plugins/phorum/htmlpurifier.php

Go to the documentation of this file.
00001 <?php
00002 
00023 // Note: Cache data is base64 encoded because Phorum insists on flinging
00024 // to the user and expecting it to come back unharmed, newlines and
00025 // all, which ain't happening. It's slower, it takes up more space, but
00026 // at least it won't get mutilated
00027 
00031 function phorum_htmlpurifier_format($data)
00032 {
00033     $PHORUM = $GLOBALS["PHORUM"];
00034     
00035     $purifier =& HTMLPurifier::getInstance();
00036     $cache_serial = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
00037     
00038     foreach($data as $message_id => $message){
00039         if(isset($message['body'])) {
00040             
00041             if ($message_id) {
00042                 // we're dealing with a real message, not a fake, so
00043                 // there a number of shortcuts that can be taken
00044                 
00045                 if (isset($message['meta']['htmlpurifier_light'])) {
00046                     // format hook was called outside of Phorum's normal
00047                     // functions, do the abridged purification
00048                     $data[$message_id]['body'] = $purifier->purify($message['body']);
00049                     continue;
00050                 }
00051                 
00052                 if (!empty($PHORUM['args']['purge'])) {
00053                     // purge the cache, must be below the following if
00054                     unset($message['meta']['body_cache']);
00055                 }
00056                 
00057                 if (
00058                     isset($message['meta']['body_cache']) &&
00059                     isset($message['meta']['body_cache_serial']) &&
00060                     $message['meta']['body_cache_serial'] == $cache_serial
00061                 ) {
00062                     // cached version is present, bail out early
00063                     $data[$message_id]['body'] = base64_decode($message['meta']['body_cache']);
00064                     continue;
00065                 }
00066             }
00067             
00068             // migration might edit this array, that's why it's defined
00069             // so early
00070             $updated_message = array();
00071             
00072             // create the $body variable
00073             if (
00074                 $message_id && // message must be real to migrate
00075                 !isset($message['meta']['body_cache_serial'])
00076             ) {
00077                 // perform migration
00078                 $fake_data = array();
00079                 list($signature, $edit_message) = phorum_htmlpurifier_remove_sig_and_editmessage($message);
00080                 $fake_data[$message_id] = $message;
00081                 $fake_data = phorum_htmlpurifier_migrate($fake_data);
00082                 $body = $fake_data[$message_id]['body'];
00083                 $body = str_replace("<phorum break>\n", "\n", $body);
00084                 $updated_message['body'] = $body; // save it in
00085                 $body .= $signature . $edit_message; // add it back in
00086             } else {
00087                 // reverse Phorum's pre-processing
00088                 $body = $message['body'];
00089                 // order is important
00090                 $body = str_replace("<phorum break>\n", "\n", $body);
00091                 $body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
00092                 if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
00093                     // we're in control.php, so it was double-escaped
00094                     $body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
00095                 }
00096             }
00097             
00098             $body = $purifier->purify($body);
00099             
00100             // dynamically update the cache (MUST BE DONE HERE!)
00101             // this is inefficient because it's one db call per
00102             // cache miss, but once the cache is in place things are
00103             // a lot zippier.
00104             
00105             if ($message_id) { // make sure it's not a fake id
00106                 $updated_message['meta'] = $message['meta'];
00107                 $updated_message['meta']['body_cache'] = base64_encode($body);
00108                 $updated_message['meta']['body_cache_serial'] = $cache_serial;
00109                 phorum_db_update_message($message_id, $updated_message);
00110             }
00111             
00112             // must not get overloaded until after we cache it, otherwise
00113             // we'll inadvertently change the original text
00114             $data[$message_id]['body'] = $body;
00115             
00116         }
00117     }
00118     
00119     return $data;
00120 }
00121 
00122 // -----------------------------------------------------------------------
00123 // This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
00124 // keep this code in-sync with Phorum
00125 
00129 function phorum_htmlpurifier_generate_sig($row) {
00130     $phorum_sig = '';
00131     if(isset($row["user"]["signature"])
00132        && isset($row['meta']['show_signature']) && $row['meta']['show_signature']==1){
00133            $phorum_sig=trim($row["user"]["signature"]);
00134            if(!empty($phorum_sig)){
00135                $phorum_sig="\n\n$phorum_sig";
00136            }
00137     }
00138     return $phorum_sig;
00139 }
00140 
00144 function phorum_htmlpurifier_generate_editmessage($row) {
00145     $PHORUM = $GLOBALS['PHORUM'];
00146     $editmessage = '';
00147     if(isset($row['meta']['edit_count']) && $row['meta']['edit_count'] > 0) {
00148         $editmessage = str_replace ("%count%", $row['meta']['edit_count'], $PHORUM["DATA"]["LANG"]["EditedMessage"]);
00149         $editmessage = str_replace ("%lastedit%", phorum_date($PHORUM["short_date_time"],$row['meta']['edit_date']),  $editmessage);
00150         $editmessage = str_replace ("%lastuser%", $row['meta']['edit_username'],  $editmessage);
00151         $editmessage = "\n\n\n\n$editmessage";
00152     }
00153     return $editmessage;
00154 }
00155 
00156 // End fragile code
00157 // -----------------------------------------------------------------------
00158 
00163 function phorum_htmlpurifier_remove_sig_and_editmessage(&$row) {
00164     $signature = phorum_htmlpurifier_generate_sig($row);
00165     $editmessage = phorum_htmlpurifier_generate_editmessage($row);
00166     $replacements = array();
00167     // we need to remove add <phorum break> as that is the form these
00168     // extra bits are in.
00169     if ($signature) $replacements[str_replace("\n", "<phorum break>\n", $signature)] = '';
00170     if ($editmessage) $replacements[str_replace("\n", "<phorum break>\n", $editmessage)] = '';
00171     $row['body'] = strtr($row['body'], $replacements);
00172     return array($signature, $editmessage);
00173 }
00174 
00181 function phorum_htmlpurifier_posting($message) {
00182     $PHORUM = $GLOBALS["PHORUM"];
00183     unset($message['meta']['body_cache']); // invalidate the cache
00184     $message['meta']['body_cache_serial'] = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
00185     return $message;
00186 }
00187 
00191 function phorum_htmlpurifier_quote($array) {
00192     $PHORUM = $GLOBALS["PHORUM"];
00193     $purifier =& HTMLPurifier::getInstance();
00194     $text = $purifier->purify($array[1]);
00195     $source = htmlspecialchars($array[0]);
00196     return "<blockquote cite=\"$source\">\n$text\n</blockquote>";
00197 }
00198 
00203 function phorum_htmlpurifier_common() {
00204     
00205     require_once(dirname(__FILE__).'/htmlpurifier/HTMLPurifier.auto.php');
00206     require(dirname(__FILE__).'/init-config.php');
00207     
00208     $config = phorum_htmlpurifier_get_config();
00209     HTMLPurifier::getInstance($config);
00210     
00211     // increment revision.txt if you want to invalidate the cache
00212     $GLOBALS['PHORUM']['mod_htmlpurifier']['body_cache_serial'] = $config->getSerial();
00213     
00214     // load migration
00215     if (file_exists(dirname(__FILE__) . '/migrate.php')) {
00216         include(dirname(__FILE__) . '/migrate.php');
00217     } else {
00218         echo '<strong>Error:</strong> No migration path specified for HTML Purifier, please check
00219         <tt>modes/htmlpurifier/migrate.bbcode.php</tt> for instructions on
00220         how to migrate from your previous markup language.';
00221         exit;
00222     }
00223     
00224     if (!function_exists('phorum_htmlpurifier_migrate')) {
00225         // Dummy function
00226         function phorum_htmlpurifier_migrate($data) {return $data;}
00227     }
00228     
00229 }
00230 
00235 function phorum_htmlpurifier_before_editor($message) {
00236     if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
00237         if (!empty($message['body'])) {
00238             $body = $message['body'];
00239             // de-entity-ize contents
00240             $body = str_replace(array('&lt;','&gt;','&amp;'), array('<','>','&'), $body);
00241             $purifier =& HTMLPurifier::getInstance();
00242             $body = $purifier->purify($body);
00243             // re-entity-ize contents
00244             $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
00245             $message['body'] = $body;
00246         }
00247     }
00248     return $message;
00249 }
00250 
00251 function phorum_htmlpurifier_editor_after_subject() {
00252     // don't show this message if it's a WYSIWYG editor, since it will
00253     // then be handled automatically
00254     if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
00255         $i = $GLOBALS['PHORUM']['DATA']['MODE'];
00256         if ($i == 'quote' || $i == 'edit' || $i == 'moderation') {
00257           ?>
00258           <div>
00259             <p>
00260               <strong>Notice:</strong> HTML has been scrubbed for your safety.
00261               If you would like to see the original, turn off WYSIWYG mode
00262               (consult your administrator for details.)
00263             </p>
00264           </div>
00265           <?php
00266         }
00267         return;
00268     }
00269     if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) return;
00270     ?><div class="htmlpurifier-help">
00271     <p>
00272         <strong>HTML input</strong> is enabled. Make sure you escape all HTML and
00273         angled brackets with <code>&amp;lt;</code> and <code>&amp;gt;</code>.
00274     </p><?php
00275             $purifier =& HTMLPurifier::getInstance();
00276             $config = $purifier->config;
00277             if ($config->get('AutoFormat', 'AutoParagraph')) {
00278                 ?><p>
00279                     <strong>Auto-paragraphing</strong> is enabled. Double
00280                     newlines will be converted to paragraphs; for single
00281                     newlines, use the <code>pre</code> tag.
00282                 </p><?php
00283             }
00284             $html_definition = $config->getDefinition('HTML');
00285             $allowed = array();
00286             foreach ($html_definition->info as $name => $x) $allowed[] = "<code>$name</code>";
00287             sort($allowed);
00288             $allowed_text = implode(', ', $allowed);
00289             ?><p><strong>Allowed tags:</strong> <?php
00290             echo $allowed_text;
00291             ?>.</p><?php
00292         ?>
00293     </p>
00294     <p>
00295         For inputting literal code such as HTML and PHP for display, use
00296         CDATA tags to auto-escape your angled brackets, and <code>pre</code>
00297         to preserve newlines:
00298     </p>
00299     <pre>&lt;pre&gt;&lt;![CDATA[
00300 <em>Place code here</em>
00301 ]]&gt;&lt;/pre&gt;</pre>
00302     <p>
00303         Power users, you can hide this notice with:
00304         <pre>.htmlpurifier-help {display:none;}</pre>
00305     </p>
00306     </div><?php
00307 }
00308
Generated on Thu Jun 19 18:47:27 2008 for HTMLPurifier by  doxygen 1.5.3