Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-26 20:30:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update HTMLPurifier to v4.7.0

Browse source
This commit is contained in:
Fabrixxm 2016-02-09 11:06:17 +01:00
parent 3c97a6703c
commit c28109ca94
465 changed files with 22433 additions and 10865 deletions
Download patch file Download diff file Expand all files Collapse all files

2
library/ezyang/htmlpurifier/plugins/phorum/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
migrate.php
htmlpurifier/*

27
library/ezyang/htmlpurifier/plugins/phorum/Changelog Normal file
View file

@ -0,0 +1,27 @@
Changelog HTMLPurifier : Phorum Mod
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
= KEY ====================
# Breaks back-compat
! Feature
- Bugfix
+ Sub-comment
. Internal change
==========================
Version 4.0.0 for Phorum 5.2, released July 9, 2009
# Works only with HTML Purifier 4.0.0
! Better installation documentation
- Fixed double encoded quotes
- Fixed fatal error when migrate.php is blank
Version 3.0.0 for Phorum 5.2, released January 12, 2008
# WYSIWYG and suppress_message options are now configurable via web
interface.
- Module now compatible with Phorum 5.2, primary bugs were in migration
code as well as signature and edit message handling. This module is NOT
compatible with Phorum 5.1.
- Buggy WYSIWYG mode refined
. AutoFormatParam added to list of default configuration namespaces
vim: et sw=4 sts=4

84
library/ezyang/htmlpurifier/plugins/phorum/INSTALL Normal file
View file

@ -0,0 +1,84 @@
Install
How to install the Phorum HTML Purifier plugin
0. PREREQUISITES
----------------
This Phorum module only works on PHP5 and with HTML Purifier 4.0.0
or later.
1. UNZIP
--------
Unzip phorum-htmlpurifier-x.y.z, producing an htmlpurifier folder.
You've already done this step if you're reading this!
2. MOVE
-------
Move the htmlpurifier folder to the mods/ folder of your Phorum
installation, so the directory structure looks like:
phorum/
mods/
htmlpurifier/
INSTALL - this install file
info.txt, ... - the module files
htmlpurifier/
3. INSTALL HTML PURIFIER
------------------------
Download and unzip HTML Purifier <htmlpurifier.org>. Place the contents of
the library/ folder in the htmlpurifier/htmlpurifier folder. Your directory
structure will look like:
phorum/
mods/
htmlpurifier/
htmlpurifier/
HTMLPurifier.auto.php
... - other files
HTMLPurifier/
Advanced users:
If you have HTML Purifier installed elsewhere on your server,
all you need is an HTMLPurifier.auto.php file in the library folder which
includes the HTMLPurifier.auto.php file in your install.
4. MIGRATE
----------
If you're setting up a new Phorum installation, all you need to do is create
a blank migrate.php file in the htmlpurifier module folder (NOT the library
folder.
If you have an old Phorum installation and was using BBCode,
copy migrate.bbcode.php to migrate.php. If you were using a different input
format, follow the instructions in migrate.bbcode.php to create your own custom
migrate.php file.
Your directory structure should now look like this:
phorum/
mods/
htmlpurifier/
migrate.php
5. ENABLE
---------
Navigate to your Phorum admin panel at http://example.com/phorum/admin.php,
click on Global Settings > Modules, scroll to "HTML Purifier Phorum Mod" and
turn it On.
6. MIGRATE SIGNATURES
---------------------
If you're setting up a new Phorum installation, skip this step.
If you allowed your users to make signatures, navigate to the module settings
page of HTML Purifier (Global Settings > Modules > HTML Purifier Phorum Mod >
Configure), type in "yes" in the "Confirm" box, and press "Migrate."
ONLY DO THIS ONCE! BE SURE TO BACK UP YOUR DATABASE!
7. CONFIGURE
------------
Configure using Edit settings. See that page for more information.
vim: et sw=4 sts=4

45
library/ezyang/htmlpurifier/plugins/phorum/README Normal file
View file

@ -0,0 +1,45 @@
HTML Purifier Phorum Mod - Filter your HTML the Standards-Compliant Way!
This Phorum mod enables HTML posting on Phorum. Under normal circumstances,
this would cause a huge security risk, but because we are running
HTML through HTML Purifier, output is guaranteed to be XSS free and
standards-compliant.
This mod requires HTML input, and previous markup languages need to be
converted accordingly. Thus, it is vital that you create a 'migrate.php'
file that works with your installation. If you're using the built-in
BBCode formatting, simply move migrate.bbcode.php to that place; for
other markup languages, consult said file for instructions on how
to adapt it to your needs.
-- NOTE -------------------------------------------------
You can also run this module in parallel with another
formatting module; this module attempts to place itself
at the end of the filtering chain. However, if any
previous modules produce insecure HTML (for instance,
a JavaScript email obfuscator) they will get cleaned.
This module will not work if 'migrate.php' is not created, and an improperly
made migration file may *CORRUPT* Phorum, so please take your time to
do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
before attempting anything here. If no migration is necessary, you can
simply create a blank migrate.php file. HTML Purifier is smart and will
not re-migrate already processed messages. However, the original code
is irretrievably lost (we may change this in the future.)
This module will not automatically migrate user signatures, because this
process may take a long time. After installing the HTML Purifier module and
then configuring 'migrate.php', navigate to Settings and click 'Migrate
Signatures' to migrate all user signatures to HTML.
All of HTML Purifier's usual functions are configurable via the mod settings
page. If you require custom configuration, create config.php file in
the mod directory that edits a $config variable. Be sure, also, to
set $PHORUM['mod_htmlpurifier']['wysiwyg'] to TRUE if you are using a
WYSIWYG editor (you can do this through a common hook or the web
configuration form).
Visit HTML Purifier at <http://htmlpurifier.org/>.
vim: et sw=4 sts=4

57
library/ezyang/htmlpurifier/plugins/phorum/config.default.php Normal file
View file

@ -0,0 +1,57 @@
<?php
if(!defined("PHORUM")) exit;
// default HTML Purifier configuration settings
$config->set('HTML.Allowed',
// alphabetically sorted
'a[href|title]
abbr[title]
acronym[title]
b
blockquote[cite]
br
caption
cite
code
dd
del
dfn
div
dl
dt
em
i
img[src|alt|title|class]
ins
kbd
li
ol
p
pre
s
strike
strong
sub
sup
table
tbody
td
tfoot
th
thead
tr
tt
u
ul
var');
$config->set('AutoFormat.AutoParagraph', true);
$config->set('AutoFormat.Linkify', true);
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
$config->set('Core.AggressivelyFixLt', true);
$config->set('Core.Encoding', $GLOBALS['PHORUM']['DATA']['CHARSET']); // we'll change this eventually
if (strtolower($GLOBALS['PHORUM']['DATA']['CHARSET']) !== 'utf-8') {
$config->set('Core.EscapeNonASCIICharacters', true);
}
// vim: et sw=4 sts=4

316
library/ezyang/htmlpurifier/plugins/phorum/htmlpurifier.php Normal file
View file

@ -0,0 +1,316 @@
<?php
/**
* HTML Purifier Phorum Mod. Filter your HTML the Standards-Compliant Way!
*
* This Phorum mod enables users to post raw HTML into Phorum. But never
* fear: with the help of HTML Purifier, this HTML will be beat into
* de-XSSed and standards-compliant form, safe for general consumption.
* It is not recommended, but possible to run this mod in parallel
* with other formatters (in short, please DISABLE the BBcode mod).
*
* For help migrating from your previous markup language to pure HTML
* please check the migrate.bbcode.php file.
*
* If you'd like to use this with a WYSIWYG editor, make sure that
* editor sets $PHORUM['mod_htmlpurifier']['wysiwyg'] to true. Otherwise,
* administrators who need to edit other people's comments may be at
* risk for some nasty attacks.
*
* Tested with Phorum 5.2.11.
*/
// Note: Cache data is base64 encoded because Phorum insists on flinging
// to the user and expecting it to come back unharmed, newlines and
// all, which ain't happening. It's slower, it takes up more space, but
// at least it won't get mutilated
/**
* Purifies a data array
*/
function phorum_htmlpurifier_format($data)
{
$PHORUM = $GLOBALS["PHORUM"];
$purifier =& HTMLPurifier::getInstance();
$cache_serial = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
foreach($data as $message_id => $message){
if(isset($message['body'])) {
if ($message_id) {
// we're dealing with a real message, not a fake, so
// there a number of shortcuts that can be taken
if (isset($message['meta']['htmlpurifier_light'])) {
// format hook was called outside of Phorum's normal
// functions, do the abridged purification
$data[$message_id]['body'] = $purifier->purify($message['body']);
continue;
}
if (!empty($PHORUM['args']['purge'])) {
// purge the cache, must be below the following if
unset($message['meta']['body_cache']);
}
if (
isset($message['meta']['body_cache']) &&
isset($message['meta']['body_cache_serial']) &&
$message['meta']['body_cache_serial'] == $cache_serial
) {
// cached version is present, bail out early
$data[$message_id]['body'] = base64_decode($message['meta']['body_cache']);
continue;
}
}
// migration might edit this array, that's why it's defined
// so early
$updated_message = array();
// create the $body variable
if (
$message_id && // message must be real to migrate
!isset($message['meta']['body_cache_serial'])
) {
// perform migration
$fake_data = array();
list($signature, $edit_message) = phorum_htmlpurifier_remove_sig_and_editmessage($message);
$fake_data[$message_id] = $message;
$fake_data = phorum_htmlpurifier_migrate($fake_data);
$body = $fake_data[$message_id]['body'];
$body = str_replace("<phorum break>\n", "\n", $body);
$updated_message['body'] = $body; // save it in
$body .= $signature . $edit_message; // add it back in
} else {
// reverse Phorum's pre-processing
$body = $message['body'];
// order is important
$body = str_replace("<phorum break>\n", "\n", $body);
$body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
// we're in control.php, so it was double-escaped
$body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
}
}
$body = $purifier->purify($body);
// dynamically update the cache (MUST BE DONE HERE!)
// this is inefficient because it's one db call per
// cache miss, but once the cache is in place things are
// a lot zippier.
if ($message_id) { // make sure it's not a fake id
$updated_message['meta'] = $message['meta'];
$updated_message['meta']['body_cache'] = base64_encode($body);
$updated_message['meta']['body_cache_serial'] = $cache_serial;
phorum_db_update_message($message_id, $updated_message);
}
// must not get overloaded until after we cache it, otherwise
// we'll inadvertently change the original text
$data[$message_id]['body'] = $body;
}
}
return $data;
}
// -----------------------------------------------------------------------
// This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
// keep this code in-sync with Phorum
/**
* Generates a signature based on a message array
*/
function phorum_htmlpurifier_generate_sig($row)
{
$phorum_sig = '';
if(isset($row["user"]["signature"])
&& isset($row['meta']['show_signature']) && $row['meta']['show_signature']==1){
$phorum_sig=trim($row["user"]["signature"]);
if(!empty($phorum_sig)){
$phorum_sig="\n\n$phorum_sig";
}
}
return $phorum_sig;
}
/**
* Generates an edit message based on a message array
*/
function phorum_htmlpurifier_generate_editmessage($row)
{
$PHORUM = $GLOBALS['PHORUM'];
$editmessage = '';
if(isset($row['meta']['edit_count']) && $row['meta']['edit_count'] > 0) {
$editmessage = str_replace ("%count%", $row['meta']['edit_count'], $PHORUM["DATA"]["LANG"]["EditedMessage"]);
$editmessage = str_replace ("%lastedit%", phorum_date($PHORUM["short_date_time"],$row['meta']['edit_date']), $editmessage);
$editmessage = str_replace ("%lastuser%", $row['meta']['edit_username'], $editmessage);
$editmessage = "\n\n\n\n$editmessage";
}
return $editmessage;
}
// End fragile code
// -----------------------------------------------------------------------
/**
* Removes the signature and edit message from a message
* @param $row Message passed by reference
*/
function phorum_htmlpurifier_remove_sig_and_editmessage(&$row)
{
$signature = phorum_htmlpurifier_generate_sig($row);
$editmessage = phorum_htmlpurifier_generate_editmessage($row);
$replacements = array();
// we need to remove add <phorum break> as that is the form these
// extra bits are in.
if ($signature) $replacements[str_replace("\n", "<phorum break>\n", $signature)] = '';
if ($editmessage) $replacements[str_replace("\n", "<phorum break>\n", $editmessage)] = '';
$row['body'] = strtr($row['body'], $replacements);
return array($signature, $editmessage);
}
/**
* Indicate that data is fully HTML and not from migration, invalidate
* previous caches
* @note This function could generate the actual cache entries, but
* since there's data missing that must be deferred to the first read
*/
function phorum_htmlpurifier_posting($message)
{
$PHORUM = $GLOBALS["PHORUM"];
unset($message['meta']['body_cache']); // invalidate the cache
$message['meta']['body_cache_serial'] = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
return $message;
}
/**
* Overload quoting mechanism to prevent default, mail-style quote from happening
*/
function phorum_htmlpurifier_quote($array)
{
$PHORUM = $GLOBALS["PHORUM"];
$purifier =& HTMLPurifier::getInstance();
$text = $purifier->purify($array[1]);
$source = htmlspecialchars($array[0]);
return "<blockquote cite=\"$source\">\n$text\n</blockquote>";
}
/**
* Ensure that our format hook is processed last. Also, loads the library.
* @credits <http://secretsauce.phorum.org/snippets/make_bbcode_last_formatter.php.txt>
*/
function phorum_htmlpurifier_common()
{
require_once(dirname(__FILE__).'/htmlpurifier/HTMLPurifier.auto.php');
require(dirname(__FILE__).'/init-config.php');
$config = phorum_htmlpurifier_get_config();
HTMLPurifier::getInstance($config);
// increment revision.txt if you want to invalidate the cache
$GLOBALS['PHORUM']['mod_htmlpurifier']['body_cache_serial'] = $config->getSerial();
// load migration
if (file_exists(dirname(__FILE__) . '/migrate.php')) {
include(dirname(__FILE__) . '/migrate.php');
} else {
echo '<strong>Error:</strong> No migration path specified for HTML Purifier, please check
<tt>modes/htmlpurifier/migrate.bbcode.php</tt> for instructions on
how to migrate from your previous markup language.';
exit;
}
if (!function_exists('phorum_htmlpurifier_migrate')) {
// Dummy function
function phorum_htmlpurifier_migrate($data) {return $data;}
}
}
/**
* Pre-emptively performs purification if it looks like a WYSIWYG editor
* is being used
*/
function phorum_htmlpurifier_before_editor($message)
{
if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
if (!empty($message['body'])) {
$body = $message['body'];
// de-entity-ize contents
$body = str_replace(array('&lt;','&gt;','&amp;'), array('<','>','&'), $body);
$purifier =& HTMLPurifier::getInstance();
$body = $purifier->purify($body);
// re-entity-ize contents
$body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
$message['body'] = $body;
}
}
return $message;
}
function phorum_htmlpurifier_editor_after_subject()
{
// don't show this message if it's a WYSIWYG editor, since it will
// then be handled automatically
if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
$i = $GLOBALS['PHORUM']['DATA']['MODE'];
if ($i == 'quote' || $i == 'edit' || $i == 'moderation') {
?>
<div>
<p>
<strong>Notice:</strong> HTML has been scrubbed for your safety.
If you would like to see the original, turn off WYSIWYG mode
(consult your administrator for details.)
</p>
</div>
<?php
}
return;
}
if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) return;
?><div class="htmlpurifier-help">
<p>
<strong>HTML input</strong> is enabled. Make sure you escape all HTML and
angled brackets with <code>&amp;lt;</code> and <code>&amp;gt;</code>.
</p><?php
$purifier =& HTMLPurifier::getInstance();
$config = $purifier->config;
if ($config->get('AutoFormat.AutoParagraph')) {
?><p>
<strong>Auto-paragraphing</strong> is enabled. Double
newlines will be converted to paragraphs; for single
newlines, use the <code>pre</code> tag.
</p><?php
}
$html_definition = $config->getDefinition('HTML');
$allowed = array();
foreach ($html_definition->info as $name => $x) $allowed[] = "<code>$name</code>";
sort($allowed);
$allowed_text = implode(', ', $allowed);
?><p><strong>Allowed tags:</strong> <?php
echo $allowed_text;
?>.</p><?php
?>
</p>
<p>
For inputting literal code such as HTML and PHP for display, use
CDATA tags to auto-escape your angled brackets, and <code>pre</code>
to preserve newlines:
</p>
<pre>&lt;pre&gt;&lt;![CDATA[
<em>Place code here</em>
]]&gt;&lt;/pre&gt;</pre>
<p>
Power users, you can hide this notice with:
<pre>.htmlpurifier-help {display:none;}</pre>
</p>
</div><?php
}
// vim: et sw=4 sts=4

18
library/ezyang/htmlpurifier/plugins/phorum/info.txt Normal file
View file

@ -0,0 +1,18 @@
title: HTML Purifier Phorum Mod
desc: This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
author: Edward Z. Yang
url: http://htmlpurifier.org/
version: 4.0.0
hook: format|phorum_htmlpurifier_format
hook: quote|phorum_htmlpurifier_quote
hook: posting_custom_action|phorum_htmlpurifier_posting
hook: common|phorum_htmlpurifier_common
hook: before_editor|phorum_htmlpurifier_before_editor
hook: tpl_editor_after_subject|phorum_htmlpurifier_editor_after_subject
# This module is meant to be a drop-in for bbcode, so make it run last.
priority: run module after *
priority: run hook format after *
vim: et sw=4 sts=4

30
library/ezyang/htmlpurifier/plugins/phorum/init-config.php Normal file
View file

@ -0,0 +1,30 @@
<?php
/**
* Initializes the appropriate configuration from either a PHP file
* or a module configuration value
* @return Instance of HTMLPurifier_Config
*/
function phorum_htmlpurifier_get_config($default = false)
{
global $PHORUM;
$config_exists = phorum_htmlpurifier_config_file_exists();
if ($default || $config_exists || !isset($PHORUM['mod_htmlpurifier']['config'])) {
$config = HTMLPurifier_Config::createDefault();
include(dirname(__FILE__) . '/config.default.php');
if ($config_exists) {
include(dirname(__FILE__) . '/config.php');
}
unset($PHORUM['mod_htmlpurifier']['config']); // unnecessary
} else {
$config = HTMLPurifier_Config::create($PHORUM['mod_htmlpurifier']['config']);
}
return $config;
}
function phorum_htmlpurifier_config_file_exists()
{
return file_exists(dirname(__FILE__) . '/config.php');
}
// vim: et sw=4 sts=4

31
library/ezyang/htmlpurifier/plugins/phorum/migrate.bbcode.php Normal file
View file

@ -0,0 +1,31 @@
<?php
/**
* This file is responsible for migrating from a specific markup language
* like BBCode or Markdown to HTML. WARNING: THIS PROCESS IS NOT REVERSIBLE
*
* Copy this file to 'migrate.php' and it will automatically work for
* BBCode; you may need to tweak this a little to get it to work for other
* languages (usually, just replace the include name and the function name).
*
* If you do NOT want to have any migration performed (for instance, you
* are installing the module on a new forum with no posts), simply remove
* phorum_htmlpurifier_migrate() function. You still need migrate.php
* present, otherwise the module won't work. This ensures that the user
* explicitly says, "No, I do not need to migrate."
*/
if(!defined("PHORUM")) exit;
require_once(dirname(__FILE__) . "/../bbcode/bbcode.php");
/**
* 'format' hook style function that will be called to convert
* legacy markup into HTML.
*/
function phorum_htmlpurifier_migrate($data)
{
return phorum_mod_bbcode_format($data); // bbcode's 'format' hook
}
// vim: et sw=4 sts=4

64
library/ezyang/htmlpurifier/plugins/phorum/settings.php Normal file
View file

@ -0,0 +1,64 @@
<?php
// based off of BBCode's settings file
/**
* HTML Purifier Phorum mod settings configuration. This provides
* a convenient web-interface for editing the most common HTML Purifier
* configuration directives. You can also specify custom configuration
* by creating a 'config.php' file.
*/
if(!defined("PHORUM_ADMIN")) exit;
// error reporting is good!
error_reporting(E_ALL ^ E_NOTICE);
// load library and other paraphenalia
require_once './include/admin/PhorumInputForm.php';
require_once (dirname(__FILE__) . '/htmlpurifier/HTMLPurifier.auto.php');
require_once (dirname(__FILE__) . '/init-config.php');
require_once (dirname(__FILE__) . '/settings/migrate-sigs-form.php');
require_once (dirname(__FILE__) . '/settings/migrate-sigs.php');
require_once (dirname(__FILE__) . '/settings/form.php');
require_once (dirname(__FILE__) . '/settings/save.php');
// define friendly configuration directives. you can expand this array
// to get more web-definable directives
$PHORUM['mod_htmlpurifier']['directives'] = array(
'URI.Host', // auto-detectable
'URI.DisableExternal',
'URI.DisableExternalResources',
'URI.DisableResources',
'URI.Munge',
'URI.HostBlacklist',
'URI.Disable',
'HTML.TidyLevel',
'HTML.Doctype', // auto-detectable
'HTML.Allowed',
'AutoFormat',
'-AutoFormat.Custom',
'AutoFormatParam',
'Output.TidyFormat',
);
// lower this setting if you're getting time outs/out of memory
$PHORUM['mod_htmlpurifier']['migrate-sigs-increment'] = 100;
if (isset($_POST['reset'])) {
unset($PHORUM['mod_htmlpurifier']['config']);
}
if ($offset = phorum_htmlpurifier_migrate_sigs_check()) {
// migrate signatures
phorum_htmlpurifier_migrate_sigs($offset);
} elseif(!empty($_POST)){
// save settings
phorum_htmlpurifier_save_settings();
}
phorum_htmlpurifier_show_migrate_sigs_form();
echo '<br />';
phorum_htmlpurifier_show_form();
// vim: et sw=4 sts=4

95
library/ezyang/htmlpurifier/plugins/phorum/settings/form.php Normal file
View file

@ -0,0 +1,95 @@
<?php
function phorum_htmlpurifier_show_form()
{
if (phorum_htmlpurifier_config_file_exists()) {
phorum_htmlpurifier_show_config_info();
return;
}
global $PHORUM;
$config = phorum_htmlpurifier_get_config();
$frm = new PhorumInputForm ("", "post", "Save");
$frm->hidden("module", "modsettings");
$frm->hidden("mod", "htmlpurifier"); // this is the directory name that the Settings file lives in
if (!empty($error)){
echo "$error<br />";
}
$frm->addbreak("Edit settings for the HTML Purifier module");
$frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'wysiwyg\']</code>.
When checked, contents sent for edit are now purified and the
informative message is disabled. If your WYSIWYG editor is disabled for
admin edits, you can safely keep this unchecked.</p>');
$frm->addRow('Use WYSIWYG?', $frm->checkbox('wysiwyg', '1', '', $PHORUM['mod_htmlpurifier']['wysiwyg']));
$frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'suppress_message\']</code>,
which removes the big how-to use
HTML Purifier message.</p>');
$frm->addRow('Suppress information?', $frm->checkbox('suppress_message', '1', '', $PHORUM['mod_htmlpurifier']['suppress_message']));
$frm->addMessage('<p>Click on directive links to read what each option does
(links do not open in new windows).</p>
<p>For more flexibility (for instance, you want to edit the full
range of configuration directives), you can create a <tt>config.php</tt>
file in your <tt>mods/htmlpurifier/</tt> directory. Doing so will,
however, make the web configuration interface unavailable.</p>');
require_once 'HTMLPurifier/Printer/ConfigForm.php';
$htmlpurifier_form = new HTMLPurifier_Printer_ConfigForm('config', 'http://htmlpurifier.org/live/configdoc/plain.html#%s');
$htmlpurifier_form->setTextareaDimensions(23, 7); // widen a little, since we have space
$frm->addMessage($htmlpurifier_form->render(
$config, $PHORUM['mod_htmlpurifier']['directives'], false));
$frm->addMessage("<strong>Warning: Changing HTML Purifier's configuration will invalidate
the cache. Expect to see a flurry of database activity after you change
any of these settings.</strong>");
$frm->addrow('Reset to defaults:', $frm->checkbox("reset", "1", "", false));
// hack to include extra styling
echo '<style type="text/css">' . $htmlpurifier_form->getCSS() . '
.hp-config {margin-left:auto;margin-right:auto;}
</style>';
$js = $htmlpurifier_form->getJavaScript();
echo '<script type="text/javascript">'."<!--\n$js\n//-->".'</script>';
$frm->show();
}
function phorum_htmlpurifier_show_config_info()
{
global $PHORUM;
// update mod_htmlpurifier for housekeeping
phorum_htmlpurifier_commit_settings();
// politely tell user how to edit settings manually
?>
<div class="input-form-td-break">How to edit settings for HTML Purifier module</div>
<p>
A <tt>config.php</tt> file exists in your <tt>mods/htmlpurifier/</tt>
directory. This file contains your custom configuration: in order to
change it, please navigate to that file and edit it accordingly.
You can also set <code>$GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg']</code>
or <code>$GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message']</code>
</p>
<p>
To use the web interface, delete <tt>config.php</tt> (or rename it to
<tt>config.php.bak</tt>).
</p>
<p>
<strong>Warning: Changing HTML Purifier's configuration will invalidate
the cache. Expect to see a flurry of database activity after you change
any of these settings.</strong>
</p>
<?php
}
// vim: et sw=4 sts=4

22
library/ezyang/htmlpurifier/plugins/phorum/settings/migrate-sigs-form.php Normal file
View file

@ -0,0 +1,22 @@
<?php
function phorum_htmlpurifier_show_migrate_sigs_form()
{
$frm = new PhorumInputForm ('', "post", "Migrate");
$frm->hidden("module", "modsettings");
$frm->hidden("mod", "htmlpurifier");
$frm->hidden("migrate-sigs", "1");
$frm->addbreak("Migrate user signatures to HTML");
$frm->addMessage('This operation will migrate your users signatures
to HTML. <strong>This process is irreversible and must only be performed once.</strong>
Type in yes in the confirmation field to migrate.');
if (!file_exists(dirname(__FILE__) . '/../migrate.php')) {
$frm->addMessage('Migration file does not exist, cannot migrate signatures.
Please check <tt>migrate.bbcode.php</tt> on how to create an appropriate file.');
} else {
$frm->addrow('Confirm:', $frm->text_box("confirmation", ""));
}
$frm->show();
}
// vim: et sw=4 sts=4

79
library/ezyang/htmlpurifier/plugins/phorum/settings/migrate-sigs.php Normal file
View file

@ -0,0 +1,79 @@
<?php
function phorum_htmlpurifier_migrate_sigs_check()
{
global $PHORUM;
$offset = 0;
if (!empty($_POST['migrate-sigs'])) {
if (!isset($_POST['confirmation']) || strtolower($_POST['confirmation']) !== 'yes') {
echo 'Invalid confirmation code.';
exit;
}
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = true;
phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
$offset = 1;
} elseif (!empty($_GET['migrate-sigs']) && $PHORUM['mod_htmlpurifier']['migrate-sigs']) {
$offset = (int) $_GET['migrate-sigs'];
}
return $offset;
}
function phorum_htmlpurifier_migrate_sigs($offset)
{
global $PHORUM;
if(!$offset) return; // bail out quick if $offset == 0
// theoretically, we could get rid of this multi-request
// doo-hickery if safe mode is off
@set_time_limit(0); // attempt to let this run
$increment = $PHORUM['mod_htmlpurifier']['migrate-sigs-increment'];
require_once(dirname(__FILE__) . '/../migrate.php');
// migrate signatures
// do this in batches so we don't run out of time/space
$end = $offset + $increment;
$user_ids = array();
for ($i = $offset; $i < $end; $i++) {
$user_ids[] = $i;
}
$userinfos = phorum_db_user_get_fields($user_ids, 'signature');
foreach ($userinfos as $i => $user) {
if (empty($user['signature'])) continue;
$sig = $user['signature'];
// perform standard Phorum processing on the sig
$sig = str_replace(array("&","<",">"), array("&amp;","&lt;","&gt;"), $sig);
$sig = preg_replace("/<((http|https|ftp):\/\/[a-z0-9;\/\?:@=\&\$\-_\.\+!*'\(\),~%]+?)>/i", "$1", $sig);
// prepare fake data to pass to migration function
$fake_data = array(array("author"=>"", "email"=>"", "subject"=>"", 'body' => $sig));
list($fake_message) = phorum_htmlpurifier_migrate($fake_data);
$user['signature'] = $fake_message['body'];
if (!phorum_api_user_save($user)) {
exit('Error while saving user data');
}
}
unset($userinfos); // free up memory
// query for highest ID in database
$type = $PHORUM['DBCONFIG']['type'];
$sql = "select MAX(user_id) from {$PHORUM['user_table']}";
$row = phorum_db_interact(DB_RETURN_ROW, $sql);
$top_id = (int) $row[0];
$offset += $increment;
if ($offset > $top_id) { // test for end condition
echo 'Migration finished';
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = false;
phorum_htmlpurifier_commit_settings();
return true;
}
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'admin.php?module=modsettings&mod=htmlpurifier&migrate-sigs=' . $offset;
// relies on output buffering to work
header("Location: http://$host$uri/$extra");
exit;
}
// vim: et sw=4 sts=4

29
library/ezyang/htmlpurifier/plugins/phorum/settings/save.php Normal file
View file

@ -0,0 +1,29 @@
<?php
function phorum_htmlpurifier_save_settings()
{
global $PHORUM;
if (phorum_htmlpurifier_config_file_exists()) {
echo "Cannot update settings, <code>mods/htmlpurifier/config.php</code> already exists. To change
settings, edit that file. To use the web form, delete that file.<br />";
} else {
$config = phorum_htmlpurifier_get_config(true);
if (!isset($_POST['reset'])) $config->mergeArrayFromForm($_POST, 'config', $PHORUM['mod_htmlpurifier']['directives']);
$PHORUM['mod_htmlpurifier']['config'] = $config->getAll();
}
$PHORUM['mod_htmlpurifier']['wysiwyg'] = !empty($_POST['wysiwyg']);
$PHORUM['mod_htmlpurifier']['suppress_message'] = !empty($_POST['suppress_message']);
if(!phorum_htmlpurifier_commit_settings()){
$error="Database error while updating settings.";
} else {
echo "Settings Updated<br />";
}
}
function phorum_htmlpurifier_commit_settings()
{
global $PHORUM;
return phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
}
// vim: et sw=4 sts=4