/**
* This function filters the HTML and attempts to clean up invalid markup.
*
* @param string $str HTML to check
* @return string Filtered HTML
*
*/
function COM_filterHTML($str, $permissions = 'story.edit')
{
global $_CONF, $_SYSTEM;
if (isset($_CONF['skip_html_filter_for_root']) && $_CONF['skip_html_filter_for_root'] == 1 && SEC_inGroup('Root')) {
return $str;
}
$default = explode(',', $_CONF['htmlfilter_default']);
$comment = explode(',', $_CONF['htmlfilter_comment']);
$story = explode(',', $_CONF['htmlfilter_story']);
$root = explode(',', $_CONF['htmlfilter_root']);
$configArray = is_array($default) ? $default : array();
switch ($permissions) {
case 'story.edit':
$configArray = array_merge($configArray, $story);
break;
}
if (SEC_inGroup('Root')) {
$configArray = array_merge($configArray, $root);
}
$filterArray = array_unique($configArray);
$allowedElements = implode(',', $filterArray);
$filter = new sanitizer();
$filter->setAllowedelements($allowedElements);
$filter->setPostmode('html');
return $filter->filterHTML($str);
}
