Welcome! » Log In » Create A New Profile

A NEWBIE QUESTION -

Posted by Jauhar 
Jauhar
A NEWBIE QUESTION -
August 24, 2013 08:06AM
PHP Fatal error:  Class 'HTMLPurifier_Bootstrap' not found in..

I just uploaded html purifier in my site.

Jauhar
Re: A NEWBIE QUESTION -
August 24, 2013 08:08AM

Can I install everything by ftp?

Re: A NEWBIE QUESTION -
August 24, 2013 02:02PM

Yes; though I can't help you debug without more information.

Re: A NEWBIE QUESTION -
August 24, 2013 11:34PM

On my error_log I see this [24-Aug-2013 11:56:30 Asia/Singapore] PHP Fatal error: Class 'HTMLPurifier_Bootstrap' not found in /home/montar/public_html/forum/html/clean/library/HTMLPurifier.autoload.php on line 11 [24-Aug-2013 11:58:04 Asia/Singapore] PHP Fatal error: Class 'HTMLPurifier_Bootstrap' not found in /home/montar/public_html/forum/html/clean/library/HTMLPurifier.autoload.php on line 11 [24-Aug-2013 18:14:20 Asia/Singapore] PHP Fatal error: Class 'HTMLPurifier_Bootstrap' not found in /home/montar/public_html/forum/html/clean/library/HTMLPurifier.autoload.php on line 11 [24-Aug-2013 18:31:27 Asia/Singapore] PHP Fatal error: Class 'HTMLPurifier_Bootstrap' not found in /home/montar/public_html/forum/html/clean/library/HTMLPurifier.autoload.php on line 11 [24-Aug-2013 18:45:42 Asia/Singapore] PHP Fatal error: Class 'HTMLPurifier_Bootstrap' not found in /home/montar/public_html/forum/html/clean/library/HTMLPurifier.autoload.php on line 11 I do created a new page in forum folder and put this.

<?php
require_once &#039;/html/clean/library/HTMLPurifier.auto.php&#039;;

$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($Text);
$Text = "<script>alert(String.fromCharCode(88, 83, 83))</script>";
print_r(clean_html);

?>

But the page coming blank if I put

<?php
require_once &#039;/html/clean/library/HTMLPurifier.auto.php&#039;;

$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($Text);
$Text = "<script>alert(String.fromCharCode(88, 83, 83))</script>";
print_r($Text);

?>

it showing XSS.

Re: A NEWBIE QUESTION -
August 25, 2013 12:10AM

If the second snippet is showing up XSS, then it sounds like HTML Purifier is configured properly. Try putting some non-XSS code in the first sample.

Re: A NEWBIE QUESTION -
August 25, 2013 04:17AM

Yeah its working fine, thanks for this great library.Between I don't need any html input in my script(only bbcode), is there anyway to clear any html within the function or will strip_tags clear it? But strip_tags remove < and > and also every html codes.I don't want it get removed but I like to be non functional.

Re: A NEWBIE QUESTION -
August 25, 2013 12:35PM

Oh, then you shouldn't use HTML Purifier and just use something like htmlspecialchars

Re: A NEWBIE QUESTION -
August 25, 2013 12:59PM

What about htmlentities?

1.htmlentities($strings, ENT_QUOTES)
2.htmlspecialchars($strings, ENT_QUOTES)
Which will be best to protect from xss?
Re: A NEWBIE QUESTION -
August 25, 2013 01:02PM

Do htmlspecialchars, assuming your site has encoding setup properly.

Re: A NEWBIE QUESTION -
August 25, 2013 01:03PM

Also to know about htmlpurifier where I want to use $purifier->purify($string);

1.while using $string to submit user input data to db or 2.while displaying $string to user by fetching it from db.

Re: A NEWBIE QUESTION -
August 25, 2013 01:06PM

The benefits and downsides of each are described here: http://htmlpurifier.org/docs/enduser-slow.html

Re: A NEWBIE QUESTION -
August 25, 2013 01:22PM

Yeah good description.But two things I have found there like

<?php    /**     * FORM SUBMISSION PAGE     * display_error($message) : displays nice error page with message     * display_success() : displays a nice success page     * display_form() : displays the HTML submission form     * database_insert($html) : inserts data into database as new row     */    if (!empty($_POST)) {
        require_once &#039;/path/to/library/HTMLPurifier.auto.php&#039;;        require_once &#039;HTMLPurifier.func.php&#039;;        $dirty_html = isset($_POST[&#039;html&#039;]) ?$_POST[&#039;html&#039;] : false;        if (!$dirty_html) {
            display_error(&#039;You must write some HTML!&#039;);        }        $html = HTMLPurifier($dirty_html);        database_insert($html);        display_success();        // notice that $dirty_html is*not* saved    } else {
        display_form();    }?>

I use like $html = $purifier->purify($dirty_html); but can I use $html = HTMLPurifier($dirty_html); and other thing require_once 'HTMLPurifier.func.php'; This is not included in my page? Is that required?

Thanks to htmlpurifier

Re: A NEWBIE QUESTION -
August 25, 2013 01:27PM

I have no idea what your question is.

Re: A NEWBIE QUESTION -
August 25, 2013 01:36PM

1.I mean can I use

$html = HTMLPurifier($dirty_html);

instead of using like

$html = $purifier->purify($dirty_html);

2.The code showing in inbound filtering includes an extra

require_once &#039;HTMLPurifier.func.php&#039;;       

Do I need to add

require_once &#039;HTMLPurifier.func.php&#039;;       

to my page too?

Thanks to htmlpurifier

Re: A NEWBIE QUESTION -
August 25, 2013 01:42PM

1. Yes

2. Yes, if you use the function.

Sorry, you do not have permission to post/reply in this forum.