aboutsummaryrefslogtreecommitdiff
path: root/mod/htmlawed
diff options
context:
space:
mode:
authorSem <sembrestels@riseup.net>2011-11-18 07:32:27 +0100
committerSem <sembrestels@riseup.net>2011-11-18 07:32:27 +0100
commite53d410129701ea1c9d19529afa493f11b5f5b70 (patch)
treed9963b24bf8932654b4a47e36602c75975e50dba /mod/htmlawed
parent377da25d2965c64941f83baae119fc970ec60982 (diff)
parent08a962c98e2923724f8013d6eaae89101243752a (diff)
downloadelgg-e53d410129701ea1c9d19529afa493f11b5f5b70.tar.gz
elgg-e53d410129701ea1c9d19529afa493f11b5f5b70.tar.bz2
Merge github.com:Elgg/Elgg
Conflicts: engine/lib/input.php
Diffstat (limited to 'mod/htmlawed')
-rw-r--r--mod/htmlawed/manifest.xml7
-rw-r--r--mod/htmlawed/start.php143
2 files changed, 85 insertions, 65 deletions
diff --git a/mod/htmlawed/manifest.xml b/mod/htmlawed/manifest.xml
index 0c48bbd28..5c1f14cb5 100644
--- a/mod/htmlawed/manifest.xml
+++ b/mod/htmlawed/manifest.xml
@@ -8,11 +8,10 @@
<description>Provides security filtering. Disabling this plugin is extremely insecure. DO NOT DISABLE.</description>
<website>http://www.elgg.org/</website>
<copyright>See COPYRIGHT.txt</copyright>
- <license>GNU Public License version 3</license>
+ <license>GNU General Public License version 3</license>
<requires>
- <type>elgg_version</type>
- <version>2009041701</version>
+ <type>elgg_release</type>
+ <version>1.8</version>
</requires>
<activate_on_install>true</activate_on_install>
- <admin_interface>advanced</admin_interface>
</plugin_manifest>
diff --git a/mod/htmlawed/start.php b/mod/htmlawed/start.php
index 04a654998..10bea2a52 100644
--- a/mod/htmlawed/start.php
+++ b/mod/htmlawed/start.php
@@ -2,26 +2,95 @@
/**
* Elgg htmLawed tag filtering.
*
+ * http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/
+ *
* @package ElgghtmLawed
*/
+
+elgg_register_event_handler('init', 'system', 'htmlawed_init');
+
/**
- * Initialise plugin
- *
+ * Initialize the htmlawed plugin
*/
function htmlawed_init() {
elgg_register_plugin_hook_handler('validate', 'input', 'htmlawed_filter_tags', 1);
+
+ $lib = elgg_get_plugins_path() . "htmlawed/vendors/htmLawed/htmLawed.php";
+ elgg_register_library('htmlawed', $lib);
}
/**
- * Hooked for all elements in htmlawed.
- * Used to filter out style attributes we don't want.
+ * htmLawed filtering of data
+ *
+ * Called on the 'validate', 'input' plugin hook
+ *
+ * Triggers the 'config', 'htmlawed' plugin hook so that plugins can change
+ * htmlawed's configuration. For information on configuraton options, see
+ * http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s2.2
*
- * @param $element
- * @param $attribute_array
- * @return unknown_type
+ * @param string $hook Hook name
+ * @param string $type The type of hook
+ * @param mixed $result Data to filter
+ * @param array $params Not used
+ * @return mixed
*/
-function htmlawed_hook($element, $attribute_array) {
+function htmlawed_filter_tags($hook, $type, $result, $params) {
+ $var = $result;
+
+ elgg_load_library('htmlawed');
+
+ $htmlawed_config = array(
+ // seems to handle about everything we need.
+ 'safe' => true,
+ 'deny_attribute' => 'class, on*',
+ 'hook_tag' => 'htmlawed_tag_post_processor',
+
+ 'schemes' => '*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto',
+ // apparent this doesn't work.
+ // 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float'
+ );
+
+ // add nofollow to all links on output
+ if (!elgg_in_context('input')) {
+ $htmlawed_config['anti_link_spam'] = array('/./', '');
+ }
+
+ $htmlawed_config = elgg_trigger_plugin_hook('config', 'htmlawed', null, $htmlawed_config);
+
+ if (!is_array($var)) {
+ $result = htmLawed($var, $htmlawed_config);
+ } else {
+ array_walk_recursive($var, 'htmLawedArray', $htmlawed_config);
+ $result = $var;
+ }
+
+ return $result;
+}
+
+/**
+ * wrapper function for htmlawed for handling arrays
+ */
+function htmLawedArray(&$v, $k, $htmlawed_config) {
+ $v = htmLawed($v, $htmlawed_config);
+}
+
+/**
+ * Post processor for tags in htmlawed
+ *
+ * This runs after htmlawed has filtered. It runs for each tag and filters out
+ * style attributes we don't want.
+ *
+ * This function triggers the 'allowed_styles', 'htmlawed' plugin hook.
+ *
+ * @todo since these styles are created for tinymce, shouldn't they be in the
+ * tinymce plugin?
+ *
+ * @param string $element The tag element name
+ * @param array $attributes An array of attributes
+ * @return string
+ */
+function htmlawed_tag_post_processor($element, $attributes) {
// these are the default styles used by tinymce.
$allowed_styles = array(
'color', 'cursor', 'text-align', 'vertical-align', 'font-size',
@@ -30,13 +99,14 @@ function htmlawed_hook($element, $attribute_array) {
'margin', 'margin-top', 'margin-bottom', 'margin-left',
'margin-right', 'padding', 'float', 'text-decoration'
);
-
- $allowed_styles = elgg_trigger_plugin_hook('allowed_styles', 'htmlawed', NULL, $allowed_styles);
+
+ $params = array('tag' => $element);
+ $allowed_styles = elgg_trigger_plugin_hook('allowed_styles', 'htmlawed', $params, $allowed_styles);
// must return something.
$string = '';
- foreach ($attribute_array as $attr => $value) {
+ foreach ($attributes as $attr => $value) {
if ($attr == 'style') {
$styles = explode(';', $value);
@@ -55,6 +125,7 @@ function htmlawed_hook($element, $attribute_array) {
}
if ($style_str) {
+ $style_str = trim($style_str);
$string .= " style=\"$style_str\"";
}
@@ -72,53 +143,3 @@ function htmlawed_hook($element, $attribute_array) {
$r = "<$element$string>";
return $r;
}
-
-/**
- * htmLawed filtering of tags, called on a plugin hook
- *
- * @param mixed $var Variable to filter
- * @return mixed
- */
-function htmlawed_filter_tags($hook, $entity_type, $returnvalue, $params) {
- $return = $returnvalue;
- $var = $returnvalue;
-
- if (include_once(dirname(__FILE__) . "/vendors/htmLawed/htmLawed.php")) {
-
- $htmlawed_config = array(
- // seems to handle about everything we need.
- 'safe' => true,
- 'deny_attribute' => 'class, on*',
- 'hook_tag' => 'htmlawed_hook',
-
- 'schemes' => '*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto'
- // apparent this doesn't work.
- //. 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float'
- );
-
- $htmlawed_config = elgg_trigger_plugin_hook('config', 'htmlawed', NULL, $htmlawed_config);
-
- if (!is_array($var)) {
- $return = "";
- $return = htmLawed($var, $htmlawed_config);
- } else {
-
- array_walk_recursive($var, 'htmLawedArray', $htmlawed_config);
-
- $return = $var;
- }
- }
-
- return $return;
-}
-
-/**
- * wrapper function for htmlawed for handling arrays
- */
-function htmLawedArray(&$v, $k, $htmlawed_config) {
- $v = htmLawed($v, $htmlawed_config);
-}
-
-
-
-elgg_register_event_handler('init', 'system', 'htmlawed_init');