diff options
-rw-r--r-- | engine/lib/input.php | 111 | ||||
-rw-r--r-- | views/default/output/longtext.php | 2 |
2 files changed, 66 insertions, 47 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php index 4d6d36511..bceaa1398 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -35,12 +35,8 @@ }
if ($filter_result) - {
-
- global $CONFIG;
- $var = filter_tags($var, $CONFIG->allowedtags, $CONFIG->allowedprotocols); - }
-
+ $var = filter_tags($var);
+
return $var;
}
@@ -65,34 +61,55 @@ { foreach ($value as $key => $val) $value[$key] = trim($val); - }
- $CONFIG->input[trim($variable)] = trim($value);
+ + $CONFIG->input[trim($variable)] = $value; + } + else
+ $CONFIG->input[trim($variable)] = trim($value);
+ } + + /** + * Kses filtering of tags, called on a plugin hook + * + * @param mixed $var Variable to filter + * @return mixed + */ + function kses_filter_tags($hook, $entity_type, $returnvalue, $params) + { + $return = $returnvalue; + $var = $returnvalue; + + if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") { + + global $CONFIG; + + $allowedtags = $CONFIG->allowedtags; + $allowedprotocols = $CONFIG->allowedprotocols; + + if (!is_array($var)) { + $return = ""; + $return = kses($var, $allowedtags, $allowedprotocols); + } else { + $return = array(); + + foreach($var as $key => $el) { + $return[$key] = kses($el, $allowedtags, $allowedprotocols); + } + } + } + + return $return; }
/**
- * Filter tags from a given string
+ * Filter tags from a given string based on registered hooks.
* @param $var
* @return mixed The filtered result
*/
- function filter_tags($var, $allowedtags, $allowedprotocols)
+ function filter_tags($var)
{
- $return = false;
-
- if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
- if (!is_array($var)) {
- $return = "";
- $return = kses($var, $allowedtags, $allowedprotocols);
- } else {
- $return = array();
-
- foreach($var as $key => $el) {
- $return[$key] = kses($el, $allowedtags, $allowedprotocols);
- }
- }
- }
-
- return $return;
+ return trigger_plugin_hook('validate', 'input', null, $var);
} /** @@ -115,25 +132,24 @@ }
- /**
- * Takes a string and turns any URLs into formatted links
- *
- * @param string $text The input string
- * @return string The output stirng with formatted links
- **/
-
- function parse_urls($text) { - - return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i', - create_function( - '$matches', - ' - $url = $matches[1]; - $urltext = str_replace("/", "/<wbr />", $url); - return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>"; - ' - ), $text);
- }
+ /**
+ * Takes a string and turns any URLs into formatted links
+ *
+ * @param string $text The input string
+ * @return string The output stirng with formatted links
+ **/
+ function parse_urls($text) { + + return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i', + create_function( + '$matches', + ' + $url = $matches[1]; + $urltext = str_replace("/", "/<wbr />", $url); + return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>"; + ' + ), $text);
+ }
function autop($pee, $br = 1) {
$pee = $pee . "\n"; // just to make things a little easier, pad the end
@@ -478,7 +494,10 @@ $CONFIG->allowedprotocols = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'teamspeak', 'gopher', 'mms',
'color', 'callto', 'cursor', 'text-align', 'font-size', 'font-weight', 'font-style',
- 'border', 'margin', 'padding', 'float');
+ 'border', 'margin', 'padding', 'float'); + + // For now, register the kses for processing + register_plugin_hook('validate', 'input', 'kses_filter_tags', 1);
}
register_elgg_event_handler('init','system','input_init');
diff --git a/views/default/output/longtext.php b/views/default/output/longtext.php index 41cbf8f7b..ef43faa69 100644 --- a/views/default/output/longtext.php +++ b/views/default/output/longtext.php @@ -17,5 +17,5 @@ global $CONFIG;
- echo autop(parse_urls(filter_tags($vars['value'], $CONFIG->allowedtags, $CONFIG->allowedprotocols)));
+ echo autop(parse_urls(filter_tags($vars['value'])));
?>
\ No newline at end of file |