aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-03-01 15:42:33 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-03-01 15:42:33 +0000
commit544aaf2076330fe7121feec351036ac9911d3df9 (patch)
tree3f7fb1cf0b1fa2d595151510535c62bf6544b0fa /engine
parent557e2dd6c6bcaabd7379f31c2c523ffd04b8adb7 (diff)
downloadelgg-544aaf2076330fe7121feec351036ac9911d3df9.tar.gz
elgg-544aaf2076330fe7121feec351036ac9911d3df9.tar.bz2
Closes #828: Quite correct - rather tired - arrays are individually trimmed - non-arrays are not.
Closes #714: Input filtering now triggers on a plugin hook, this allows plugins to provide other filtering methods than kses (Refs #561). git-svn-id: https://code.elgg.org/elgg/trunk@3009 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/input.php111
1 files changed, 65 insertions, 46 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 4d6d36511..bceaa1398 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -35,12 +35,8 @@
}
if ($filter_result)
- {
-
- global $CONFIG;
- $var = filter_tags($var, $CONFIG->allowedtags, $CONFIG->allowedprotocols);
- }
-
+ $var = filter_tags($var);
+
return $var;
}
@@ -65,34 +61,55 @@
{
foreach ($value as $key => $val)
$value[$key] = trim($val);
- }
- $CONFIG->input[trim($variable)] = trim($value);
+
+ $CONFIG->input[trim($variable)] = $value;
+ }
+ else
+ $CONFIG->input[trim($variable)] = trim($value);
+ }
+
+ /**
+ * Kses filtering of tags, called on a plugin hook
+ *
+ * @param mixed $var Variable to filter
+ * @return mixed
+ */
+ function kses_filter_tags($hook, $entity_type, $returnvalue, $params)
+ {
+ $return = $returnvalue;
+ $var = $returnvalue;
+
+ if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
+
+ global $CONFIG;
+
+ $allowedtags = $CONFIG->allowedtags;
+ $allowedprotocols = $CONFIG->allowedprotocols;
+
+ if (!is_array($var)) {
+ $return = "";
+ $return = kses($var, $allowedtags, $allowedprotocols);
+ } else {
+ $return = array();
+
+ foreach($var as $key => $el) {
+ $return[$key] = kses($el, $allowedtags, $allowedprotocols);
+ }
+ }
+ }
+
+ return $return;
}
/**
- * Filter tags from a given string
+ * Filter tags from a given string based on registered hooks.
* @param $var
* @return mixed The filtered result
*/
- function filter_tags($var, $allowedtags, $allowedprotocols)
+ function filter_tags($var)
{
- $return = false;
-
- if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
- if (!is_array($var)) {
- $return = "";
- $return = kses($var, $allowedtags, $allowedprotocols);
- } else {
- $return = array();
-
- foreach($var as $key => $el) {
- $return[$key] = kses($el, $allowedtags, $allowedprotocols);
- }
- }
- }
-
- return $return;
+ return trigger_plugin_hook('validate', 'input', null, $var);
}
/**
@@ -115,25 +132,24 @@
}
- /**
- * Takes a string and turns any URLs into formatted links
- *
- * @param string $text The input string
- * @return string The output stirng with formatted links
- **/
-
- function parse_urls($text) {
-
- return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i',
- create_function(
- '$matches',
- '
- $url = $matches[1];
- $urltext = str_replace("/", "/<wbr />", $url);
- return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>";
- '
- ), $text);
- }
+ /**
+ * Takes a string and turns any URLs into formatted links
+ *
+ * @param string $text The input string
+ * @return string The output stirng with formatted links
+ **/
+ function parse_urls($text) {
+
+ return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i',
+ create_function(
+ '$matches',
+ '
+ $url = $matches[1];
+ $urltext = str_replace("/", "/<wbr />", $url);
+ return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>";
+ '
+ ), $text);
+ }
function autop($pee, $br = 1) {
$pee = $pee . "\n"; // just to make things a little easier, pad the end
@@ -478,7 +494,10 @@
$CONFIG->allowedprotocols = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'teamspeak', 'gopher', 'mms',
'color', 'callto', 'cursor', 'text-align', 'font-size', 'font-weight', 'font-style',
- 'border', 'margin', 'padding', 'float');
+ 'border', 'margin', 'padding', 'float');
+
+ // For now, register the kses for processing
+ register_plugin_hook('validate', 'input', 'kses_filter_tags', 1);
}
register_elgg_event_handler('init','system','input_init');