanitizedName, $recordTaggingsNames)) { $existingTagging = $recordTaggings[array_search($sanitizedName, $recordTaggingsNames)]; // Check status. // Normally, an existing approved tagging is already an item tag. if ($tagging->status == 'approved') { $existingTagging->status = 'approved'; try { $existingTagging->save(); } catch (Exception $e) { _log($e->getMessage()); } $approvedExistingTags[] = $sanitizedName; } // In all other cases (already approved or rejected), the // old tagging is kept in place of the new one. continue; } $tagsToAdd[] = $sanitizedName; // Taggings are automatically added to item if they are appoved. try { $tagging->save(); } catch (Exception $e) { _log($e->getMessage()); } } // Information for user. if (count($approvedExistingTags)) { $this->_helper->flashMessenger(__('Your tags "%s" have been approved.', implode(', ', $approvedExistingTags)), 'success'); } if (count($tagsToAdd) == 0 && count($approvedExistingTags) == 0) { $this->_helper->flashMessenger(__('This tag has already been submitted "%s" or it is not correctly formatted.', $userTagging), 'warning'); } else { if ($requireModeration) { $this->_helper->flashMessenger(__('Your tag "%s" is awaiting approval', $userTagging), 'success'); } else { if (count($tagsToAdd) == 0) { // In that case, this is approved existing tags. } elseif (count($tagsToAdd) == 1) { $this->_helper->flashMessenger(__('Your tag "%s" has been added', implode(', ', $tagsToAdd)), 'success'); } else { $this->_helper->flashMessenger(__('Your tags "%s" have been added', implode(', ', $tagsToAdd)), 'success'); } } } $this->_helper->redirector->gotoUrl($destination); }
/** * Perform HTML purification depending of level purification required. * * There are 5 level of purification, from the most restrictive to most * permissive: * - CODENDI_PURIFIER_CONVERT_HTML (default) * Transform HTML markups it in entities. * * - CODENDI_PURIFIER_STRIP_HTML * Removes all HTML markups. Note: as we relly on HTML Purifier to * perform this operation this option is not considered as secure as * CONVERT_HTML. If you are looking for the most secure option please * consider CONVERT_HTML. * * - CODENDI_PURIFIER_BASIC (need $groupId to be set for automagic links) * Removes all user submitted HTML markups but: * - transform typed URLs into clickable URLs. * - transform autmagic links. * - transform carrige return into HTML br markup. * * - CODENDI_PURIFIER_LIGHT * First set of HTML formatting (@see getLightConfig() for allowed * markups) plus all what is allowed by CODENDI_PURIFIER_BASIC. * * - CODENDI_PURIFIER_FULL * Clean-up plain HTML using HTML Purifier rules (remove forms, * javascript, ...). Warning: there is no longer codendi facilities * (neither automagic links nor carrige return to br transformation). * * - CODENDI_PURIFIER_DISABLED * No filter at all. */ function purify($html, $level = 0, $groupId = 0) { $clean = ''; switch ($level) { case CODENDI_PURIFIER_DISABLED: $clean = $html; break; case CODENDI_PURIFIER_LIGHT: if (empty($html)) { $clean = $html; break; } $this->insertReferences($html, $groupId); case CODENDI_PURIFIER_STRIP_HTML: case CODENDI_PURIFIER_FULL: require_once 'HTMLPurifier.auto.php'; $hp = HTMLPurifier::getInstance(); $config = $this->getHPConfig($level); $clean = $hp->purify($html, $config); // Quite big object, it's better to unset it (memory). unset($config); break; case CODENDI_PURIFIER_BASIC: $clean = nl2br($this->makeLinks(htmlentities($html, ENT_QUOTES, 'UTF-8'), $groupId)); break; case CODENDI_PURIFIER_BASIC_NOBR: $clean = $this->makeLinks(htmlentities($html, ENT_QUOTES, 'UTF-8'), $groupId); break; case CODENDI_PURIFIER_JS_QUOTE: $json_hex_apos = 4; //Equivalent to JSON_HEX_APOS $clean = $this->js_string_purifier($html, $json_hex_apos); break; case CODENDI_PURIFIER_JS_DQUOTE: $json_hex_quote = 8; //Equivalent to JSON_HEX_QUOTE $clean = $this->js_string_purifier($html, $json_hex_quote); break; case CODENDI_PURIFIER_CONVERT_HTML: default: $clean = htmlentities($html, ENT_QUOTES, 'UTF-8'); break; } return $clean; }
- make XML format richer - extend XSLT transformation (see the corresponding XSLT file) - allow generation of packaged docs that can be easily moved - multipage documentation - determine how to multilingualize - add blurbs to ToC */ if (version_compare(PHP_VERSION, '5.2', '<')) { exit('PHP 5.2+ required.'); } error_reporting(E_ALL | E_STRICT); // load dual-libraries require_once dirname(__FILE__) . '/../extras/HTMLPurifierExtras.auto.php'; require_once dirname(__FILE__) . '/../library/HTMLPurifier.auto.php'; // setup HTML Purifier singleton HTMLPurifier::getInstance(array('AutoFormat.PurifierLinkify' => true)); $builder = new HTMLPurifier_ConfigSchema_InterchangeBuilder(); $interchange = new HTMLPurifier_ConfigSchema_Interchange(); $builder->buildDir($interchange); $loader = dirname(__FILE__) . '/../config-schema.php'; if (file_exists($loader)) { include $loader; } $interchange->validate(); $style = 'plain'; // use $_GET in the future, careful to validate! $configdoc_xml = dirname(__FILE__) . '/configdoc.xml'; $xml_builder = new HTMLPurifier_ConfigSchema_Builder_Xml(); $xml_builder->openURI($configdoc_xml); $xml_builder->build($interchange); unset($xml_builder);
} ?> <?php foreach ($type->getTypeElements() as $contributionTypeElement) { /************************************************************ *REVISIONS * Ver Date Author Description * -------- ---------- -------------- ---------------------- * 1.0 09/02/2015 mrs175 1. Removed description of youtube video item, added functionality for form to stay filled after failed submission ************************************************************/ $element = $contributionTypeElement->Element; if ($type->item_type_id == 3) { unset($element->description); } $value = isset($_POST['Elements'][$element->id][0]['text']) && $type->item_type_id == intval($_POST['contribution_type']) ? HTMLPurifier::getInstance()->purify(trim($_POST['Elements'][$element->id][0]['text'])) : ''; echo $this->elementForm($element, $item, array('contributionTypeElement' => $contributionTypeElement, 'value' => $value)); } ?> <?php if (!isset($required) && $type->isFileAllowed()) { ?> <div class="field"> <div class="two columns alpha"> <?php echo $this->formLabel('contributed_file', __('Upload a file (Optional)')); ?> </div> <div class="inputs five columns omega"> <?php
function phorum_htmlpurifier_editor_after_subject() { // don't show this message if it's a WYSIWYG editor, since it will // then be handled automatically if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) { $i = $GLOBALS['PHORUM']['DATA']['MODE']; if ($i == 'quote' || $i == 'edit' || $i == 'moderation') { ?> <div> <p> <strong>Notice:</strong> HTML has been scrubbed for your safety. If you would like to see the original, turn off WYSIWYG mode (consult your administrator for details.) </p> </div> <?php } return; } if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) { return; } ?> <div class="htmlpurifier-help"> <p> <strong>HTML input</strong> is enabled. Make sure you escape all HTML and angled brackets with <code>&lt;</code> and <code>&gt;</code>. </p><?php $purifier =& HTMLPurifier::getInstance(); $config = $purifier->config; if ($config->get('AutoFormat.AutoParagraph')) { ?> <p> <strong>Auto-paragraphing</strong> is enabled. Double newlines will be converted to paragraphs; for single newlines, use the <code>pre</code> tag. </p><?php } $html_definition = $config->getDefinition('HTML'); $allowed = array(); foreach ($html_definition->info as $name => $x) { $allowed[] = "<code>{$name}</code>"; } sort($allowed); $allowed_text = implode(', ', $allowed); ?> <p><strong>Allowed tags:</strong> <?php echo $allowed_text; ?> .</p><?php ?> </p> <p> For inputting literal code such as HTML and PHP for display, use CDATA tags to auto-escape your angled brackets, and <code>pre</code> to preserve newlines: </p> <pre><pre><![CDATA[ <em>Place code here</em> ]]></pre></pre> <p> Power users, you can hide this notice with: <pre>.htmlpurifier-help {display:none;}</pre> </p> </div><?php }
function testGetInstance() { $purifier = HTMLPurifier::getInstance(); $purifier2 = HTMLPurifier::getInstance(); $this->assertReference($purifier, $purifier2); }
/** * Pre-emptively performs purification if it looks like a WYSIWYG editor * is being used */ function phorum_htmlpurifier_before_editor($message) { if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) { if (!empty($message['body'])) { $body = $message['body']; // de-entity-ize contents $body = str_replace(array('<', '>', '&'), array('<', '>', '&'), $body); $purifier =& HTMLPurifier::getInstance(); $body = $purifier->purify($message['body']); // re-entity-ize contents $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']); } } return $message; }
</div> <?php } ?> <?php /************************************************************ *REVISIONS * Ver Date Author Description * -------- ---------- -------------- ---------------------- * 1.0 09/02/2015 mrs175 1. aadded functionality for form to stay filled after a failed submission ************************************************************/ $tags = isset($_POST['contribution_form_tags']) ? HTMLPurifier::getInstance()->purify(trim($_POST['contribution_form_tags'])) : ''; $tagsFormElementOptions = array('name' => 'contribution_form_tags', 'value' => $tags, 'attribs' => array('id' => 'contribution_form_tags', 'maxlength' => '200')); $name = isset($_POST['contribution_form_name_mandatory']) && !$csrf->isValid($_POST) ? HTMLPurifier::getInstance()->purify(trim($_POST['contribution_form_name_mandatory'])) : ''; $nameFormElementOptions = array('name' => 'contribution_form_name_mandatory', 'value' => $name, 'attribs' => array('id' => 'contribution_form_name_mandatory', 'required' => true, 'maxlength' => '70')); $email = isset($_POST['contribution_simple_email']) && !$csrf->isValid($_POST) ? HTMLPurifier::getInstance()->purify(trim($_POST['contribution_simple_email'])) : ''; $emailFormElementOptions = array('name' => 'contribution_simple_email', 'value' => $email, 'attribs' => array('id' => 'contribution_simple_email', 'required' => true, 'maxlength' => '70')); //if a user is logged in fill in the email element and make it read only $user = current_user(); if ($user) { $emailFormElementOptions['value'] = $user['email']; $emailFormElementOptions['attribs']['readonly'] = true; $emailFormElementOptions['attribs']['onfocus'] = "this.blur()"; $nameFormElementOptions['value'] = $user['name']; $nameFormElementOptions['attribs']['readonly'] = true; $nameFormElementOptions['attribs']['onfocus'] = "this.blur()"; } ?> <div class="inputs"> <?php echo $this->formLabel('contribution_form_tags', __('Keywords or Tags (separated by commas)')) . '<br>';
/** * Returns a sanitized string. * * @param string $string The string to sanitize. * * @return string The sanitized string. */ private function _sanitizeString($string) { $string = HTMLPurifier::getInstance()->purify(trim($string)); // Quote is allowed. $string = strip_tags($string); // The first character is a space and the last one is a no-break space. $string = trim($string, ' /\\?<>:*%|"`&; '); $string = preg_replace('/[\\(\\{]/', '[', $string); $string = preg_replace('/[\\)\\}]/', ']', $string); $string = preg_replace('/[[:cntrl:]\\/\\\\?<>\\*\\%\\|\\"`\\&\\;+\\^\\$\\s]/', '', $string); $string = preg_replace('~\\x{00a0}~', '', $string); return trim(preg_replace('/\\s+/', '', $string)); }
/** * Perform HTML purification depending of level purification required. * * There are 5 level of purification, from the most restrictive to most * permissive: * - CODENDI_PURIFIER_CONVERT_HTML (default) * Transform HTML markups it in entities. * * - CODENDI_PURIFIER_STRIP_HTML * Removes all HTML markups. Note: as we relly on HTML Purifier to * perform this operation this option is not considered as secure as * CONVERT_HTML. If you are looking for the most secure option please * consider CONVERT_HTML. * * - CODENDI_PURIFIER_BASIC (need $groupId to be set for automagic links) * Removes all user submitted HTML markups but: * - transform typed URLs into clickable URLs. * - transform autmagic links. * - transform carrige return into HTML br markup. * * - CODENDI_PURIFIER_LIGHT * First set of HTML formatting (@see getLightConfig() for allowed * markups) plus all what is allowed by CODENDI_PURIFIER_BASIC. * * - CODENDI_PURIFIER_FULL * Clean-up plain HTML using HTML Purifier rules (remove forms, * javascript, ...). Warning: there is no longer codendi facilities * (neither automagic links nor carrige return to br transformation). * * - CODENDI_PURIFIER_DISABLED * No filter at all. */ function purify($html, $level = 0, $groupId = 0) { $clean = ''; switch ($level) { case CODENDI_PURIFIER_DISABLED: $clean = $html; break; case CODENDI_PURIFIER_LIGHT: if (empty($html)) { $clean = $html; break; } if ($groupId) { $referenceManager = $this->getReferenceManager(); $referenceManager->insertReferences($html, $groupId); } case CODENDI_PURIFIER_STRIP_HTML: case CODENDI_PURIFIER_FULL: require_once 'HTMLPurifier.auto.php'; $hp = HTMLPurifier::getInstance(); $config = $this->getHPConfig($level); $clean = $hp->purify($html, $config); // Quite big object, it's better to unset it (memory). unset($config); break; case CODENDI_PURIFIER_BASIC: $clean = nl2br($this->makeLinks(htmlentities($html, ENT_QUOTES, 'UTF-8'), $groupId)); break; case CODENDI_PURIFIER_BASIC_NOBR: $clean = $this->makeLinks(htmlentities($html, ENT_QUOTES, 'UTF-8'), $groupId); break; case CODENDI_PURIFIER_JS_QUOTE: $clean = preg_replace('/\\<\\/script\\>/umsi', "</'+'script>", addslashes(preg_replace('/\\\\n/ums', "\n", $html))); break; case CODENDI_PURIFIER_JS_DQUOTE: $clean = preg_replace('/\\<\\/script\\>/umsi', '</"+"script>', addslashes(preg_replace('/\\\\n/ums', ' ', $html))); break; case CODENDI_PURIFIER_CONVERT_HTML: default: $clean = htmlentities($html, ENT_QUOTES, 'UTF-8'); break; } return $clean; }
public function __construct() { $this->parsedown = new \Parsedown(); $this->purifier = \HTMLPurifier::getInstance(); }
/** * Perform HTML purification depending of level purification required and create links. */ function purify($html, $level = 0, $groupId = 0) { $clean = ''; switch ($level) { case CODENDI_PURIFIER_FORUMML: require_once $GLOBALS['htmlpurifier_dir'] . '/HTMLPurifier.auto.php'; $hp = HTMLPurifier::getInstance(); $config = $this->getHPConfig($level); $clean = util_make_links($hp->purify($html, $config), $groupId); break; default: $clean = parent::purify($html, $level, $groupId); } return $clean; }