protected function _initAutoload()
{
require_once 'htmlpurifier/HTMLPurifier/Bootstrap.php';
HTMLPurifier_Bootstrap::registerAutoload();
$moduleLoader = new Zend_Application_Module_Autoloader(array('namespace' => 'App', 'basePath' => APPLICATION_PATH));
return $moduleLoader;
}
function __autoload($ClassName)
{
// echo $ClassName;
if (class_exists('HTMLPurifier_Bootstrap', FALSE) && HTMLPurifier_Bootstrap::autoload($ClassName)) {
return true;
}
if (!class_exists('Gdn_FileSystem', FALSE)) {
return false;
}
if (substr($ClassName, 0, 4) === 'Gdn_') {
$LibraryFileName = 'class.' . strtolower(substr($ClassName, 4)) . '.php';
} else {
$LibraryFileName = 'class.' . strtolower($ClassName) . '.php';
}
if (!is_null($ApplicationManager = Gdn::Factory('ApplicationManager'))) {
$ApplicationWhiteList = Gdn::Factory('ApplicationManager')->EnabledApplicationFolders();
} else {
$ApplicationWhiteList = NULL;
}
$LibraryPath = FALSE;
// If this is a model, look in the models folder(s)
if (strtolower(substr($ClassName, -5)) == 'model') {
$LibraryPath = Gdn_FileSystem::FindByMapping('library_mappings.php', 'Library', PATH_APPLICATIONS, $ApplicationWhiteList, 'models' . DS . $LibraryFileName);
}
if ($LibraryPath === FALSE) {
$LibraryPath = Gdn_FileSystem::FindByMapping('library_mappings.php', 'Library', PATH_LIBRARY, array('core', 'database', 'vendors' . DS . 'phpmailer', 'vendors' . DS . 'htmlpurifier'), $LibraryFileName);
}
// If it still hasn't been found, check for modules
if ($LibraryPath === FALSE) {
$LibraryPath = Gdn_FileSystem::FindByMapping('library_mappings.php', 'Library', PATH_APPLICATIONS, $ApplicationWhiteList, 'modules' . DS . $LibraryFileName);
}
if ($LibraryPath !== FALSE) {
include_once $LibraryPath;
}
}
public function _initFilter()
{
HTMLPurifier_Bootstrap::registerAutoload();
$config = HTMLPurifier_Config::createDefault();
$config->set('Attr.EnableID', true);
$config->set('HTML.Strict', true);
Zend_Registry::set('purifier', new HTMLPurifier($config));
}
public function init()
{
HTMLPurifier_Bootstrap::registerAutoload();
$config = HTMLPurifier_Config::createDefault();
foreach ($this->getOptions() as $k => $item) {
$config->set(str_replace('_', '.', $k), $item);
}
Zend_Registry::set('HTMLPurifier', new HTMLPurifier($config));
}
public function __construct($options = null)
{
HTMLPurifier_Bootstrap::registerAutoLoad();
$config = HTMLPurifier_Config::createDefault();
$config->set('Attr.EnableID', true);
$config->set('Attr.IDPrefix', 'MyPrefix_');
$config->set('Cache.SerializerPath', APPLICATION_PATH . '/../cache');
$this->_purifier = new HTMLPurifier($config);
}
/**
* Autoload function for HTML Purifier
* @param $class Class to load
*/
public static function autoload($class)
{
$file = HTMLPurifier_Bootstrap::getPath($class);
if (!$file) {
return false;
}
require_once HTMLPURIFIER_PREFIX . '/' . $file;
return true;
}
public function __construct($options = null)
{
HTMLPurifier_Bootstrap::registerAutoload();
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Strict', true);
$config->set('Attr.EnableID', true);
$config->set('Attr.IDPrefix', 'MyPrefix_');
$this->purifier = new HTMLPurifier($config);
}
function __autoload($class)
{
if (!function_exists('spl_autoload_register')) {
if (HTMLPurifier_Bootstrap::autoload($class)) {
return true;
}
if (HTMLPurifierExtras::autoload($class)) {
return true;
}
}
require str_replace('_', '/', $class) . '.php';
return true;
}
public function __construct($options = null)
{
// lista de chaves para $config->set($key, $value)
HTMLPurifier_Bootstrap::registerAutoload();
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Strict', true);
$config->set('Attr.EnableID', true);
$config->set('HTML.TargetBlank', true);
// vídeos do youtube e object's do HTML
$config->set('HTML.SafeObject', true);
$config->set('Output.FlashCompat', true);
$this->purifier = new HTMLPurifier($config);
}
/**
* Autoload function for HTML Purifier
* @param string $class Class to load
* @return bool
*/
public static function autoload($class)
{
$file = HTMLPurifier_Bootstrap::getPath($class);
if (!$file) {
return false;
}
// Technically speaking, it should be ok and more efficient to
// just do 'require', but Antonio Parraga reports that with
// Zend extensions such as Zend debugger and APC, this invariant
// may be broken. Since we have efficient alternatives, pay
// the cost here and avoid the bug.
require_once HTMLPURIFIER_PREFIX . '/' . $file;
return true;
}
public function __construct($options = array())
{
if (self::$purifier !== null) {
return;
}
\HTMLPurifier_Bootstrap::registerAutoload();
$config = \HTMLPurifier_Config::createDefault();
foreach ($options as $key => $val) {
if ($val === '1' || $val === '') {
$val = (bool) $val;
}
$config->set(str_replace('_', '.', $key), $val);
}
self::$purifier = new \BasePurifier($config);
}
/**
* Returns the singleton HTMLPurifier or a mock object
*
* @return HTMLPurifier|Piwik_HTMLPurifier
*/
public static function getInstance()
{
if (self::$instance == null) {
if (file_exists(PIWIK_INCLUDE_PATH . '/libs/HTMLPurifier.php')) {
if (!class_exists('HTMLPurifier_Bootstrap', false)) {
HTMLPurifier_Bootstrap::registerAutoload();
}
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache.SerializerPath', PIWIK_USER_PATH . '/tmp/purifier');
self::$instance = new HTMLPurifier($config);
} else {
$c = __CLASS__;
self::$instance = new $c();
}
}
return self::$instance;
}
/**
* Returns a lookup array of dependencies for a file.
*
* @note This function expects that format $name extends $parent on one line
*
* @param $file
* File to check dependencies of.
* @return
* Lookup array of files the file is dependent on, sorted accordingly.
*/
function get_dependency_lookup($file)
{
static $cache = array();
if (isset($cache[$file])) {
return $cache[$file];
}
if (!file_exists($file)) {
echo "File doesn't exist: {$file}\n";
return array();
}
$fh = fopen($file, 'r');
$deps = array();
while (!feof($fh)) {
$line = fgets($fh);
if (strncmp('class', $line, 5) === 0) {
// The implementation here is fragile and will break if we attempt
// to use interfaces. Beware!
list(, $parent) = explode(' extends ', trim($line, ' {' . "\n\r"), 2);
if (empty($parent)) {
break;
}
$dep_file = HTMLPurifier_Bootstrap::getPath($parent);
if (!$dep_file) {
break;
}
$deps[$dep_file] = true;
break;
}
}
fclose($fh);
foreach (array_keys($deps) as $file) {
// Extra dependencies must come *before* base dependencies
$deps = get_dependency_lookup($file) + $deps;
}
$cache[$file] = $deps;
return $deps;
}
<?php
/**
* CMarkdownParser class file.
*
* @author Qiang Xue <*****@*****.**>
* @link http://www.yiiframework.com/
* @copyright Copyright © 2008-2011 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
require_once(Yii::getPathOfAlias('system.vendors.markdown.markdown').'.php');
if(!class_exists('HTMLPurifier_Bootstrap',false))
{
require_once(Yii::getPathOfAlias('system.vendors.htmlpurifier').DIRECTORY_SEPARATOR.'HTMLPurifier.standalone.php');
HTMLPurifier_Bootstrap::registerAutoload();
}
/**
* CMarkdownParser is a wrapper of {@link http://michelf.com/projects/php-markdown/extra/ MarkdownExtra_Parser}.
*
* CMarkdownParser extends MarkdownExtra_Parser by using Text_Highlighter
* to highlight code blocks with specific language syntax.
* In particular, if a code block starts with the following:
* <pre>
* [language]
* </pre>
* The syntax for the specified language will be used to highlight
* code block. The languages supported include (case-insensitive):
* ABAP, CPP, CSS, DIFF, DTD, HTML, JAVA, JAVASCRIPT,
* MYSQL, PERL, PHP, PYTHON, RUBY, SQL, XML
*
function clear_xss($val)
{
if ($GLOBALS['logged']['admin']) {
return $val;
}
// HTML Purifier plugin
global $oHtmlPurifier;
require_once BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
if (!isset($oHtmlPurifier)) {
HTMLPurifier_Bootstrap::registerAutoload();
$oConfig = HTMLPurifier_Config::createDefault();
$oConfig->set('Cache.SerializerPath', rtrim(BX_DIRECTORY_PATH_CACHE, '/'));
$oConfig->set('Cache.SerializerPermissions', 0777);
$oConfig->set('HTML.SafeObject', 'true');
$oConfig->set('Output.FlashCompat', 'true');
$oConfig->set('HTML.FlashAllowFullScreen', 'true');
if (getParam('sys_antispam_add_nofollow')) {
$sHost = parse_url(BX_DOL_URL_ROOT, PHP_URL_HOST);
$oConfig->set('URI.Host', $sHost);
$oConfig->set('HTML.Nofollow', 'true');
}
if ($sSafeIframeRegexp = getParam('sys_safe_iframe_regexp')) {
$oConfig->set('HTML.SafeIframe', 'true');
$oConfig->set('URI.SafeIframeRegexp', $sSafeIframeRegexp);
}
$oConfig->set('Filter.Custom', array(new HTMLPurifier_Filter_LocalMovie(), new HTMLPurifier_Filter_YouTube(), new HTMLPurifier_Filter_YoutubeIframe(), new HTMLPurifier_Filter_AddBxLinksClass()));
$oDef = $oConfig->getHTMLDefinition(true);
$oDef->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
$oHtmlPurifier = new HTMLPurifier($oConfig);
}
return $oHtmlPurifier->purify($val);
}
function CargarDatos($id_publicacion, $id_usuario)
{
// HTML purifier
require_once "PHP/HTMLPurifier.standalone.php";
$config = HTMLPurifier_Config::createDefault();
$config->set('HTML.Doctype', 'XHTML 1.0 Strict');
$config->set('Filter.YouTube', true);
$purifier = new HTMLPurifier($config);
HTMLPurifier_Bootstrap::autoload('HTMLPurifier_Filter_YouTube');
$id_publicacion = db_codex($id_publicacion);
$id_usuario = db_codex($id_usuario);
if (_F_usuario_cache('nivel') != _N_administrador) {
$datos["tipo"] = _A_temporal;
$datos["fecha_ini"] = mysql_datetime();
$datos["fecha_fin"] = mysql_datetime();
}
$datos["id_categoria"] = _F_form_cache("id_categoria");
// $datos["id_usuario"] = $id_usuario; // No usar.
$datos["precio"] = _F_form_cache("precio");
$datos["titulo"] = _F_form_cache("titulo");
$datos["descripcion_corta"] = strip_html_tags(_F_form_cache("descripcion_corta"));
$datos["descripcion"] = $purifier->purify(_F_form_cache("descripcion"));
$ret = db_actualizar_datos("ventas_publicaciones", $datos, "id_publicacion='{$id_publicacion}'");
unset($datos);
// Tags
// Procesamos los nuevos tags (eliminamos los espacios, las comas finales y hacemos array)
// Nota: no evaluamos las comas finales con posibles espacios porque se eliminan con la primera pasada
$tags = explode(",", preg_replace(array('/ */', '/^,/', '/,$/'), '$1', @$_POST['tags']), 5);
// Eliminamos posible exploit en los tags
$tags = db_codex($tags);
// Insertamos los nuevos tags
$val_tags = implode("'),('", $tags);
db_consultar("INSERT IGNORE INTO ventas_tag (tag) VALUES('{$val_tags}')");
// Ponemos los tags en referencia a la publicación actual
// +Eliminados los tags de esta publicación primero+++++++++++++++++++++++++
$val_tags = implode("','", $tags);
$c = "DELETE FROM ventas_tag_uso WHERE id_publicacion='{$id_publicacion}'";
$r = db_consultar($c);
// +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
db_consultar("INSERT INTO ventas_tag_uso (id_tag,id_publicacion) SELECT id, {$id_publicacion} FROM ventas_tag WHERE tag IN ('{$val_tags}')");
// Hay que eliminar los flags antes que nada.
$c = "DELETE FROM ventas_flags_pub WHERE id_publicacion='{$id_publicacion}'";
$r = db_consultar($c);
$datos['id'] = NULL;
$datos['id_publicacion'] = $id_publicacion;
foreach (array("venta", "pago", "entrega") as $campo) {
if (isset($_POST[$campo]) && is_array($_POST[$campo])) {
foreach ($_POST[$campo] as $llave => $valor) {
$datos['id_flag'] = $valor;
$datos['tipo'] = $campo;
db_agregar_datos("ventas_flags_pub", $datos);
}
}
}
}
/**
* Automatically loads classes in PHP5 way, using SPL.
* @param string $class The class name, no namespaces are supported.
* @return bool TRUE if a class have been found and loaded, FALSE otherwise.
* @author Ivan Tcholakov, 2013
* @license The MIT License
*/
function _common_autoloader($class)
{
static $locations = null;
if (!isset($locations)) {
$locations = array();
$autoload = null;
_autoload_classes_read_config($autoload, APPPATH . 'config/autoload_classes.php');
_autoload_classes_read_config($autoload, APPPATH . 'config/' . ENVIRONMENT . '/autoload_classes.php');
if (isset($autoload) && is_array($autoload) && isset($autoload['classes']) && is_array($autoload['classes'])) {
$locations = $autoload['classes'];
}
}
$class = (string) $class;
// No class name? Abort.
if ($class == '') {
return false;
}
// Scanning for classes in specific directories (see the array above).
if (isset($locations[$class])) {
require $locations[$class];
return true;
}
// Autoload CodeIgniter classes.
if (strpos($class, 'CI_') === 0) {
if (is_file($location = BASEPATH . 'core/' . substr($class, 3) . '.php')) {
require $location;
return true;
}
if (is_file($location = BASEPATH . 'libraries/' . substr($class, 3) . '.php')) {
require $location;
return true;
}
if (is_file($location = BASEPATH . 'libraries/' . substr($class, 3) . '/' . substr($class, 3) . '.php')) {
require $location;
return true;
}
}
// Autoload core classes.
if (is_file($location = APPPATH . "core/{$class}.php")) {
require $location;
return true;
}
// Autoload Modular Extensions MX core classes.
if (strpos($class, 'MX_') === 0 && is_file($location = APPPATH . 'third_party/MX/' . substr($class, 3) . '.php')) {
require $location;
return true;
}
// Autoload library classes.
if (is_file($location = APPPATH . "libraries/{$class}.php")) {
require $location;
return true;
}
// Autoload models (that are extended by other models).
if (is_file($location = APPPATH . "models/{$class}.php")) {
require $location;
return true;
}
// Autoload custom classes, non-standard way.
if (is_file($location = APPPATH . "classes/{$class}.php")) {
require $location;
return true;
}
// PSR-0 autoloading.
if (is_file($location = APPPATH . 'classes/' . str_replace('_', DIRECTORY_SEPARATOR, $class) . '.php')) {
require $location;
return true;
}
// Autoload HTMLPurifier classes.
if (HTMLPurifier_Bootstrap::autoload($class)) {
return true;
}
// Autoload PEAR packages that are integrated in this platform.
if (is_file($location = APPPATH . 'third_party/pear/' . str_replace('_', DIRECTORY_SEPARATOR, $class) . '.php')) {
require $location;
return true;
}
return false;
}
function clear_xss($val)
{
if ($GLOBALS['logged']['admin']) {
return $val;
}
// HTML Purifier plugin
global $oHtmlPurifier;
require_once BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
if (!isset($oHtmlPurifier)) {
HTMLPurifier_Bootstrap::registerAutoload();
$oConfig = HTMLPurifier_Config::createDefault();
$oConfig->set('HTML.SafeObject', 'true');
$oConfig->set('Output.FlashCompat', 'true');
$oConfig->set('HTML.FlashAllowFullScreen', 'true');
$oConfig->set('Filter.Custom', array(new HTMLPurifier_Filter_LocalMovie()));
$oConfig->set('Filter.Custom', array(new HTMLPurifier_Filter_YouTube()));
$oConfig->set('Filter.Custom', array(new HTMLPurifier_Filter_YoutubeIframe()));
$oDef = $oConfig->getHTMLDefinition(true);
$oDef->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
$oHtmlPurifier = new HTMLPurifier($oConfig);
}
return $oHtmlPurifier->purify($val);
}
function clear_xss($val)
{
// HTML Purifier plugin
global $oHtmlPurifier;
if (!isset($oHtmlPurifier) && !$GLOBALS['logged']['admin']) {
require_once BX_DIRECTORY_PATH_PLUGINS . 'htmlpurifier/HTMLPurifier.standalone.php';
HTMLPurifier_Bootstrap::registerAutoload();
$oConfig = HTMLPurifier_Config::createDefault();
$oConfig->set('Cache.SerializerPath', rtrim(BX_DIRECTORY_PATH_CACHE, '/'));
$oConfig->set('Cache.SerializerPermissions', 0777);
$oConfig->set('HTML.SafeObject', 'true');
$oConfig->set('Output.FlashCompat', 'true');
$oConfig->set('HTML.FlashAllowFullScreen', 'true');
if (getParam('sys_antispam_add_nofollow')) {
$sHost = parse_url(BX_DOL_URL_ROOT, PHP_URL_HOST);
$oConfig->set('URI.Host', $sHost);
$oConfig->set('HTML.Nofollow', 'true');
}
if ($sSafeIframeRegexp = getParam('sys_safe_iframe_regexp')) {
$oConfig->set('HTML.SafeIframe', 'true');
$oConfig->set('URI.SafeIframeRegexp', $sSafeIframeRegexp);
}
$oConfig->set('Filter.Custom', array(new HTMLPurifier_Filter_LocalMovie(), new HTMLPurifier_Filter_YouTube(), new HTMLPurifier_Filter_YoutubeIframe(), new HTMLPurifier_Filter_AddBxLinksClass()));
$oConfig->set('HTML.DefinitionID', 'html5-definitions');
$oConfig->set('HTML.DefinitionRev', 1);
if ($def = $oConfig->maybeGetRawHTMLDefinition()) {
$def->addElement('section', 'Block', 'Flow', 'Common');
$def->addElement('nav', 'Block', 'Flow', 'Common');
$def->addElement('article', 'Block', 'Flow', 'Common');
$def->addElement('aside', 'Block', 'Flow', 'Common');
$def->addElement('header', 'Block', 'Flow', 'Common');
$def->addElement('footer', 'Block', 'Flow', 'Common');
$def->addElement('video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', array('src' => 'URI', 'type' => 'Text', 'width' => 'Length', 'height' => 'Length', 'poster' => 'URI', 'preload' => 'Enum#auto,metadata,none', 'controls' => 'Bool'));
$def->addElement('source', 'Block', 'Flow', 'Common', array('src' => 'URI', 'type' => 'Text'));
}
$oHtmlPurifier = new HTMLPurifier($oConfig);
}
if (!$GLOBALS['logged']['admin']) {
$val = $oHtmlPurifier->purify($val);
}
$oZ = new BxDolAlerts('system', 'clear_xss', 0, 0, array('oHtmlPurifier' => $oHtmlPurifier, 'return_data' => &$val));
$oZ->alert();
return $val;
}
/**
* Autoload-Method
*
* @param string $class name of the class
*/
public function autoload($class)
{
HTMLPurifier_Bootstrap::autoload($class);
}
function __autoload($class)
{
return HTMLPurifier_Bootstrap::autoload($class);
}
/**
* Load a class
* @param string $class Class name
* @return boolean Success?
*/
public static function autoload($class)
{
// work around for PHP 5.3.0 - 5.3.2 https://bugs.php.net/50731
$class = ltrim($class, '\\');
$uclass = ucfirst($class);
if (!empty(self::$noAutoLoad[$class])) {
return false;
}
// try known classes
if (isset(self::$classMap[$uclass])) {
if (self::$classMap[$uclass]) {
// No need for a file_exists, if it is in the map we have found it before
require_once self::$classMap[$uclass];
return true;
}
return false;
}
// try namespaces
if (false !== strpos($class, '\\')) {
if ($file = self::getFilenameForFQCN($class)) {
if (self::load($file)) {
self::$classMap[$class] = $file;
self::$classMapDirty = true;
return true;
}
}
self::$classMap[$class] = false;
self::$classMapDirty = true;
return false;
}
if (empty(self::$moduleMap)) {
if (isset($GLOBALS['beanFiles'])) {
self::$moduleMap = $GLOBALS['beanFiles'];
} else {
include 'include/modules.php';
self::$moduleMap = $beanFiles;
}
}
// Try known modules
if (!empty(self::$moduleMap[$class])) {
require_once self::$moduleMap[$class];
return true;
}
if (strncmp('HTMLPurifier', $class, 12) == 0) {
return HTMLPurifier_Bootstrap::autoload($class);
}
// Split on _, capitalize elements and make a path
// foo_bar -> Foo/Bar.
$class_file = join('/', array_map('ucfirst', explode('_', $class)));
// Try known prefixes
foreach (self::$prefixMap as $prefix => $dir) {
if (strncasecmp($prefix, $class, strlen($prefix)) === 0) {
if ($file = self::requireWithCustom("{$dir}{$class_file}.php")) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
} else {
break;
}
}
}
// Special cases
// Special case because lookup goes to $_REQUEST['module']
if ($file = self::getFilenameForViewClass($class)) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
}
// Special case because widget name can be lowercased
if ($file = self::getFilenameForSugarWidget($class)) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
}
// Special case because it checks by ending in Layout
if ($file = self::getFilenameForLayoutClass($class)) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
}
if ($file = self::getFilenameForExpressionClass($class)) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
}
// Try known dirs
foreach (self::$dirMap as $dir) {
// include/Class.php
if ($file = self::requireWithCustom("{$dir}{$class_file}.php")) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
}
// include/Class/Class.php
// Note here we don't use $class_file since using path twice would not make sense:
// Foo/Bar/Foo/Bar.php vs. Foo_Bar/Foo_Bar.php
if ($file = self::requireWithCustom("{$dir}{$class}/{$class}.php")) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
}
// try include/Foo_Bar.php as a last resort
if ($file = self::requireWithCustom("{$dir}{$class}.php")) {
self::$classMap[$uclass] = $file;
self::$classMapDirty = true;
return true;
}
}
self::$classMap[$uclass] = false;
self::$classMapDirty = true;
return false;
}
