diff options
| author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
|---|---|---|
| committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
| commit | 10831dd274ff65d4852b47dbc398adae61845206 (patch) | |
| tree | 9f9397bb7433fd53bfacf88d8c8b3cf2ef50e27d /3rdparty/htmlpurifier/plugins | |
| parent | 7b628a3e4d105f2e571d0fe142d59f201d6a10d0 (diff) | |
use html purifier for sanitation
Diffstat (limited to '3rdparty/htmlpurifier/plugins')
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/modx.txt | 112 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/.gitignore | 2 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/Changelog | 27 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/INSTALL | 84 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/README | 45 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/config.default.php | 57 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/htmlpurifier.php | 309 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/info.txt | 18 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/init-config.php | 28 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/migrate.bbcode.php | 30 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/settings.php | 64 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/settings/form.php | 93 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/settings/migrate-sigs-form.php | 22 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/settings/migrate-sigs.php | 77 | ||||
| -rw-r--r-- | 3rdparty/htmlpurifier/plugins/phorum/settings/save.php | 27 |
15 files changed, 995 insertions, 0 deletions
diff --git a/3rdparty/htmlpurifier/plugins/modx.txt b/3rdparty/htmlpurifier/plugins/modx.txt new file mode 100644 index 000000000..bcdd40d87 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/modx.txt @@ -0,0 +1,112 @@ +
+MODx Plugin
+
+MODx <http://www.modxcms.com/> is an open source PHP application framework.
+I first came across them in my referrer logs when tillda asked if anyone
+could implement an HTML Purifier plugin. This forum thread
+<http://modxcms.com/forums/index.php/topic,6604.0.html> eventually resulted
+in the fruition of this plugin that davidm says, "is on top of my favorite
+list." HTML Purifier goes great with WYSIWYG editors!
+
+
+
+1. Credits
+
+PaulGregory wrote the overall structure of the code. I added the
+slashes hack.
+
+
+
+2. Install
+
+First, you need to place HTML Purifier library somewhere. The code here
+assumes that you've placed in MODx's assets/plugins/htmlpurifier (no version
+number).
+
+Log into the manager, and navigate:
+
+Resources > Manage Resources > Plugins tab > New Plugin
+
+Type in a name (probably HTML Purifier), and copy paste this code into the
+textarea:
+
+--------------------------------------------------------------------------------
+$e = &$modx->Event;
+if ($e->name == 'OnBeforeDocFormSave') {
+ global $content;
+
+ include_once '../assets/plugins/htmlpurifier/library/HTMLPurifier.auto.php';
+ $purifier = new HTMLPurifier();
+
+ static $magic_quotes = null;
+ if ($magic_quotes === null) {
+ // this is an ugly hack because this hook hasn't
+ // had the backslashes removed yet when magic_quotes_gpc is on,
+ // but HTMLPurifier must not have the quotes slashed.
+ $magic_quotes = get_magic_quotes_gpc();
+ }
+
+ if ($magic_quotes) $content = stripslashes($content);
+ $content = $purifier->purify($content);
+ if ($magic_quotes) $content = addslashes($content);
+}
+--------------------------------------------------------------------------------
+
+Then navigate to the System Events tab and check "OnBeforeDocFormSave".
+Save the plugin. HTML Purifier now is integrated!
+
+
+
+3. Making sure it works
+
+You can test HTML Purifier by deliberately putting in crappy HTML and seeing
+whether or not it gets fixed. A better way is to put in something like this:
+
+<p lang="fr">Il est bon</p>
+
+...and seeing whether or not the content comes out as:
+
+<p lang="fr" xml:lang="fr">Il est bon</p>
+
+(lang to xml:lang synchronization is one of the many features HTML Purifier
+has).
+
+
+
+4. Caveat Emptor
+
+This code does not intercept save requests from the QuickEdit plugin, this may
+be added in a later version. It also modifies things on save, so there's a
+slight chance that HTML Purifier may make a boo-boo and accidently mess things
+up (the original version is not saved).
+
+Finally, make sure that MODx is using UTF-8. If you are using, say, a French
+localisation, you may be using Latin-1, if that's the case, configure
+HTML Purifier properly like this:
+
+$config = HTMLPurifier_Config::createDefault();
+$config->set('Core', 'Encoding', 'ISO-8859-1'); // or whatever encoding
+$purifier = new HTMLPurifier($config);
+
+
+
+5. Known Bugs
+
+'rn' characters sometimes mysteriously appear after purification. We are
+currently investigating this issue. See: <http://htmlpurifier.org/phorum/read.php?3,1866>
+
+
+
+6. See Also
+
+A modified version of Jot 1.1.3 is available, which integrates with HTML
+Purifier. You can check it out here: <http://modxcms.com/forums/index.php/topic,25621.msg161970.html>
+
+
+X. Changelog
+
+2008-06-16
+- Updated code to work with 3.1.0 and later
+- Add Known Bugs and See Also section
+
+ vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/.gitignore b/3rdparty/htmlpurifier/plugins/phorum/.gitignore new file mode 100644 index 000000000..025aae070 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/.gitignore @@ -0,0 +1,2 @@ +migrate.php
+htmlpurifier/*
diff --git a/3rdparty/htmlpurifier/plugins/phorum/Changelog b/3rdparty/htmlpurifier/plugins/phorum/Changelog new file mode 100644 index 000000000..5633667c0 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/Changelog @@ -0,0 +1,27 @@ +Changelog HTMLPurifier : Phorum Mod
+|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
+= KEY ====================
+ # Breaks back-compat
+ ! Feature
+ - Bugfix
+ + Sub-comment
+ . Internal change
+==========================
+
+Version 4.0.0 for Phorum 5.2, released July 9, 2009
+# Works only with HTML Purifier 4.0.0
+! Better installation documentation
+- Fixed double encoded quotes
+- Fixed fatal error when migrate.php is blank
+
+Version 3.0.0 for Phorum 5.2, released January 12, 2008
+# WYSIWYG and suppress_message options are now configurable via web
+ interface.
+- Module now compatible with Phorum 5.2, primary bugs were in migration
+ code as well as signature and edit message handling. This module is NOT
+ compatible with Phorum 5.1.
+- Buggy WYSIWYG mode refined
+. AutoFormatParam added to list of default configuration namespaces
+
+ vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/INSTALL b/3rdparty/htmlpurifier/plugins/phorum/INSTALL new file mode 100644 index 000000000..c8670df43 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/INSTALL @@ -0,0 +1,84 @@ +
+Install
+ How to install the Phorum HTML Purifier plugin
+
+0. PREREQUISITES
+----------------
+This Phorum module only works on PHP5 and with HTML Purifier 4.0.0
+or later.
+
+1. UNZIP
+--------
+Unzip phorum-htmlpurifier-x.y.z, producing an htmlpurifier folder.
+You've already done this step if you're reading this!
+
+2. MOVE
+-------
+Move the htmlpurifier folder to the mods/ folder of your Phorum
+installation, so the directory structure looks like:
+
+phorum/
+ mods/
+ htmlpurifier/
+ INSTALL - this install file
+ info.txt, ... - the module files
+ htmlpurifier/
+
+3. INSTALL HTML PURIFIER
+------------------------
+Download and unzip HTML Purifier <htmlpurifier.org>. Place the contents of
+the library/ folder in the htmlpurifier/htmlpurifier folder. Your directory
+structure will look like:
+
+phorum/
+ mods/
+ htmlpurifier/
+ htmlpurifier/
+ HTMLPurifier.auto.php
+ ... - other files
+ HTMLPurifier/
+
+Advanced users:
+ If you have HTML Purifier installed elsewhere on your server,
+ all you need is an HTMLPurifier.auto.php file in the library folder which
+ includes the HTMLPurifier.auto.php file in your install.
+
+4. MIGRATE
+----------
+If you're setting up a new Phorum installation, all you need to do is create
+a blank migrate.php file in the htmlpurifier module folder (NOT the library
+folder.
+
+If you have an old Phorum installation and was using BBCode,
+copy migrate.bbcode.php to migrate.php. If you were using a different input
+format, follow the instructions in migrate.bbcode.php to create your own custom
+migrate.php file.
+
+Your directory structure should now look like this:
+
+phorum/
+ mods/
+ htmlpurifier/
+ migrate.php
+
+5. ENABLE
+---------
+Navigate to your Phorum admin panel at http://example.com/phorum/admin.php,
+click on Global Settings > Modules, scroll to "HTML Purifier Phorum Mod" and
+turn it On.
+
+6. MIGRATE SIGNATURES
+---------------------
+If you're setting up a new Phorum installation, skip this step.
+
+If you allowed your users to make signatures, navigate to the module settings
+page of HTML Purifier (Global Settings > Modules > HTML Purifier Phorum Mod >
+Configure), type in "yes" in the "Confirm" box, and press "Migrate."
+
+ONLY DO THIS ONCE! BE SURE TO BACK UP YOUR DATABASE!
+
+7. CONFIGURE
+------------
+Configure using Edit settings. See that page for more information.
+
+ vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/README b/3rdparty/htmlpurifier/plugins/phorum/README new file mode 100644 index 000000000..e433c33f5 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/README @@ -0,0 +1,45 @@ +
+HTML Purifier Phorum Mod - Filter your HTML the Standards-Compliant Way!
+
+This Phorum mod enables HTML posting on Phorum. Under normal circumstances,
+this would cause a huge security risk, but because we are running
+HTML through HTML Purifier, output is guaranteed to be XSS free and
+standards-compliant.
+
+This mod requires HTML input, and previous markup languages need to be
+converted accordingly. Thus, it is vital that you create a 'migrate.php'
+file that works with your installation. If you're using the built-in
+BBCode formatting, simply move migrate.bbcode.php to that place; for
+other markup languages, consult said file for instructions on how
+to adapt it to your needs.
+
+ -- NOTE -------------------------------------------------
+ You can also run this module in parallel with another
+ formatting module; this module attempts to place itself
+ at the end of the filtering chain. However, if any
+ previous modules produce insecure HTML (for instance,
+ a JavaScript email obfuscator) they will get cleaned.
+
+This module will not work if 'migrate.php' is not created, and an improperly
+made migration file may *CORRUPT* Phorum, so please take your time to
+do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
+before attempting anything here. If no migration is necessary, you can
+simply create a blank migrate.php file. HTML Purifier is smart and will
+not re-migrate already processed messages. However, the original code
+is irretrievably lost (we may change this in the future.)
+
+This module will not automatically migrate user signatures, because this
+process may take a long time. After installing the HTML Purifier module and
+then configuring 'migrate.php', navigate to Settings and click 'Migrate
+Signatures' to migrate all user signatures to HTML.
+
+All of HTML Purifier's usual functions are configurable via the mod settings
+page. If you require custom configuration, create config.php file in
+the mod directory that edits a $config variable. Be sure, also, to
+set $PHORUM['mod_htmlpurifier']['wysiwyg'] to TRUE if you are using a
+WYSIWYG editor (you can do this through a common hook or the web
+configuration form).
+
+Visit HTML Purifier at <http://htmlpurifier.org/>.
+
+ vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/config.default.php b/3rdparty/htmlpurifier/plugins/phorum/config.default.php new file mode 100644 index 000000000..4ef075318 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/config.default.php @@ -0,0 +1,57 @@ +<?php
+
+if(!defined("PHORUM")) exit;
+
+// default HTML Purifier configuration settings
+$config->set('HTML.Allowed',
+ // alphabetically sorted
+'a[href|title]
+abbr[title]
+acronym[title]
+b
+blockquote[cite]
+br
+caption
+cite
+code
+dd
+del
+dfn
+div
+dl
+dt
+em
+i
+img[src|alt|title|class]
+ins
+kbd
+li
+ol
+p
+pre
+s
+strike
+strong
+sub
+sup
+table
+tbody
+td
+tfoot
+th
+thead
+tr
+tt
+u
+ul
+var');
+$config->set('AutoFormat.AutoParagraph', true);
+$config->set('AutoFormat.Linkify', true);
+$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
+$config->set('Core.AggressivelyFixLt', true);
+$config->set('Core.Encoding', $GLOBALS['PHORUM']['DATA']['CHARSET']); // we'll change this eventually
+if (strtolower($GLOBALS['PHORUM']['DATA']['CHARSET']) !== 'utf-8') {
+ $config->set('Core.EscapeNonASCIICharacters', true);
+}
+
+// vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/htmlpurifier.php b/3rdparty/htmlpurifier/plugins/phorum/htmlpurifier.php new file mode 100644 index 000000000..4a215cc95 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/htmlpurifier.php @@ -0,0 +1,309 @@ +<?php
+
+/**
+ * HTML Purifier Phorum Mod. Filter your HTML the Standards-Compliant Way!
+ *
+ * This Phorum mod enables users to post raw HTML into Phorum. But never
+ * fear: with the help of HTML Purifier, this HTML will be beat into
+ * de-XSSed and standards-compliant form, safe for general consumption.
+ * It is not recommended, but possible to run this mod in parallel
+ * with other formatters (in short, please DISABLE the BBcode mod).
+ *
+ * For help migrating from your previous markup language to pure HTML
+ * please check the migrate.bbcode.php file.
+ *
+ * If you'd like to use this with a WYSIWYG editor, make sure that
+ * editor sets $PHORUM['mod_htmlpurifier']['wysiwyg'] to true. Otherwise,
+ * administrators who need to edit other people's comments may be at
+ * risk for some nasty attacks.
+ *
+ * Tested with Phorum 5.2.11.
+ */
+
+// Note: Cache data is base64 encoded because Phorum insists on flinging
+// to the user and expecting it to come back unharmed, newlines and
+// all, which ain't happening. It's slower, it takes up more space, but
+// at least it won't get mutilated
+
+/**
+ * Purifies a data array
+ */
+function phorum_htmlpurifier_format($data)
+{
+ $PHORUM = $GLOBALS["PHORUM"];
+
+ $purifier =& HTMLPurifier::getInstance();
+ $cache_serial = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
+
+ foreach($data as $message_id => $message){
+ if(isset($message['body'])) {
+
+ if ($message_id) {
+ // we're dealing with a real message, not a fake, so
+ // there a number of shortcuts that can be taken
+
+ if (isset($message['meta']['htmlpurifier_light'])) {
+ // format hook was called outside of Phorum's normal
+ // functions, do the abridged purification
+ $data[$message_id]['body'] = $purifier->purify($message['body']);
+ continue;
+ }
+
+ if (!empty($PHORUM['args']['purge'])) {
+ // purge the cache, must be below the following if
+ unset($message['meta']['body_cache']);
+ }
+
+ if (
+ isset($message['meta']['body_cache']) &&
+ isset($message['meta']['body_cache_serial']) &&
+ $message['meta']['body_cache_serial'] == $cache_serial
+ ) {
+ // cached version is present, bail out early
+ $data[$message_id]['body'] = base64_decode($message['meta']['body_cache']);
+ continue;
+ }
+ }
+
+ // migration might edit this array, that's why it's defined
+ // so early
+ $updated_message = array();
+
+ // create the $body variable
+ if (
+ $message_id && // message must be real to migrate
+ !isset($message['meta']['body_cache_serial'])
+ ) {
+ // perform migration
+ $fake_data = array();
+ list($signature, $edit_message) = phorum_htmlpurifier_remove_sig_and_editmessage($message);
+ $fake_data[$message_id] = $message;
+ $fake_data = phorum_htmlpurifier_migrate($fake_data);
+ $body = $fake_data[$message_id]['body'];
+ $body = str_replace("<phorum break>\n", "\n", $body);
+ $updated_message['body'] = $body; // save it in
+ $body .= $signature . $edit_message; // add it back in
+ } else {
+ // reverse Phorum's pre-processing
+ $body = $message['body'];
+ // order is important
+ $body = str_replace("<phorum break>\n", "\n", $body);
+ $body = str_replace(array('<','>','&', '"'), array('<','>','&','"'), $body);
+ if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
+ // we're in control.php, so it was double-escaped
+ $body = str_replace(array('<','>','&', '"'), array('<','>','&','"'), $body);
+ }
+ }
+
+ $body = $purifier->purify($body);
+
+ // dynamically update the cache (MUST BE DONE HERE!)
+ // this is inefficient because it's one db call per
+ // cache miss, but once the cache is in place things are
+ // a lot zippier.
+
+ if ($message_id) { // make sure it's not a fake id
+ $updated_message['meta'] = $message['meta'];
+ $updated_message['meta']['body_cache'] = base64_encode($body);
+ $updated_message['meta']['body_cache_serial'] = $cache_serial;
+ phorum_db_update_message($message_id, $updated_message);
+ }
+
+ // must not get overloaded until after we cache it, otherwise
+ // we'll inadvertently change the original text
+ $data[$message_id]['body'] = $body;
+
+ }
+ }
+
+ return $data;
+}
+
+// -----------------------------------------------------------------------
+// This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
+// keep this code in-sync with Phorum
+
+/**
+ * Generates a signature based on a message array
+ */
+function phorum_htmlpurifier_generate_sig($row) {
+ $phorum_sig = '';
+ if(isset($row["user"]["signature"])
+ && isset($row['meta']['show_signature']) && $row['meta']['show_signature']==1){
+ $phorum_sig=trim($row["user"]["signature"]);
+ if(!empty($phorum_sig)){
+ $phorum_sig="\n\n$phorum_sig";
+ }
+ }
+ return $phorum_sig;
+}
+
+/**
+ * Generates an edit message based on a message array
+ */
+function phorum_htmlpurifier_generate_editmessage($row) {
+ $PHORUM = $GLOBALS['PHORUM'];
+ $editmessage = '';
+ if(isset($row['meta']['edit_count']) && $row['meta']['edit_count'] > 0) {
+ $editmessage = str_replace ("%count%", $row['meta']['edit_count'], $PHORUM["DATA"]["LANG"]["EditedMessage"]);
+ $editmessage = str_replace ("%lastedit%", phorum_date($PHORUM["short_date_time"],$row['meta']['edit_date']), $editmessage);
+ $editmessage = str_replace ("%lastuser%", $row['meta']['edit_username'], $editmessage);
+ $editmessage = "\n\n\n\n$editmessage";
+ }
+ return $editmessage;
+}
+
+// End fragile code
+// -----------------------------------------------------------------------
+
+/**
+ * Removes the signature and edit message from a message
+ * @param $row Message passed by reference
+ */
+function phorum_htmlpurifier_remove_sig_and_editmessage(&$row) {
+ $signature = phorum_htmlpurifier_generate_sig($row);
+ $editmessage = phorum_htmlpurifier_generate_editmessage($row);
+ $replacements = array();
+ // we need to remove add <phorum break> as that is the form these
+ // extra bits are in.
+ if ($signature) $replacements[str_replace("\n", "<phorum break>\n", $signature)] = '';
+ if ($editmessage) $replacements[str_replace("\n", "<phorum break>\n", $editmessage)] = '';
+ $row['body'] = strtr($row['body'], $replacements);
+ return array($signature, $editmessage);
+}
+
+/**
+ * Indicate that data is fully HTML and not from migration, invalidate
+ * previous caches
+ * @note This function could generate the actual cache entries, but
+ * since there's data missing that must be deferred to the first read
+ */
+function phorum_htmlpurifier_posting($message) {
+ $PHORUM = $GLOBALS["PHORUM"];
+ unset($message['meta']['body_cache']); // invalidate the cache
+ $message['meta']['body_cache_serial'] = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
+ return $message;
+}
+
+/**
+ * Overload quoting mechanism to prevent default, mail-style quote from happening
+ */
+function phorum_htmlpurifier_quote($array) {
+ $PHORUM = $GLOBALS["PHORUM"];
+ $purifier =& HTMLPurifier::getInstance();
+ $text = $purifier->purify($array[1]);
+ $source = htmlspecialchars($array[0]);
+ return "<blockquote cite=\"$source\">\n$text\n</blockquote>";
+}
+
+/**
+ * Ensure that our format hook is processed last. Also, loads the library.
+ * @credits <http://secretsauce.phorum.org/snippets/make_bbcode_last_formatter.php.txt>
+ */
+function phorum_htmlpurifier_common() {
+
+ require_once(dirname(__FILE__).'/htmlpurifier/HTMLPurifier.auto.php');
+ require(dirname(__FILE__).'/init-config.php');
+
+ $config = phorum_htmlpurifier_get_config();
+ HTMLPurifier::getInstance($config);
+
+ // increment revision.txt if you want to invalidate the cache
+ $GLOBALS['PHORUM']['mod_htmlpurifier']['body_cache_serial'] = $config->getSerial();
+
+ // load migration
+ if (file_exists(dirname(__FILE__) . '/migrate.php')) {
+ include(dirname(__FILE__) . '/migrate.php');
+ } else {
+ echo '<strong>Error:</strong> No migration path specified for HTML Purifier, please check
+ <tt>modes/htmlpurifier/migrate.bbcode.php</tt> for instructions on
+ how to migrate from your previous markup language.';
+ exit;
+ }
+
+ if (!function_exists('phorum_htmlpurifier_migrate')) {
+ // Dummy function
+ function phorum_htmlpurifier_migrate($data) {return $data;}
+ }
+
+}
+
+/**
+ * Pre-emptively performs purification if it looks like a WYSIWYG editor
+ * is being used
+ */
+function phorum_htmlpurifier_before_editor($message) {
+ if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
+ if (!empty($message['body'])) {
+ $body = $message['body'];
+ // de-entity-ize contents
+ $body = str_replace(array('<','>','&'), array('<','>','&'), $body);
+ $purifier =& HTMLPurifier::getInstance();
+ $body = $purifier->purify($body);
+ // re-entity-ize contents
+ $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
+ $message['body'] = $body;
+ }
+ }
+ return $message;
+}
+
+function phorum_htmlpurifier_editor_after_subject() {
+ // don't show this message if it's a WYSIWYG editor, since it will
+ // then be handled automatically
+ if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
+ $i = $GLOBALS['PHORUM']['DATA']['MODE'];
+ if ($i == 'quote' || $i == 'edit' || $i == 'moderation') {
+ ?>
+ <div>
+ <p>
+ <strong>Notice:</strong> HTML has been scrubbed for your safety.
+ If you would like to see the original, turn off WYSIWYG mode
+ (consult your administrator for details.)
+ </p>
+ </div>
+ <?php
+ }
+ return;
+ }
+ if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) return;
+ ?><div class="htmlpurifier-help">
+ <p>
+ <strong>HTML input</strong> is enabled. Make sure you escape all HTML and
+ angled brackets with <code>&lt;</code> and <code>&gt;</code>.
+ </p><?php
+ $purifier =& HTMLPurifier::getInstance();
+ $config = $purifier->config;
+ if ($config->get('AutoFormat.AutoParagraph')) {
+ ?><p>
+ <strong>Auto-paragraphing</strong> is enabled. Double
+ newlines will be converted to paragraphs; for single
+ newlines, use the <code>pre</code> tag.
+ </p><?php
+ }
+ $html_definition = $config->getDefinition('HTML');
+ $allowed = array();
+ foreach ($html_definition->info as $name => $x) $allowed[] = "<code>$name</code>";
+ sort($allowed);
+ $allowed_text = implode(', ', $allowed);
+ ?><p><strong>Allowed tags:</strong> <?php
+ echo $allowed_text;
+ ?>.</p><?php
+ ?>
+ </p>
+ <p>
+ For inputting literal code such as HTML and PHP for display, use
+ CDATA tags to auto-escape your angled brackets, and <code>pre</code>
+ to preserve newlines:
+ </p>
+ <pre><pre><![CDATA[
+<em>Place code here</em>
+]]></pre></pre>
+ <p>
+ Power users, you can hide this notice with:
+ <pre>.htmlpurifier-help {display:none;}</pre>
+ </p>
+ </div><?php
+}
+
+// vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/info.txt b/3rdparty/htmlpurifier/plugins/phorum/info.txt new file mode 100644 index 000000000..5a5a50087 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/info.txt @@ -0,0 +1,18 @@ +title: HTML Purifier Phorum Mod
+desc: This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
+author: Edward Z. Yang
+url: http://htmlpurifier.org/
+version: 4.0.0
+
+hook: format|phorum_htmlpurifier_format
+hook: quote|phorum_htmlpurifier_quote
+hook: posting_custom_action|phorum_htmlpurifier_posting
+hook: common|phorum_htmlpurifier_common
+hook: before_editor|phorum_htmlpurifier_before_editor
+hook: tpl_editor_after_subject|phorum_htmlpurifier_editor_after_subject
+
+# This module is meant to be a drop-in for bbcode, so make it run last.
+priority: run module after *
+priority: run hook format after *
+
+ vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/init-config.php b/3rdparty/htmlpurifier/plugins/phorum/init-config.php new file mode 100644 index 000000000..154754936 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/init-config.php @@ -0,0 +1,28 @@ +<?php
+
+/**
+ * Initializes the appropriate configuration from either a PHP file
+ * or a module configuration value
+ * @return Instance of HTMLPurifier_Config
+ */
+function phorum_htmlpurifier_get_config($default = false) {
+ global $PHORUM;
+ $config_exists = phorum_htmlpurifier_config_file_exists();
+ if ($default || $config_exists || !isset($PHORUM['mod_htmlpurifier']['config'])) {
+ $config = HTMLPurifier_Config::createDefault();
+ include(dirname(__FILE__) . '/config.default.php');
+ if ($config_exists) {
+ include(dirname(__FILE__) . '/config.php');
+ }
+ unset($PHORUM['mod_htmlpurifier']['config']); // unnecessary
+ } else {
+ $config = HTMLPurifier_Config::create($PHORUM['mod_htmlpurifier']['config']);
+ }
+ return $config;
+}
+
+function phorum_htmlpurifier_config_file_exists() {
+ return file_exists(dirname(__FILE__) . '/config.php');
+}
+
+// vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/migrate.bbcode.php b/3rdparty/htmlpurifier/plugins/phorum/migrate.bbcode.php new file mode 100644 index 000000000..d73ed36c8 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/migrate.bbcode.php @@ -0,0 +1,30 @@ +<?php
+
+/**
+ * This file is responsible for migrating from a specific markup language
+ * like BBCode or Markdown to HTML. WARNING: THIS PROCESS IS NOT REVERSIBLE
+ *
+ * Copy this file to 'migrate.php' and it will automatically work for
+ * BBCode; you may need to tweak this a little to get it to work for other
+ * languages (usually, just replace the include name and the function name).
+ *
+ * If you do NOT want to have any migration performed (for instance, you
+ * are installing the module on a new forum with no posts), simply remove
+ * phorum_htmlpurifier_migrate() function. You still need migrate.php
+ * present, otherwise the module won't work. This ensures that the user
+ * explicitly says, "No, I do not need to migrate."
+ */
+
+if(!defined("PHORUM")) exit;
+
+require_once(dirname(__FILE__) . "/../bbcode/bbcode.php");
+
+/**
+ * 'format' hook style function that will be called to convert
+ * legacy markup into HTML.
+ */
+function phorum_htmlpurifier_migrate($data) {
+ return phorum_mod_bbcode_format($data); // bbcode's 'format' hook
+}
+
+// vim: et sw=4 sts=4
diff --git a/3rdparty/htmlpurifier/plugins/phorum/settings.php b/3rdparty/htmlpurifier/plugins/phorum/settings.php new file mode 100644 index 000000000..34188bd73 --- /dev/null +++ b/3rdparty/htmlpurifier/plugins/phorum/settings.php @@ -0,0 +1,64 @@ +<?php
+
+// based off of BBCode's settings file
+
+/**
+ * HTML Purifier Phorum mod settings configuration. This provides
+ * a convenient web-interface for editing the most common HTML Purifier
+ * configuration directives. You can also specify custom configuration
+ * by creating a 'config.php' file.
+ */
+
+if(!defined("PHORUM_ADMIN")) exit;
+
+// error reporting is good!
+error_reporting(E_ALL ^ E_NOTICE);
+
+// load library and other paraphenalia
+require_once './include/admin/PhorumInputForm.php';
+require_once (dirname(__FILE__) . '/htmlpurifier/HTMLPurifier.auto.php');
+require_once (dirname(__FILE__) . '/init-config.php');
+require_once (dirname(__FILE__) . '/settings/migrate-sigs-form.php');
+require_once (dirname(__FILE__) . '/settings/migrate-sigs.php');
+require_once (dirname(__FILE__) . '/settings/form.php');
+require_once (dirname(__FILE__) . '/settings/save.php');
+
+// define fr |