diff options
| author | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-01-30 22:44:04 +0000 |
|---|---|---|
| committer | brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-01-30 22:44:04 +0000 |
| commit | 701567f5e5e0c0bfb76744e535b55f863323859a (patch) | |
| tree | 9e426c11203d1433de892b03b08d31dccbed3e7c /mod/htmlawed/start.php | |
| parent | 0068d7f46452188f807e413f6cbd32cd765e6530 (diff) | |
| download | elgg-701567f5e5e0c0bfb76744e535b55f863323859a.tar.gz elgg-701567f5e5e0c0bfb76744e535b55f863323859a.tar.bz2 | |
Fixes #1425, Fixes #1341: Upgraded htmlawed to latest. Altered the htmlawed attribute filtering function to return <attr="val"> for proper linking in parse_urls(). Added background-color as a non-filtered style attribute.
git-svn-id: http://code.elgg.org/elgg/trunk@3862 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod/htmlawed/start.php')
| -rw-r--r-- | mod/htmlawed/start.php | 203 |
1 files changed, 99 insertions, 104 deletions
diff --git a/mod/htmlawed/start.php b/mod/htmlawed/start.php index ff7549b81..d027fa34f 100644 --- a/mod/htmlawed/start.php +++ b/mod/htmlawed/start.php @@ -1,122 +1,117 @@ <?php - /** - * Elgg htmLawed tag filtering. - * - * @package ElgghtmLawed - * @author Curverider Ltd - * @author Brett Profitt - * @link http://elgg.com/ - */ - - /** - * Initialise plugin - * - */ - function htmlawed_init() - { - /** For now declare allowed tags and protocols here, TODO: Make this configurable */ - global $CONFIG; - $CONFIG->htmlawed_config = array( - // seems to handle about everything we need. - 'safe' => true, - 'deny_attribute' => 'class', - 'hook_tag' => 'htmlawed_hook', - - 'schemes' => '*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto' - // apparent this doesn't work. - //. 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float' - ); - - register_plugin_hook('validate', 'input', 'htmlawed_filter_tags', 1); - } +/** + * Elgg htmLawed tag filtering. + * + * @package ElgghtmLawed + * @author Curverider Ltd + * @author Brett Profitt + * @link http://elgg.com/ + */ + +/** + * Initialise plugin + * + */ +function htmlawed_init() { + /** For now declare allowed tags and protocols here, TODO: Make this configurable */ + global $CONFIG; + $CONFIG->htmlawed_config = array( + // seems to handle about everything we need. + 'safe' => true, + 'deny_attribute' => 'class, on*', + 'hook_tag' => 'htmlawed_hook', + + 'schemes' => '*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto' + // apparent this doesn't work. + //. 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float' + ); + + register_plugin_hook('validate', 'input', 'htmlawed_filter_tags', 1); +} + +/** + * Hooked for all elements in htmlawed. + * Used to filter out style attributes we don't want. + * + * @param $element + * @param $attribute_array + * @return unknown_type + */ +function htmlawed_hook($element, $attribute_array) { + // these are the default styles used by tinymce. + $allowed_styles = array( + 'color', 'cursor', 'text-align', 'vertical-align', 'font-size', + 'font-weight', 'font-style', 'border', 'border-top', 'background-color', + 'border-bottom', 'border-left', 'border-right', + 'margin', 'margin-top', 'margin-bottom', 'margin-left', + 'margin-right', 'padding', 'float', 'text-decoration' + ); + + // must return something. + $string = ''; + + foreach ($attribute_array as $attr => $value) { + if ($attr == 'style') { + $styles = explode(';', $value); + + $style_str = ''; + foreach ($styles as $style) { + if (!trim($style)) { + continue; + } + list($style_attr, $style_value) = explode(':', trim($style)); + $style_attr = trim($style_attr); + $style_value = trim($style_value); - /** - * Hooked for all elements in htmlawed. - * Used to filter out style attributes we don't want. - * - * @param $element - * @param $attribute_array - * @return unknown_type - */ - function htmlawed_hook($element, $attribute_array) { - // these are the default styles used by tinymce. - $allowed_styles = array( - 'color', 'cursor', 'text-align', 'vertical-align', 'font-size', - 'font-weight', 'font-style', 'border', 'border-top', - 'border-bottom', 'border-left', 'border-right', - 'margin', 'margin-top', 'margin-bottom', 'margin-left', - 'margin-right', 'padding', 'float', 'text-decoration' - ); - - // must return something. - //if (array_key_exists('style', $attribute_array)) { - $string = ''; - - foreach ($attribute_array as $attr => $value) { - if ($attr == 'style') { - $styles = explode(';', $value); - - $style_str = ''; - foreach ($styles as $style) { - if (!trim($style)) { - continue; - } - list($style_attr, $style_value) = explode(':', trim($style)); - $style_attr = trim($style_attr); - $style_value = trim($style_value); - - if (in_array($style_attr, $allowed_styles)) { - $style_str .= "$style_attr: $style_value; "; - } - } - - if ($style_str) { - $string .= " style = \"$style_str\""; - } - - } else { - $string .= " $attr = \"$value\""; + if (in_array($style_attr, $allowed_styles)) { + $style_str .= "$style_attr: $style_value; "; } } - $string = trim($string); - return "<$element $string >"; - //} + if ($style_str) { + $string .= " style=\"$style_str\""; + } + + } else { + $string .= " $attr=\"$value\""; + } } - /** - * htmLawed filtering of tags, called on a plugin hook - * - * @param mixed $var Variable to filter - * @return mixed - */ - function htmlawed_filter_tags($hook, $entity_type, $returnvalue, $params) - { - $return = $returnvalue; - $var = $returnvalue; + $string = trim($string); + $r = "<$element $string>"; + return $r; +} - if (include_once(dirname(__FILE__) . "/vendors/htmLawed/htmLawed.php")) { +/** + * htmLawed filtering of tags, called on a plugin hook + * + * @param mixed $var Variable to filter + * @return mixed + */ +function htmlawed_filter_tags($hook, $entity_type, $returnvalue, $params) { + $return = $returnvalue; + $var = $returnvalue; - global $CONFIG; + if (include_once(dirname(__FILE__) . "/vendors/htmLawed/htmLawed.php")) { - $htmlawed_config = $CONFIG->htmlawed_config; + global $CONFIG; - if (!is_array($var)) { - $return = ""; - $return = htmLawed($var, $htmlawed_config); - } else { - $return = array(); + $htmlawed_config = $CONFIG->htmlawed_config; - foreach($var as $key => $el) { - $return[$key] = htmLawed($el, $htmlawed_config); - } + if (!is_array($var)) { + $return = ""; + $return = htmLawed($var, $htmlawed_config); + } else { + $return = array(); + + foreach($var as $key => $el) { + $return[$key] = htmLawed($el, $htmlawed_config); } } - - return $return; } + return $return; +} - register_elgg_event_handler('init','system','htmlawed_init'); -?> +register_elgg_event_handler('init', 'system', 'htmlawed_init');
\ No newline at end of file |