/** * This function filters the HTML and attempts to clean up invalid markup. * * @param string $str HTML to check * @return string Filtered HTML * */ function COM_filterHTML($str, $permissions = 'story.edit') { global $_CONF, $_SYSTEM; if (isset($_CONF['skip_html_filter_for_root']) && $_CONF['skip_html_filter_for_root'] == 1 && SEC_inGroup('Root')) { return $str; } $default = explode(',', $_CONF['htmlfilter_default']); $comment = explode(',', $_CONF['htmlfilter_comment']); $story = explode(',', $_CONF['htmlfilter_story']); $root = explode(',', $_CONF['htmlfilter_root']); $configArray = is_array($default) ? $default : array(); switch ($permissions) { case 'story.edit': $configArray = array_merge($configArray, $story); break; } if (SEC_inGroup('Root')) { $configArray = array_merge($configArray, $root); } $filterArray = array_unique($configArray); $allowedElements = implode(',', $filterArray); $filter = new sanitizer(); $filter->setAllowedelements($allowedElements); $filter->setPostmode('html'); return $filter->filterHTML($str); }