aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/blog/lib/blog.php5
-rw-r--r--mod/bookmarks/pages/bookmarks/view.php1
-rw-r--r--mod/developers/views/default/page/theme_preview.php2
-rw-r--r--mod/developers/views/default/theme_preview/buttons.php41
-rw-r--r--mod/developers/views/default/theme_preview/components.php6
-rw-r--r--mod/developers/views/default/theme_preview/components/image_block.php6
-rw-r--r--mod/developers/views/default/theme_preview/components/list.php19
-rw-r--r--mod/developers/views/default/theme_preview/components/messages.php5
-rw-r--r--mod/developers/views/default/theme_preview/components/table.php12
-rw-r--r--mod/developers/views/default/theme_preview/components/tagcloud.php17
-rw-r--r--mod/developers/views/default/theme_preview/components/tags.php5
-rw-r--r--mod/developers/views/default/theme_preview/forms.php138
-rw-r--r--mod/developers/views/default/theme_preview/general.php4
-rw-r--r--mod/developers/views/default/theme_preview/grid.php76
-rw-r--r--mod/developers/views/default/theme_preview/icons.php10
-rw-r--r--mod/developers/views/default/theme_preview/icons/avatars.php36
-rw-r--r--mod/developers/views/default/theme_preview/icons/loader.php1
-rw-r--r--mod/developers/views/default/theme_preview/icons/sprites.php61
-rw-r--r--mod/developers/views/default/theme_preview/modules.php6
-rw-r--r--mod/developers/views/default/theme_preview/modules/modules.php23
-rw-r--r--mod/developers/views/default/theme_preview/modules/widgets.php64
-rw-r--r--mod/developers/views/default/theme_preview/navigation.php10
-rw-r--r--mod/developers/views/default/theme_preview/navigation/breadcrumbs.php6
-rw-r--r--mod/developers/views/default/theme_preview/navigation/default.php2
-rw-r--r--mod/developers/views/default/theme_preview/navigation/entity.php12
-rw-r--r--mod/developers/views/default/theme_preview/navigation/extras.php10
-rw-r--r--mod/developers/views/default/theme_preview/navigation/filter.php2
-rw-r--r--mod/developers/views/default/theme_preview/navigation/footer.php10
-rw-r--r--mod/developers/views/default/theme_preview/navigation/horizontal.php2
-rw-r--r--mod/developers/views/default/theme_preview/navigation/owner_block.php8
-rw-r--r--mod/developers/views/default/theme_preview/navigation/page.php3
-rw-r--r--mod/developers/views/default/theme_preview/navigation/pagination.php8
-rw-r--r--mod/developers/views/default/theme_preview/navigation/site.php2
-rw-r--r--mod/developers/views/default/theme_preview/navigation/tabs.php6
-rw-r--r--mod/developers/views/default/theme_preview/typography.php2
-rw-r--r--mod/developers/views/default/theme_preview/typography/fonts.php7
-rw-r--r--mod/developers/views/default/theme_preview/typography/headings.php6
-rw-r--r--mod/developers/views/default/theme_preview/typography/misc.php16
-rw-r--r--mod/developers/views/default/theme_preview/typography/paragraph.php19
-rw-r--r--mod/externalpages/views/default/expages/wrapper.php2
-rw-r--r--mod/file/pages/file/view.php1
-rw-r--r--mod/groups/icon.php6
-rw-r--r--mod/groups/languages/en.php11
-rw-r--r--mod/groups/lib/discussion.php7
-rw-r--r--mod/groups/lib/groups.php18
-rw-r--r--mod/groups/start.php214
-rw-r--r--mod/groups/topicposts.php4
-rw-r--r--mod/groups/views/default/forms/groups/edit.php2
-rw-r--r--mod/htmlawed/manifest.xml4
-rw-r--r--mod/htmlawed/start.php22
-rw-r--r--mod/htmlawed/tests/tags.php45
-rwxr-xr-x[-rw-r--r--]mod/htmlawed/vendors/htmLawed/htmLawed.php54
-rwxr-xr-x[-rw-r--r--]mod/htmlawed/vendors/htmLawed/htmLawedTest.php29
-rw-r--r--mod/htmlawed/vendors/htmLawed/htmLawed_README.htm198
-rwxr-xr-x[-rw-r--r--]mod/htmlawed/vendors/htmLawed/htmLawed_README.txt84
-rwxr-xr-x[-rw-r--r--]mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt41
m---------mod/infinite_scroll0
-rw-r--r--mod/likes/actions/likes/delete.php17
-rw-r--r--mod/likes/languages/en.php1
-rw-r--r--mod/likes/views/default/annotation/likes.php4
-rw-r--r--mod/likes/views/default/likes/button.php8
-rw-r--r--mod/messages/pages/messages/read.php2
-rw-r--r--mod/messages/start.php10
-rw-r--r--mod/notifications/actions/groupsave.php29
-rw-r--r--mod/notifications/actions/save.php11
-rw-r--r--mod/notifications/groups.php21
-rw-r--r--mod/notifications/index.php21
-rw-r--r--mod/notifications/languages/en.php2
-rw-r--r--mod/notifications/start.php26
-rw-r--r--mod/notifications/views/default/forms/notificationsettings/groupsave.php8
-rw-r--r--mod/notifications/views/default/forms/notificationsettings/save.php16
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/collections.php36
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/form.php11
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/forminternals.php20
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/personal.php8
-rw-r--r--mod/pages/lib/pages.php22
-rw-r--r--mod/pages/pages/pages/view.php3
-rw-r--r--mod/pages/start.php5
-rw-r--r--mod/pages/views/default/pages/sidebar/navigation.php6
-rw-r--r--mod/profile/icondirect.php6
-rw-r--r--mod/reportedcontent/views/default/widgets/reportedcontent/content.php1
-rw-r--r--mod/thewire/actions/delete.php2
-rw-r--r--mod/thewire/pages/thewire/view.php1
-rw-r--r--mod/thewire/start.php3
-rw-r--r--mod/tinymce/README.txt10
-rw-r--r--mod/tinymce/activate.php14
-rw-r--r--mod/tinymce/languages/en.php3
-rw-r--r--mod/tinymce/start.php12
-rw-r--r--mod/tinymce/views/default/js/tinymce.php3
89 files changed, 885 insertions, 868 deletions
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 43de7a646..9a02a8cc3 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -22,8 +22,9 @@ function blog_get_page_content_read($guid = NULL) {
$return['filter'] = '';
if (!elgg_instanceof($blog, 'object', 'blog')) {
- $return['content'] = elgg_echo('noaccess');
- return $return;
+ register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward('');
}
$return['title'] = $blog->title;
diff --git a/mod/bookmarks/pages/bookmarks/view.php b/mod/bookmarks/pages/bookmarks/view.php
index c819b8b41..70a6a5bfe 100644
--- a/mod/bookmarks/pages/bookmarks/view.php
+++ b/mod/bookmarks/pages/bookmarks/view.php
@@ -8,6 +8,7 @@
$bookmark = get_entity(get_input('guid'));
if (!$bookmark) {
register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
forward('');
}
diff --git a/mod/developers/views/default/page/theme_preview.php b/mod/developers/views/default/page/theme_preview.php
index 5b31fd789..584387ec1 100644
--- a/mod/developers/views/default/page/theme_preview.php
+++ b/mod/developers/views/default/page/theme_preview.php
@@ -20,7 +20,7 @@ header("Content-type: text/html; charset=UTF-8");
<div class="elgg-page elgg-page-default">
<div class="elgg-page-header">
<div class="elgg-inner">
- <h1 class="elgg-heading-site">Theme Preview</h1>
+ <h1 class="elgg-heading-site">Theme Sandbox</h1>
</div>
</div>
<div class="elgg-page-body">
diff --git a/mod/developers/views/default/theme_preview/buttons.php b/mod/developers/views/default/theme_preview/buttons.php
deleted file mode 100644
index 718d88617..000000000
--- a/mod/developers/views/default/theme_preview/buttons.php
+++ /dev/null
@@ -1,41 +0,0 @@
-<table class="elgg-table">
- <thead>
- <tr>
- <th></th>
- <th>Default</th>
- <th>Disabled (.elgg-state-disabled)</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <th>Base (.elgg-button)</th>
- <td><a href="#" class="elgg-button">anchor</a></td>
- <td><a href="#" class="elgg-button elgg-state-disabled">anchor</a></td>
- </tr>
- <tr>
- <th>Action (.elgg-button-action)</th>
- <td><a href="#" class="elgg-button elgg-button-action">anchor</a></td>
- <td><a href="#" class="elgg-button elgg-button-action elgg-state-disabled">anchor</a></td>
- </tr>
- <tr>
- <th>Cancel (.elgg-button-cancel)</th>
- <td><a href="#" class="elgg-button elgg-button-cancel">anchor</a></td>
- <td><a href="#" class="elgg-button elgg-button-cancel elgg-state-disabled">anchor</a></td>
- </tr>
- <tr>
- <th>Submit (.elgg-button-submit)</th>
- <td><a href="#" class="elgg-button elgg-button-submit">anchor</a></td>
- <td><a href="#" class="elgg-button elgg-button-submit elgg-state-disabled">anchor</a></td>
- </tr>
- <tr>
- <th>Special (.elgg-button-special)</th>
- <td><a href="#" class="elgg-button elgg-button-special">anchor</a></td>
- <td><a href="#" class="elgg-button elgg-button-special elgg-state-disabled">anchor</a></td>
- </tr>
- <tr>
- <th>Delete (.elgg-button-delete)</th>
- <td><a href="#" class="elgg-button elgg-button-delete">anchor</a></td>
- <td><a href="#" class="elgg-button elgg-button-delete elgg-state-disabled">anchor</a></td>
- </tr>
- </tbody>
-</table> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/components.php b/mod/developers/views/default/theme_preview/components.php
index 45f520f2c..2f414cd88 100644
--- a/mod/developers/views/default/theme_preview/components.php
+++ b/mod/developers/views/default/theme_preview/components.php
@@ -15,5 +15,11 @@ echo elgg_view_module('info', 'Table (.elgg-table)', $body);
$body = elgg_view('theme_preview/components/table', array('class' => 'elgg-table-alt'));
echo elgg_view_module('info', 'Table Alternate (.elgg-table-alt)', $body);
+$body = elgg_view('theme_preview/components/tagcloud');
+echo elgg_view_module('info', 'Tag cloud (.elgg-tagcloud)', $body);
+
+$body = elgg_view('theme_preview/components/tags');
+echo elgg_view_module('info', 'Tags (.elgg-tag)', $body);
+
$body = elgg_view('theme_preview/components/messages');
echo elgg_view_module('info', 'Messages (.elgg-message)', $body);
diff --git a/mod/developers/views/default/theme_preview/components/image_block.php b/mod/developers/views/default/theme_preview/components/image_block.php
deleted file mode 100644
index 0bb16428b..000000000
--- a/mod/developers/views/default/theme_preview/components/image_block.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-$ipsum = elgg_view('developers/ipsum');
-
-$user = new ElggUser();
-$image = elgg_view_entity_icon($user, 'small');
-echo elgg_view_image_block($image, "$ipsum $ipsum $ipsum $ipsum $ipsum $ipsum $ipsum");
diff --git a/mod/developers/views/default/theme_preview/components/list.php b/mod/developers/views/default/theme_preview/components/list.php
deleted file mode 100644
index 8096bda04..000000000
--- a/mod/developers/views/default/theme_preview/components/list.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<?php
-
-$obj1 = new ElggObject();
-$obj1->title = "Object 1";
-$obj1->description = $ipsum;
-
-$obj2 = new ElggObject();
-$obj2->title = "Object 2";
-$obj2->description = $ipsum;
-
-$obj3 = new ElggObject();
-$obj3->title = "Object 3";
-$obj3->description = $ipsum;
-
-$obj4 = new ElggObject();
-$obj4->title = "Object 4";
-$obj4->description = $ipsum;
-
-echo elgg_view('page/components/list', array('items' => array($obj1, $obj2, $obj3, $obj4)));
diff --git a/mod/developers/views/default/theme_preview/components/messages.php b/mod/developers/views/default/theme_preview/components/messages.php
deleted file mode 100644
index ac4d2bfd7..000000000
--- a/mod/developers/views/default/theme_preview/components/messages.php
+++ /dev/null
@@ -1,5 +0,0 @@
-<ul>
- <li class="elgg-message elgg-state-success mas">Success message (.elgg-state-success)</li>
- <li class="elgg-message elgg-state-error mas">Error message (.elgg-state-error)</li>
- <li class="elgg-message elgg-state-notice mas">Notice message (.elgg-state-notice)</li>
-</ul>
diff --git a/mod/developers/views/default/theme_preview/components/table.php b/mod/developers/views/default/theme_preview/components/table.php
deleted file mode 100644
index 8b8b13e76..000000000
--- a/mod/developers/views/default/theme_preview/components/table.php
+++ /dev/null
@@ -1,12 +0,0 @@
-<table class="<?php echo $vars['class']; ?>">
-<?php
- echo "<thead><tr><th>column 1</th><th>column 2</th></tr></thead>";
- for ($i = 1; $i < 5; $i++) {
- echo '<tr>';
- for ($j = 1; $j < 3; $j++) {
- echo "<td>value $j</td>";
- }
- echo '</tr>';
- }
-?>
-</table> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/components/tagcloud.php b/mod/developers/views/default/theme_preview/components/tagcloud.php
new file mode 100644
index 000000000..3cbf34745
--- /dev/null
+++ b/mod/developers/views/default/theme_preview/components/tagcloud.php
@@ -0,0 +1,17 @@
+<?php
+
+$tags = array(
+ (object)array('tag' => 'php', 'total' => 2),
+ (object)array('tag' => 'elgg', 'total' => 8),
+ (object)array('tag' => 'javascript', 'total' => 3),
+ (object)array('tag' => 'css', 'total' => 4),
+ (object)array('tag' => 'html', 'total' => 1),
+ (object)array('tag' => 'framework', 'total' => 4),
+ (object)array('tag' => 'social', 'total' => 3),
+ (object)array('tag' => 'web', 'total' => 7),
+ (object)array('tag' => 'code', 'total' => 2),
+);
+
+echo '<div style="width: 200px;">';
+echo elgg_view('output/tagcloud', array('value' => $tags));
+echo '</div>';
diff --git a/mod/developers/views/default/theme_preview/components/tags.php b/mod/developers/views/default/theme_preview/components/tags.php
new file mode 100644
index 000000000..04df9511a
--- /dev/null
+++ b/mod/developers/views/default/theme_preview/components/tags.php
@@ -0,0 +1,5 @@
+<?php
+
+echo elgg_view('output/tags', array(
+ 'value' => array('one', 'two', 'three', 'four', 'cinco'),
+));
diff --git a/mod/developers/views/default/theme_preview/forms.php b/mod/developers/views/default/theme_preview/forms.php
deleted file mode 100644
index ffb77f3a9..000000000
--- a/mod/developers/views/default/theme_preview/forms.php
+++ /dev/null
@@ -1,138 +0,0 @@
-<form action="#">
- <fieldset>
- <legend>Fieldset Legend</legend>
- <div>
- <label for="f1">Text input (.elgg-input-text):</label>
- <?php echo elgg_view('input/text', array(
- 'name' => 'f1',
- 'id' => 'f1',
- 'value' => 'input text',
- ));
- ?>
- </div>
- <div>
- <label for="f2">Password input (.elgg-input-password):</label>
- <?php echo elgg_view('input/password', array(
- 'name' => 'f2',
- 'id' => 'f2',
- 'value' => 'password',
- ));
- ?>
- </div>
- <div>
- <label for="f3">Radio input (.elgg-input-radios):</label><br />
- <?php echo elgg_view('input/radio', array(
- 'name' => 'f3',
- 'id' => 'f3',
- 'options' => array('a (.elgg-input-radio)' => 1, 'b (.elgg-input-radio)' => 2),
- ));
- ?>
- </div>
- <div>
- <label for="f4">Checkboxes input (.elgg-input-checkboxes):</label><br />
- <?php echo elgg_view('input/checkboxes', array(
- 'name' => 'f4',
- 'id' => 'f4',
- 'options' => array('a (.elgg-input-checkbox)' => 1, 'b (.elgg-input-checkbox)' => 2),
- ));
- ?>
- </div>
- <div>
- <label for="f5">Dropdown input (.elgg-input-dropdown):</label><br />
- <?php echo elgg_view('input/dropdown', array(
- 'name' => 'f5',
- 'id' => 'f5',
- 'options' => array('option 1', 'option 2'),
- ));
- ?>
- </div>
- <div>
- <label for="f6">Access input (.elgg-input-access):</label><br />
- <?php echo elgg_view('input/access', array(
- 'name' => 'f6',
- 'id' => 'f6',
- 'value' => ACCESS_PUBLIC,
- ));
- ?>
- </div>
- <div>
- <label for="f7">File input (.elgg-input-file):</label>
- <?php echo elgg_view('input/file', array(
- 'name' => 'f7',
- 'id' => 'f7',
- ));
- ?>
- </div>
- <div>
- <label for="f8">URL input (.elgg-input-url):</label>
- <?php echo elgg_view('input/url', array(
- 'name' => 'f8',
- 'id' => 'f8',
- 'value' => 'http://elgg.org/',
- ));
- ?>
- </div>
- <div>
- <label for="f9">Tags input (.elgg-input-tags):</label>
- <?php echo elgg_view('input/tags', array(
- 'name' => 'f9',
- 'id' => 'f9',
- 'value' => 'one, two, three',
- ));
- ?>
- </div>
- <div>
- <label for="f10">Email input (.elgg-input-email):</label>
- <?php echo elgg_view('input/email', array(
- 'name' => 'f10',
- 'id' => 'f10',
- 'value' => 'noone@elgg.org',
- ));
- ?>
- </div>
- <div>
- <label for="f11">Autocomplete input (.elgg-input-autocomplete):</label>
- <?php echo elgg_view('input/autocomplete', array(
- 'name' => 'f11',
- 'id' => 'f11',
- 'match_on' => 'users',
- ));
- ?>
- </div>
- <div>
- <label for="f12">Date input (.elgg-input-date):</label>
- <?php echo elgg_view('input/date', array(
- 'name' => 'f12',
- 'id' => 'f12',
- 'value' => '2012-12-31',
- ));
- ?>
- </div>
- <div>
- <label for="f13">User picker input (.elgg-user-picker):</label>
- <?php echo elgg_view('input/userpicker', array(
- 'name' => 'f13',
- 'id' => 'f13',
- ));
- ?>
- </div>
- <div>
- <label for="f15">Plain textarea input (.elgg-input-plaintext):</label>
- <?php echo elgg_view('input/plaintext', array(
- 'name' => 'f15',
- 'id' => 'f15',
- 'value' => $ipsum,
- ));
- ?>
- </div>
- <div>
- <label for="f14">Long textarea input (.elgg-input-longtext):</label>
- <?php echo elgg_view('input/longtext', array(
- 'name' => 'f14',
- 'id' => 'f14',
- 'value' => $ipsum,
- ));
- ?>
- </div>
- </fieldset>
-</form> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/general.php b/mod/developers/views/default/theme_preview/general.php
index 35d8ccbfd..629462873 100644
--- a/mod/developers/views/default/theme_preview/general.php
+++ b/mod/developers/views/default/theme_preview/general.php
@@ -1,12 +1,12 @@
<?php
/**
- * Quick introduction to the theme preview
+ * Quick introduction to the theme sandbox
*
* @todo links to resources?
*/
?>
-<p>This theme preview provides a visual catalog for many of the theming elements
+<p>This theme sandbox provides a visual catalog for many of the theming elements
that Elgg uses. The primary css selector is listed with each theme element.
The preview is divided into sections that are listed in the page menu
(usually in the sidebar but depends on your current theme).
diff --git a/mod/developers/views/default/theme_preview/grid.php b/mod/developers/views/default/theme_preview/grid.php
deleted file mode 100644
index 030e752e7..000000000
--- a/mod/developers/views/default/theme_preview/grid.php
+++ /dev/null
@@ -1,76 +0,0 @@
-<?php
-/**
- * Grid CSS
- */
-
-?>
-<style>
-h3 {text-align: center;}
-.elgg-col > .elgg-inner {border: 1px solid #cccccc; padding: 5px;}
-</style>
-
-<div class="elgg-col elgg-col-1of5">
- <div class="elgg-inner">
- <h3>1/5</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
-</div>
-<div class="elgg-col elgg-col-3of5">
- <div class="elgg-inner clearfix">
- <h3>3/5</h3>
- <div class="elgg-col elgg-col-1of2">
- <div class="elgg-inner">
- <h3>1/2</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of2">
- <div class="elgg-inner">
- <h3>1/2</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of3">
- <div class="elgg-inner">
- <h3>1/3</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- <div class="elgg-col elgg-col-2of3">
- <div class="elgg-inner">
- <h3>2/3</h3>
- <div class="elgg-col elgg-col-1of2">
- <div class="elgg-inner">
- <h3>1/2</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of2">
- <div class="elgg-inner">
- <h3>1/2</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of1">
- <div class="elgg-inner">
- <h3>1</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- </div>
- </div>
- </div>
-</div>
-<div class="elgg-col elgg-col-1of5 elgg-col-last">
- <div class="elgg-inner">
- <h3>1/5</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
-</div>
-
-</div>
diff --git a/mod/developers/views/default/theme_preview/icons.php b/mod/developers/views/default/theme_preview/icons.php
deleted file mode 100644
index e1684c110..000000000
--- a/mod/developers/views/default/theme_preview/icons.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-/**
- * Icons CSS
- */
-
-echo elgg_view_module('info', 'Icon Sprites (.elgg-icon)', elgg_view('theme_preview/icons/sprites'));
-
-echo elgg_view_module('info', 'Ajax Loader (.elgg-ajax-loader)', elgg_view('theme_preview/icons/loader'));
-
-echo elgg_view_module('info', 'Avatars (.elgg-avatar)', elgg_view('theme_preview/icons/avatars'));
diff --git a/mod/developers/views/default/theme_preview/icons/avatars.php b/mod/developers/views/default/theme_preview/icons/avatars.php
deleted file mode 100644
index f50a6b70d..000000000
--- a/mod/developers/views/default/theme_preview/icons/avatars.php
+++ /dev/null
@@ -1,36 +0,0 @@
-<?php
- $user = new ElggUser();
- $group = new ElggGroup();
-
- $sizes = array('large', 'medium', 'small', 'tiny');
-?>
-<table class="elgg-table">
- <tr>
- <th></th>
- <?php
- foreach ($sizes as $size) {
- echo "<th>$size</th>";
- }
- ?>
- </tr>
- <tr>
- <th>User</th>
- <?php
- foreach ($sizes as $size) {
- echo '<td>';
- echo elgg_view_entity_icon($user, $size, array('use_hover' => false));
- echo '</td>';
- }
- ?>
- </tr>
- <tr>
- <th>Group</th>
- <?php
- foreach ($sizes as $size) {
- echo '<td>';
- echo elgg_view_entity_icon($group, $size, array('use_hover' => false));
- echo '</td>';
- }
- ?>
- </tr>
-</table>
diff --git a/mod/developers/views/default/theme_preview/icons/loader.php b/mod/developers/views/default/theme_preview/icons/loader.php
deleted file mode 100644
index e542da27c..000000000
--- a/mod/developers/views/default/theme_preview/icons/loader.php
+++ /dev/null
@@ -1 +0,0 @@
-<?php echo elgg_view('graphics/ajax_loader', array('hidden' => false)); ?> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/icons/sprites.php b/mod/developers/views/default/theme_preview/icons/sprites.php
deleted file mode 100644
index 134dd9aca..000000000
--- a/mod/developers/views/default/theme_preview/icons/sprites.php
+++ /dev/null
@@ -1,61 +0,0 @@
-<?php
-$icons = array(
- 'arrow-left',
- 'arrow-right',
- 'arrow-two-head',
- 'calendar',
- 'checkmark',
- 'clip',
- 'cursor-drag-arrow',
- 'delete-alt',
- 'delete',
- 'download',
- 'facebook',
- 'home',
- 'hover-menu',
- 'link',
- 'mail-alt',
- 'mail',
- 'print-alt',
- 'print',
- 'push-pin-alt',
- 'push-pin',
- 'redo',
- 'refresh',
- 'round-arrow-left',
- 'round-arrow-right',
- 'round-checkmark',
- 'round-minus',
- 'round-plus',
- 'rss',
- 'search-focus',
- 'search',
- 'settings-alt',
- 'settings',
- 'share',
- 'shop-cart',
- 'speech-bubble-alt',
- 'speech-bubble',
- 'star-alt',
- 'star-empty',
- 'star',
- 'tag',
- 'thumbs-down-alt',
- 'thumbs-down',
- 'thumbs-up-alt',
- 'thumbs-up',
- 'trash',
- 'twitter',
- 'undo',
- 'user',
- 'users',
-);
-?>
-
-<ul class="elgg-gallery">
-<?php
- foreach ($icons as $icon) {
- echo "<li title=\".elgg-icon-$icon\" style=\"margin:10px\">" . elgg_view_icon($icon) . "</li>";
- }
-?>
-</ul> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/modules.php b/mod/developers/views/default/theme_preview/modules.php
deleted file mode 100644
index 3e0acb3a5..000000000
--- a/mod/developers/views/default/theme_preview/modules.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<?php
-
-echo elgg_view_module('info', 'Modules (.elgg-module)', elgg_view('theme_preview/modules/modules'));
-
-echo elgg_view_module('info', 'Widgets (.elgg-widget)', elgg_view('theme_preview/modules/widgets'));
-
diff --git a/mod/developers/views/default/theme_preview/modules/modules.php b/mod/developers/views/default/theme_preview/modules/modules.php
deleted file mode 100644
index e0d39c0da..000000000
--- a/mod/developers/views/default/theme_preview/modules/modules.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-
-$ipsum = elgg_view('developers/ipsum');
-
-?>
-<div class="elgg-grid">
- <div class="elgg-col elgg-col-1of2">
- <div class="pam">
- <?php
- echo elgg_view_module('aside', 'Aside (.elgg-module-aside)', $ipsum);
- echo elgg_view_module('popup', 'Popup (.elgg-module-popup)', $ipsum);
- ?>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of2">
- <div class="pam">
- <?php
- echo elgg_view_module('info', 'Info (.elgg-module-info)', $ipsum);
- echo elgg_view_module('featured', 'Featured (.elgg-module-featured)', $ipsum);
- ?>
- </div>
- </div>
-</div> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/modules/widgets.php b/mod/developers/views/default/theme_preview/modules/widgets.php
deleted file mode 100644
index 8c9fd6483..000000000
--- a/mod/developers/views/default/theme_preview/modules/widgets.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php
-/**
- * Widgets CSS
- */
-
-$url = current_page_url();
-
-elgg_register_plugin_hook_handler('view', 'widgets/friends/content', 'css_widget_content');
-elgg_register_plugin_hook_handler('view', 'widgets/friends/edit', 'css_widget_content');
-elgg_register_plugin_hook_handler('permissions_check', 'all', 'css_permissions_override');
-
-function css_widget_content() {
- return $ipsum = elgg_view('developers/ipsum');
-}
-
-function css_permissions_override() {
- return true;
-}
-
-
-?>
-<div class="elgg-body mal">
- <?php echo elgg_view('theme_preview/header', $vars); ?>
-<?php
-$w = array();
-for ($i=1; $i<=6; $i++) {
- $obj = new ElggWidget();
- $obj->handler = 'friends';
- $obj->title = "Widget $i";
- $w[] = $obj;
-}
-$column1 = array($w[0], $w[1]);
-$column2 = array($w[2], $w[3]);
-$column3 = array($w[4], $w[5]);
-$widgets = array(1 => $column1, 2 => $column2, 3 => $column3);
-$num_columns = 3;
-$widget_class = "elgg-col-1of{$num_columns}";
-for ($column_index = 1; $column_index <= $num_columns; $column_index++) {
- $column_widgets = $widgets[$column_index];
-
- echo "<div class=\"$widget_class elgg-widgets\" id=\"elgg-widget-col-$column_index\">";
- if (is_array($column_widgets) && sizeof($column_widgets) > 0) {
- foreach ($column_widgets as $widget) {
- echo elgg_view_entity($widget);
- }
- }
- echo '</div>';
-}
-?>
-</div>
-<script type="text/javascript">
- // widgets do not have guids so we override the edit toggle and delete button
- $(function() {
- $('.elgg-widget-edit-button').unbind('click');
- $('.elgg-widget-edit-button').click(function() {
- $(this).closest('.elgg-module-widget').find('.elgg-widget-edit').slideToggle('medium');
- return false;
- });
- $('.elgg-widget-delete-button').click(function() {
- $(this).closest('.elgg-module-widget').remove();
- return false;
- });
- });
-</script>
diff --git a/mod/developers/views/default/theme_preview/navigation.php b/mod/developers/views/default/theme_preview/navigation.php
index b80634317..5d3060d10 100644
--- a/mod/developers/views/default/theme_preview/navigation.php
+++ b/mod/developers/views/default/theme_preview/navigation.php
@@ -2,9 +2,9 @@
/**
* Navigation CSS
*/
-echo elgg_view_module('info', "Tabs", elgg_view('theme_preview/navigation/tabs'));
+echo elgg_view_module('info', "Tabs (.elgg-tabs)", elgg_view('theme_preview/navigation/tabs'));
-echo elgg_view_module('info', "Pagination", elgg_view('theme_preview/navigation/pagination'));
+echo elgg_view_module('info', "Pagination (.elgg-pagination)", elgg_view('theme_preview/navigation/pagination'));
echo elgg_view_module('info', "Site Menu (.elgg-menu-site)", elgg_view('theme_preview/navigation/site'));
@@ -14,8 +14,10 @@ echo elgg_view_module('info', "Page Menu (.elgg-menu-page)", elgg_view('theme_pr
echo elgg_view_module('info', "Filter Menu (.elgg-menu-filter)", elgg_view('theme_preview/navigation/filter'));
-echo elgg_view_module('info', "Extras Menu (.elgg-menu-extras)", elgg_view('theme_preview/navigation/extras'));
+echo elgg_view_module('info', "Extras Menu (.elgg-menu-extras and .elgg-menu-hz)", elgg_view('theme_preview/navigation/extras'));
+
+echo elgg_view_module('info', "Entity Menu (.elgg-menu-entity and .elgg-menu-hz)", elgg_view('theme_preview/navigation/entity'));
echo elgg_view_module('info', "Owner Block Menu (.elgg-menu-owner-block)", elgg_view('theme_preview/navigation/owner_block'));
-?>
+echo elgg_view_module('info', "Footer Menu (.elgg-menu-footer)", elgg_view('theme_preview/navigation/footer'));
diff --git a/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php b/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php
index eb3dd47a3..c910b2aa4 100644
--- a/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php
+++ b/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php
@@ -3,4 +3,8 @@ elgg_push_breadcrumb('First', "#");
elgg_push_breadcrumb('Second', "#");
elgg_push_breadcrumb('Third');
-echo elgg_view('navigation/breadcrumbs');
+echo elgg_view('navigation/breadcrumbs', array('class' => mts));
+
+elgg_pop_breadcrumb();
+elgg_pop_breadcrumb();
+elgg_pop_breadcrumb();
diff --git a/mod/developers/views/default/theme_preview/navigation/default.php b/mod/developers/views/default/theme_preview/navigation/default.php
index fd67b8094..bfd26162f 100644
--- a/mod/developers/views/default/theme_preview/navigation/default.php
+++ b/mod/developers/views/default/theme_preview/navigation/default.php
@@ -4,7 +4,7 @@ $params = array();
$params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
diff --git a/mod/developers/views/default/theme_preview/navigation/entity.php b/mod/developers/views/default/theme_preview/navigation/entity.php
new file mode 100644
index 000000000..465585b00
--- /dev/null
+++ b/mod/developers/views/default/theme_preview/navigation/entity.php
@@ -0,0 +1,12 @@
+<?php
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+$params['menu']['default'][] = new ElggMenuItem(1, "Public", false);
+$params['menu']['default'][] = new ElggMenuItem(2, "Edit", "#");
+$params['menu']['default'][] = new ElggMenuItem(3, elgg_view_icon('thumbs-up'), "#");
+$params['name'] = 'entity';
+$params['class'] = 'elgg-menu-hz';
+
+echo elgg_view('navigation/menu/default', $params);
+
diff --git a/mod/developers/views/default/theme_preview/navigation/extras.php b/mod/developers/views/default/theme_preview/navigation/extras.php
index 6982cf57d..43b19f8e3 100644
--- a/mod/developers/views/default/theme_preview/navigation/extras.php
+++ b/mod/developers/views/default/theme_preview/navigation/extras.php
@@ -3,11 +3,11 @@
$params = array();
$params['menu'] = array();
$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
-}
-$params['class'] = 'elgg-menu-extras';
-
+$params['menu']['default'][] = new ElggMenuItem(1, elgg_view_icon('push-pin-alt'), "#");
+$params['menu']['default'][] = new ElggMenuItem(2, elgg_view_icon('rss'), "#");
+$params['menu']['default'][] = new ElggMenuItem(3, elgg_view_icon('star-alt'), "#");
+$params['name'] = 'extras';
+$params['class'] = 'elgg-menu-hz';
?>
diff --git a/mod/developers/views/default/theme_preview/navigation/filter.php b/mod/developers/views/default/theme_preview/navigation/filter.php
index f27edf150..ea1c8b033 100644
--- a/mod/developers/views/default/theme_preview/navigation/filter.php
+++ b/mod/developers/views/default/theme_preview/navigation/filter.php
@@ -4,7 +4,7 @@ $params = array();
$params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
diff --git a/mod/developers/views/default/theme_preview/navigation/footer.php b/mod/developers/views/default/theme_preview/navigation/footer.php
new file mode 100644
index 000000000..92a1bb43c
--- /dev/null
+++ b/mod/developers/views/default/theme_preview/navigation/footer.php
@@ -0,0 +1,10 @@
+<?php
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+for ($i=1; $i<=5; $i++) {
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
+}
+$params['name'] = 'footer';
+
+echo elgg_view('navigation/menu/default', $params);
diff --git a/mod/developers/views/default/theme_preview/navigation/horizontal.php b/mod/developers/views/default/theme_preview/navigation/horizontal.php
index 69e75c063..f404f42c0 100644
--- a/mod/developers/views/default/theme_preview/navigation/horizontal.php
+++ b/mod/developers/views/default/theme_preview/navigation/horizontal.php
@@ -4,7 +4,7 @@ $params = array();
$params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
$params['class'] = 'elgg-menu-hz';
diff --git a/mod/developers/views/default/theme_preview/navigation/owner_block.php b/mod/developers/views/default/theme_preview/navigation/owner_block.php
index 6bf79fe7e..20b93d166 100644
--- a/mod/developers/views/default/theme_preview/navigation/owner_block.php
+++ b/mod/developers/views/default/theme_preview/navigation/owner_block.php
@@ -3,9 +3,11 @@ $params = array();
$params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
-$params['class'] = 'elgg-menu-owner-block';
+$params['name'] = 'owner-block';
-echo elgg_view('navigation/menu/default', $params); \ No newline at end of file
+echo '<div class="elgg-sidebar">';
+echo elgg_view('navigation/menu/default', $params);
+echo '</div>';
diff --git a/mod/developers/views/default/theme_preview/navigation/page.php b/mod/developers/views/default/theme_preview/navigation/page.php
index fb3f075dc..a57edc2e2 100644
--- a/mod/developers/views/default/theme_preview/navigation/page.php
+++ b/mod/developers/views/default/theme_preview/navigation/page.php
@@ -5,11 +5,10 @@ $params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
$params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
- $params['menu']['alt'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
-$m = new ElggMenuItem(10, "Child", "$url#");
+$m = new ElggMenuItem(10, "Child", "#");
$m->setParent($params['menu']['default'][1]);
$params['menu']['default'][1]->addChild($m);
?>
diff --git a/mod/developers/views/default/theme_preview/navigation/pagination.php b/mod/developers/views/default/theme_preview/navigation/pagination.php
deleted file mode 100644
index 90ae48edf..000000000
--- a/mod/developers/views/default/theme_preview/navigation/pagination.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-$params = array(
- 'count' => 1000,
- 'limit' => 10,
- 'offset' => 230,
-);
-
-echo elgg_view('navigation/pagination', $params); \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/navigation/site.php b/mod/developers/views/default/theme_preview/navigation/site.php
index df8dc1b70..329036b80 100644
--- a/mod/developers/views/default/theme_preview/navigation/site.php
+++ b/mod/developers/views/default/theme_preview/navigation/site.php
@@ -4,7 +4,7 @@ $params = array();
$params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
?>
diff --git a/mod/developers/views/default/theme_preview/navigation/tabs.php b/mod/developers/views/default/theme_preview/navigation/tabs.php
index b2638bb37..81fe4e669 100644
--- a/mod/developers/views/default/theme_preview/navigation/tabs.php
+++ b/mod/developers/views/default/theme_preview/navigation/tabs.php
@@ -1,9 +1,9 @@
<?php
$params = array(
'tabs' => array(
- array('title' => 'First', 'url' => "$url#"),
- array('title' => 'Second', 'url' => "$url#", 'selected' => true),
- array('title' => 'Third', 'url' => "$url#"),
+ array('title' => 'First', 'url' => "#"),
+ array('title' => 'Second', 'url' => "#", 'selected' => true),
+ array('title' => 'Third', 'url' => "#"),
)
);
diff --git a/mod/developers/views/default/theme_preview/typography.php b/mod/developers/views/default/theme_preview/typography.php
index 6662a9a46..7a6328cf9 100644
--- a/mod/developers/views/default/theme_preview/typography.php
+++ b/mod/developers/views/default/theme_preview/typography.php
@@ -5,6 +5,8 @@
echo elgg_view_module('info', "Headings", elgg_view('theme_preview/typography/headings'));
+echo elgg_view_module('info', "Fonts", elgg_view('theme_preview/typography/fonts'));
+
echo elgg_view_module('info', "Paragraph", elgg_view('theme_preview/typography/paragraph'));
echo elgg_view_module('info', "Misc", elgg_view('theme_preview/typography/misc')); \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/typography/fonts.php b/mod/developers/views/default/theme_preview/typography/fonts.php
new file mode 100644
index 000000000..dd3c53f00
--- /dev/null
+++ b/mod/developers/views/default/theme_preview/typography/fonts.php
@@ -0,0 +1,7 @@
+<ul>
+ <li>Lorem ipsum dolor sit amet (body)</li>
+ <li><span class="elgg-text-help" style="display: inline;">Lorem ipsum dolor sit amet</span> (.elgg-text-help)</li>
+ <li><span class="elgg-quiet">Lorem ipsum dolor sit amet</span> (.elgg-quiet)</li>
+ <li><span class="elgg-loud">Lorem ipsum dolor sit amet</span> (.elgg-loud)</li>
+ <li><span class="elgg-monospace">Lorem ipsum dolor sit amet</span> (.elgg-monospace)</li>
+</ul> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/typography/headings.php b/mod/developers/views/default/theme_preview/typography/headings.php
deleted file mode 100644
index 1eb96c75c..000000000
--- a/mod/developers/views/default/theme_preview/typography/headings.php
+++ /dev/null
@@ -1,6 +0,0 @@
-<h1>Level 1 heading</h1>
-<h2>Level 2 heading</h2>
-<h3>Level 3 heading</h3>
-<h4>Level 4 heading</h4>
-<h5>Level 5 heading</h5>
-<h6>Level 6 heading</h6> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/typography/misc.php b/mod/developers/views/default/theme_preview/typography/misc.php
deleted file mode 100644
index 93a279c36..000000000
--- a/mod/developers/views/default/theme_preview/typography/misc.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<ul>
- <li>I am <a href="?abc123">the a tag</a> example</li>
- <li>I am <abbr title="test">the abbr tag</abbr> example</li>
- <li>I am <acronym>the acronym tag</acronym> example</li>
- <li>I am <b>the b tag</b> example</li>
- <li>I am <code>the code tag</code> example</li>
- <li>I am <del>the del tag</del> example</li>
- <li>I am <em>the em tag</em> example</li>
- <li>I am <i>the i tag</i> example</li>
- <li>I am <strong>the strong tag</strong> example</li>
-</ul>
-<blockquote><p>Paragraph inside Blockquote: <?php echo $ipsum; ?></p></blockquote>
-<pre>
- <strong>Preformated:</strong>Testing one row
- and another
-</pre>
diff --git a/mod/developers/views/default/theme_preview/typography/paragraph.php b/mod/developers/views/default/theme_preview/typography/paragraph.php
deleted file mode 100644
index 54d548f46..000000000
--- a/mod/developers/views/default/theme_preview/typography/paragraph.php
+++ /dev/null
@@ -1,19 +0,0 @@
-<p>Lorem ipsum dolor sit amet, <a href="#" title="test link">test link</a>
-adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec
-faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero
-nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent
-mattis, massa quis luctus <strong>strong</strong>, turpis mi volutpat justo, eu
-volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus
-eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem,
-consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue
-quis tellus.</p>
-
-<p>Lorem ipsum dolor sit amet, <em>emphasis</em> consectetuer
-adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec
-faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero
-nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent
-mattis, massa quis luctus fermentum, turpis mi volutpat justo, eu
-volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus
-eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem,
-consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue
-quis tellus.</p> \ No newline at end of file
diff --git a/mod/externalpages/views/default/expages/wrapper.php b/mod/externalpages/views/default/expages/wrapper.php
index 8eb0b2f84..c579da1ba 100644
--- a/mod/externalpages/views/default/expages/wrapper.php
+++ b/mod/externalpages/views/default/expages/wrapper.php
@@ -9,7 +9,7 @@ echo $vars['content'];
echo '<div class="mtm">';
echo elgg_view('output/url', array(
- 'text' => 'Back',
+ 'text' => elgg_echo('back'),
'href' => $_SERVER['HTTP_REFERER'],
'class' => 'float-alt'
));
diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php
index ec51b30e6..6c9566a89 100644
--- a/mod/file/pages/file/view.php
+++ b/mod/file/pages/file/view.php
@@ -8,6 +8,7 @@
$file = get_entity(get_input('guid'));
if (!$file) {
register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
forward('');
}
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index f86f84fa5..1bd240ea6 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -8,7 +8,13 @@
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
$group_guid = get_input('group_guid');
+
+/* @var ElggGroup $group */
$group = get_entity($group_guid);
+if (!($group instanceof ElggGroup)) {
+ header("HTTP/1.1 404 Not Found");
+ exit;
+}
// If is the same ETag, content didn't changed.
$etag = $group->icontime . $group_guid;
diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php
index e51e51a14..4868aa334 100644
--- a/mod/groups/languages/en.php
+++ b/mod/groups/languages/en.php
@@ -12,6 +12,7 @@ $english = array(
*/
'groups' => "Groups",
'groups:owned' => "Groups I own",
+ 'groups:owned:user' => 'Groups %s owns',
'groups:yours' => "My groups",
'groups:user' => "%s's groups",
'groups:all' => "All groups",
@@ -64,6 +65,7 @@ $english = array(
'groups:search_in_group' => "Search in this group",
'groups:acl' => "Group: %s",
+ 'discussion:notification:topic:subject' => 'New group discussion post',
'groups:notification' =>
'%s added a new discussion topic to %s:
@@ -74,6 +76,15 @@ View and reply to the discussion:
%s
',
+ 'discussion:notification:reply:body' =>
+'%s replied to the discussion topic %s in the group %s:
+
+%s
+
+View and reply to the discussion:
+%s
+',
+
'groups:activity' => "Group activity",
'groups:enableactivity' => 'Enable group activity',
'groups:activity:none' => "There is no group activity yet",
diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php
index 55642644d..ab2fe4849 100644
--- a/mod/groups/lib/discussion.php
+++ b/mod/groups/lib/discussion.php
@@ -15,7 +15,7 @@ function discussion_handle_all_page() {
'type' => 'object',
'subtype' => 'groupforumtopic',
'order_by' => 'e.last_action desc',
- 'limit' => 40,
+ 'limit' => 20,
'full_view' => false,
));
@@ -149,8 +149,9 @@ function discussion_handle_view_page($guid) {
$topic = get_entity($guid);
if (!$topic) {
- register_error(elgg_echo('discussion:topic:notfound'));
- forward();
+ register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward('');
}
$group = $topic->getContainerEntity();
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index 2fe9ae8e0..51ae89a87 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -106,7 +106,11 @@ function groups_handle_owned_page() {
$page_owner = elgg_get_page_owner_entity();
- $title = elgg_echo('groups:owned');
+ if ($page_owner->guid == elgg_get_logged_in_user_guid()) {
+ $title = elgg_echo('groups:owned');
+ } else {
+ $title = elgg_echo('groups:owned:user', array($page_owner->name));
+ }
elgg_push_breadcrumb($title);
elgg_register_title_button();
@@ -137,7 +141,11 @@ function groups_handle_mine_page() {
$page_owner = elgg_get_page_owner_entity();
- $title = elgg_echo('groups:yours');
+ if ($page_owner->guid == elgg_get_logged_in_user_guid()) {
+ $title = elgg_echo('groups:yours');
+ } else {
+ $title = elgg_echo('groups:user', array($page_owner->name));
+ }
elgg_push_breadcrumb($title);
elgg_register_title_button();
@@ -238,6 +246,8 @@ function groups_handle_profile_page($guid) {
global $autofeed;
$autofeed = true;
+ elgg_push_context('group_profile');
+
$group = get_entity($guid);
if (!$group) {
forward('groups/all');
@@ -245,6 +255,8 @@ function groups_handle_profile_page($guid) {
elgg_push_breadcrumb($group->name);
+ groups_register_profile_buttons($group);
+
$content = elgg_view('groups/profile/layout', array('entity' => $group));
if (group_gatekeeper(false)) {
$sidebar = '';
@@ -256,8 +268,6 @@ function groups_handle_profile_page($guid) {
$sidebar = '';
}
- groups_register_profile_buttons($group);
-
$params = array(
'content' => $content,
'sidebar' => $sidebar,
diff --git a/mod/groups/start.php b/mod/groups/start.php
index aeab0649a..48df338c0 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -93,7 +93,6 @@ function groups_init() {
elgg_register_event_handler('join', 'group', 'groups_user_join_event_listener');
elgg_register_event_handler('leave', 'group', 'groups_user_leave_event_listener');
elgg_register_event_handler('pagesetup', 'system', 'groups_setup_sidebar_menus');
- elgg_register_event_handler('annotate', 'all', 'group_object_notifications');
elgg_register_plugin_hook_handler('access:collections:add_user', 'collection', 'groups_access_collection_override');
@@ -142,35 +141,34 @@ function groups_setup_sidebar_menus() {
// Get the page owner entity
$page_owner = elgg_get_page_owner_entity();
- if (elgg_get_context() == 'groups') {
- if ($page_owner instanceof ElggGroup) {
- if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) {
- $url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}";
- elgg_register_menu_item('page', array(
- 'name' => 'membership_requests',
- 'text' => elgg_echo('groups:membershiprequests'),
- 'href' => $url,
- ));
- }
- } else {
+ if (elgg_in_context('group_profile')) {
+ if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) {
+ $url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}";
elgg_register_menu_item('page', array(
- 'name' => 'groups:all',
- 'text' => elgg_echo('groups:all'),
- 'href' => 'groups/all',
+ 'name' => 'membership_requests',
+ 'text' => elgg_echo('groups:membershiprequests'),
+ 'href' => $url,
));
+ }
+ }
+ if (elgg_get_context() == 'groups' && !elgg_instanceof($page_owner, 'group')) {
+ elgg_register_menu_item('page', array(
+ 'name' => 'groups:all',
+ 'text' => elgg_echo('groups:all'),
+ 'href' => 'groups/all',
+ ));
- $user = elgg_get_logged_in_user_entity();
- if ($user) {
- $url = "groups/owner/$user->username";
- $item = new ElggMenuItem('groups:owned', elgg_echo('groups:owned'), $url);
- elgg_register_menu_item('page', $item);
- $url = "groups/member/$user->username";
- $item = new ElggMenuItem('groups:member', elgg_echo('groups:yours'), $url);
- elgg_register_menu_item('page', $item);
- $url = "groups/invitations/$user->username";
- $item = new ElggMenuItem('groups:user:invites', elgg_echo('groups:invitations'), $url);
- elgg_register_menu_item('page', $item);
- }
+ $user = elgg_get_logged_in_user_entity();
+ if ($user) {
+ $url = "groups/owner/$user->username";
+ $item = new ElggMenuItem('groups:owned', elgg_echo('groups:owned'), $url);
+ elgg_register_menu_item('page', $item);
+ $url = "groups/member/$user->username";
+ $item = new ElggMenuItem('groups:member', elgg_echo('groups:yours'), $url);
+ elgg_register_menu_item('page', $item);
+ $url = "groups/invitations/$user->username";
+ $item = new ElggMenuItem('groups:user:invites', elgg_echo('groups:invitations'), $url);
+ elgg_register_menu_item('page', $item);
}
}
}
@@ -284,12 +282,21 @@ function groups_url($entity) {
* @return string Relative URL
*/
function groups_icon_url_override($hook, $type, $returnvalue, $params) {
+ /* @var ElggGroup $group */
$group = $params['entity'];
$size = $params['size'];
- if (isset($group->icontime)) {
+ $icontime = $group->icontime;
+ // handle missing metadata (pre 1.7 installations)
+ if (null === $icontime) {
+ $file = new ElggFile();
+ $file->owner_guid = $group->owner_guid;
+ $file->setFilename("groups/" . $group->guid . "large.jpg");
+ $icontime = $file->exists() ? time() : 0;
+ create_metadata($group->guid, 'icontime', $icontime, 'integer', $group->owner_guid, ACCESS_PUBLIC);
+ }
+ if ($icontime) {
// return thumbnail
- $icontime = $group->icontime;
return "groupicon/$group->guid/$size/$icontime.jpg";
}
@@ -714,6 +721,7 @@ function discussion_init() {
elgg_register_library('elgg:discussion', elgg_get_plugins_path() . 'groups/lib/discussion.php');
elgg_register_page_handler('discussion', 'discussion_page_handler');
+ elgg_register_page_handler('forum', 'discussion_forum_page_handler');
elgg_register_entity_url_handler('object', 'groupforumtopic', 'discussion_override_topic_url');
@@ -740,8 +748,24 @@ function discussion_init() {
elgg_extend_view('groups/tool_latest', 'discussion/group_module');
// notifications
- register_notification_object('object', 'groupforumtopic', elgg_echo('groupforumtopic:new'));
+ register_notification_object('object', 'groupforumtopic', elgg_echo('discussion:notification:topic:subject'));
elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'groupforumtopic_notify_message');
+ elgg_register_event_handler('create', 'annotation', 'discussion_reply_notifications');
+ elgg_register_plugin_hook_handler('notify:annotation:message', 'group_topic_post', 'discussion_create_reply_notification');
+}
+
+/**
+ * Exists for backwards compatibility for Elgg 1.7
+ */
+function discussion_forum_page_handler($page) {
+ switch ($page[0]) {
+ case 'topic':
+ header('Status: 301 Moved Permanently');
+ forward("/discussion/view/{$page[1]}/{$page[2]}");
+ break;
+ default:
+ return false;
+ }
}
/**
@@ -792,7 +816,7 @@ function discussion_page_handler($page) {
* @return string
*/
function discussion_override_topic_url($entity) {
- return 'discussion/view/' . $entity->guid;
+ return 'discussion/view/' . $entity->guid . '/' . elgg_get_friendly_title($entity->title);
}
/**
@@ -848,36 +872,16 @@ function discussion_add_to_river_menu($hook, $type, $return, $params) {
}
/**
- * Event handler for group forum posts
+ * Create discussion notification body
*
- */
-function group_object_notifications($event, $object_type, $object) {
-
- static $flag;
- if (!isset($flag)) {
- $flag = 0;
- }
-
- if (is_callable('object_notifications'))
- if ($object instanceof ElggObject) {
- if ($object->getSubtype() == 'groupforumtopic') {
- if ($flag == 0) {
- $flag = 1;
- object_notifications($event, $object_type, $object);
- }
- }
- }
-}
-
-/**
- * Returns a more meaningful message
+ * @todo namespace method with 'discussion'
*
- * @param unknown_type $hook
- * @param unknown_type $entity_type
- * @param unknown_type $returnvalue
- * @param unknown_type $params
+ * @param string $hook
+ * @param string $type
+ * @param string $message
+ * @param array $params
*/
-function groupforumtopic_notify_message($hook, $entity_type, $returnvalue, $params) {
+function groupforumtopic_notify_message($hook, $type, $message, $params) {
$entity = $params['entity'];
$to_entity = $params['to_entity'];
$method = $params['method'];
@@ -897,11 +901,103 @@ function groupforumtopic_notify_message($hook, $entity_type, $returnvalue, $para
$entity->getURL()
));
}
-
+
return null;
}
/**
+ * Create discussion reply notification body
+ *
+ * @param string $hook
+ * @param string $type
+ * @param string $message
+ * @param array $params
+ */
+function discussion_create_reply_notification($hook, $type, $message, $params) {
+ $reply = $params['annotation'];
+ $method = $params['method'];
+ $topic = $reply->getEntity();
+ $poster = $reply->getOwnerEntity();
+ $group = $topic->getContainerEntity();
+
+ return elgg_echo('discussion:notification:reply:body', array(
+ $poster->name,
+ $topic->title,
+ $group->name,
+ $reply->value,
+ $topic->getURL(),
+ ));
+}
+
+/**
+ * Catch reply to discussion topic and generate notifications
+ *
+ * @todo this will be replaced in Elgg 1.9 and is a clone of object_notifications()
+ *
+ * @param string $event
+ * @param string $type
+ * @param ElggAnnotation $annotation
+ * @return void
+ */
+function discussion_reply_notifications($event, $type, $annotation) {
+ global $CONFIG, $NOTIFICATION_HANDLERS;
+
+ if ($annotation->name !== 'group_topic_post') {
+ return;
+ }
+
+ // Have we registered notifications for this type of entity?
+ $object_type = 'object';
+ $object_subtype = 'groupforumtopic';
+
+ $topic = $annotation->getEntity();
+ if (!$topic) {
+ return;
+ }
+
+ $poster = $annotation->getOwnerEntity();
+ if (!$poster) {
+ return;
+ }
+
+ if (isset($CONFIG->register_objects[$object_type][$object_subtype])) {
+ $subject = $CONFIG->register_objects[$object_type][$object_subtype];
+ $string = $subject . ": " . $topic->getURL();
+
+ // Get users interested in content from this person and notify them
+ // (Person defined by container_guid so we can also subscribe to groups if we want)
+ foreach ($NOTIFICATION_HANDLERS as $method => $foo) {
+ $interested_users = elgg_get_entities_from_relationship(array(
+ 'relationship' => 'notify' . $method,
+ 'relationship_guid' => $topic->getContainerGUID(),
+ 'inverse_relationship' => true,
+ 'types' => 'user',
+ 'limit' => 0,
+ ));
+
+ if ($interested_users && is_array($interested_users)) {
+ foreach ($interested_users as $user) {
+ if ($user instanceof ElggUser && !$user->isBanned()) {
+ if (($user->guid != $poster->guid) && has_access_to_entity($topic, $user) && $topic->access_id != ACCESS_PRIVATE) {
+ $body = elgg_trigger_plugin_hook('notify:annotation:message', $annotation->getSubtype(), array(
+ 'annotation' => $annotation,
+ 'to_entity' => $user,
+ 'method' => $method), $string);
+ if (empty($body) && $body !== false) {
+ $body = $string;
+ }
+ if ($body !== false) {
+ notify_user($user->guid, $topic->getContainerGUID(), $subject, $body, null, array($method));
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
+
+/**
* A simple function to see who can edit a group discussion post
* @param the comment $entity
* @param user who owns the group $group_owner
diff --git a/mod/groups/topicposts.php b/mod/groups/topicposts.php
index f9dd3344b..d0137e2f5 100644
--- a/mod/groups/topicposts.php
+++ b/mod/groups/topicposts.php
@@ -10,10 +10,10 @@
// Load Elgg engine
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
-elgg_load_library('elgg:topic');
+elgg_load_library('elgg:discussion');
$guid = get_input('topic');
register_error(elgg_echo('changebookmark'));
-topic_handle_view_page($guid);
+forward("/discussion/view/$guid");
diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php
index 26436ef01..8055b6430 100644
--- a/mod/groups/views/default/forms/groups/edit.php
+++ b/mod/groups/views/default/forms/groups/edit.php
@@ -55,7 +55,7 @@ if ($group_profile_fields > 0) {
<div>
<label>
<?php echo elgg_echo('groups:membership'); ?><br />
- <?php echo elgg_view('input/access', array(
+ <?php echo elgg_view('input/dropdown', array(
'name' => 'membership',
'value' => $membership,
'options_values' => array(
diff --git a/mod/htmlawed/manifest.xml b/mod/htmlawed/manifest.xml
index 074f98fb3..6807e96a4 100644
--- a/mod/htmlawed/manifest.xml
+++ b/mod/htmlawed/manifest.xml
@@ -2,10 +2,10 @@
<plugin_manifest xmlns="http://www.elgg.org/plugin_manifest/1.8">
<name>HTMLawed</name>
<author>Core developers</author>
- <version>1.5</version>
+ <version>1.8</version>
<category>bundled</category>
<category>security</category>
- <description>Provides security filtering. Disabling this plugin is extremely insecure. DO NOT DISABLE.</description>
+ <description>Provides security filtering. Running a site with this plugin disabled is extremely insecure. DO NOT DISABLE.</description>
<website>http://www.elgg.org/</website>
<copyright>See COPYRIGHT.txt</copyright>
<license>GNU General Public License version 2</license>
diff --git a/mod/htmlawed/start.php b/mod/htmlawed/start.php
index 10bea2a52..12b6470a3 100644
--- a/mod/htmlawed/start.php
+++ b/mod/htmlawed/start.php
@@ -18,6 +18,8 @@ function htmlawed_init() {
$lib = elgg_get_plugins_path() . "htmlawed/vendors/htmLawed/htmLawed.php";
elgg_register_library('htmlawed', $lib);
+
+ elgg_register_plugin_hook_handler('unit_test', 'system', 'htmlawed_test');
}
/**
@@ -90,7 +92,13 @@ function htmLawedArray(&$v, $k, $htmlawed_config) {
* @param array $attributes An array of attributes
* @return string
*/
-function htmlawed_tag_post_processor($element, $attributes) {
+function htmlawed_tag_post_processor($element, $attributes = false) {
+ if ($attributes === false) {
+ // This is a closing tag. Prevent further processing to avoid inserting a duplicate tag
+
+ return "</${element}>";
+ }
+
// these are the default styles used by tinymce.
$allowed_styles = array(
'color', 'cursor', 'text-align', 'vertical-align', 'font-size',
@@ -143,3 +151,15 @@ function htmlawed_tag_post_processor($element, $attributes) {
$r = "<$element$string>";
return $r;
}
+
+/**
+ * Runs unit tests for htmlawed
+ *
+ * @return array
+ * */
+function htmlawed_test($hook, $type, $value, $params) {
+ global $CONFIG;
+
+ $value[] = dirname(__FILE__) . '/tests/tags.php';
+ return $value;
+}
diff --git a/mod/htmlawed/tests/tags.php b/mod/htmlawed/tests/tags.php
new file mode 100644
index 000000000..b3914a9d6
--- /dev/null
+++ b/mod/htmlawed/tests/tags.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * Dupplicated tags in htmlawed
+ */
+class HtmLawedDuplicateTagsTest extends ElggCoreUnitTest {
+
+ /**
+ * Called before each test object.
+ */
+ public function __construct() {
+ parent::__construct();
+ }
+
+ /**
+ * Called before each test method.
+ */
+ public function setUp() {
+ }
+
+ /**
+ * Called after each test method.
+ */
+ public function tearDown() {
+ // do not allow SimpleTest to interpret Elgg notices as exceptions
+ $this->swallowErrors();
+ }
+
+ /**
+ * Called after each test object.
+ */
+ public function __destruct() {
+ elgg_set_ignore_access($this->ia);
+ // all __destruct() code should go above here
+ parent::__destruct();
+ }
+
+ public function testNotDuplicateTags() {
+ $filter_html = '<ul><li>item</li></ul>';
+ set_input('test', $filter_html);
+
+ $expected = $filter_html;
+ $result = get_input('test');
+ $this->assertEqual($result, $expected);
+ }
+} \ No newline at end of file
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed.php b/mod/htmlawed/vendors/htmLawed/htmLawed.php
index 2556fdcf2..0d9624961 100644..100755
--- a/mod/htmlawed/vendors/htmLawed/htmLawed.php
+++ b/mod/htmlawed/vendors/htmLawed/htmLawed.php
@@ -1,9 +1,9 @@
<?php
/*
-htmLawed 1.1.9, 22 December 2009
+htmLawed 1.1.11, 5 June 2012
Copyright Santosh Patnaik
-GPL v3 license
+Dual licensed with LGPL 3 and GPL 2 or later
A PHP Labware internal utility; www.bioinformatics.org/phplabware/internal_utilities/htmLawed
See htmLawed_README.txt/htm
@@ -51,7 +51,7 @@ foreach(explode(';', str_replace(array(' ', "\t", "\r", "\n"), '', $x)) as $v){
if($x2){$C['schemes'][$x] = array_flip(explode(',', $x2));}
}
if(!isset($C['schemes']['*'])){$C['schemes']['*'] = array('file'=>1, 'http'=>1, 'https'=>1,);}
-if(!empty($C['safe']) && empty($C['schemes']['style'])){$C['schemes']['style'] = array('nil'=>1);}
+if(!empty($C['safe']) && empty($C['schemes']['style'])){$C['schemes']['style'] = array('!'=>1);}
$C['abs_url'] = isset($C['abs_url']) ? $C['abs_url'] : 0;
if(!isset($C['base_url']) or !preg_match('`^[a-zA-Z\d.+\-]+://[^/]+/(.+?/)?$`', $C['base_url'])){
$C['base_url'] = $C['abs_url'] = 0;
@@ -65,6 +65,7 @@ $C['cdata'] = isset($C['cdata']) ? $C['cdata'] : (empty($C['safe']) ? 3 : 0);
$C['clean_ms_char'] = empty($C['clean_ms_char']) ? 0 : $C['clean_ms_char'];
$C['comment'] = isset($C['comment']) ? $C['comment'] : (empty($C['safe']) ? 3 : 0);
$C['css_expression'] = empty($C['css_expression']) ? 0 : 1;
+$C['direct_list_nest'] = empty($C['direct_list_nest']) ? 0 : 1;
$C['hexdec_entity'] = isset($C['hexdec_entity']) ? $C['hexdec_entity'] : 1;
$C['hook'] = (!empty($C['hook']) && function_exists($C['hook'])) ? $C['hook'] : 0;
$C['hook_tag'] = (!empty($C['hook_tag']) && function_exists($C['hook_tag'])) ? $C['hook_tag'] : 0;
@@ -149,14 +150,15 @@ $cI = array('a'=>1, 'abbr'=>1, 'acronym'=>1, 'address'=>1, 'b'=>1, 'bdo'=>1, 'bi
$cN = array('a'=>array('a'=>1), 'button'=>array('a'=>1, 'button'=>1, 'fieldset'=>1, 'form'=>1, 'iframe'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'fieldset'=>array('fieldset'=>1), 'form'=>array('form'=>1), 'label'=>array('label'=>1), 'noscript'=>array('script'=>1), 'pre'=>array('big'=>1, 'font'=>1, 'img'=>1, 'object'=>1, 'script'=>1, 'small'=>1, 'sub'=>1, 'sup'=>1), 'rb'=>array('ruby'=>1), 'rt'=>array('ruby'=>1)); // Illegal
$cN2 = array_keys($cN);
$cR = array('blockquote'=>1, 'dir'=>1, 'dl'=>1, 'form'=>1, 'map'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'optgroup'=>1, 'rbc'=>1, 'rtc'=>1, 'ruby'=>1, 'select'=>1, 'table'=>1, 'tbody'=>1, 'tfoot'=>1, 'thead'=>1, 'tr'=>1, 'ul'=>1);
-$cS = array('colgroup'=>array('col'=>1), 'dir'=>array('li'), 'dl'=>array('dd'=>1, 'dt'=>1), 'menu'=>array('li'=>1), 'ol'=>array('li'=>1), 'optgroup'=>array('option'=>1), 'option'=>array('#pcdata'=>1), 'rbc'=>array('rb'=>1), 'rp'=>array('#pcdata'=>1), 'rtc'=>array('rt'=>1), 'ruby'=>array('rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1), 'select'=>array('optgroup'=>1, 'option'=>1), 'script'=>array('#pcdata'=>1), 'table'=>array('caption'=>1, 'col'=>1, 'colgroup'=>1, 'tfoot'=>1, 'tbody'=>1, 'tr'=>1, 'thead'=>1), 'tbody'=>array('tr'=>1), 'tfoot'=>array('tr'=>1), 'textarea'=>array('#pcdata'=>1), 'thead'=>array('tr'=>1), 'tr'=>array('td'=>1, 'th'=>1), 'ul'=>array('li'=>1)); // Specific - immediate parent-child
+$cS = array('colgroup'=>array('col'=>1), 'dir'=>array('li'=>1), 'dl'=>array('dd'=>1, 'dt'=>1), 'menu'=>array('li'=>1), 'ol'=>array('li'=>1), 'optgroup'=>array('option'=>1), 'option'=>array('#pcdata'=>1), 'rbc'=>array('rb'=>1), 'rp'=>array('#pcdata'=>1), 'rtc'=>array('rt'=>1), 'ruby'=>array('rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1), 'select'=>array('optgroup'=>1, 'option'=>1), 'script'=>array('#pcdata'=>1), 'table'=>array('caption'=>1, 'col'=>1, 'colgroup'=>1, 'tfoot'=>1, 'tbody'=>1, 'tr'=>1, 'thead'=>1), 'tbody'=>array('tr'=>1), 'tfoot'=>array('tr'=>1), 'textarea'=>array('#pcdata'=>1), 'thead'=>array('tr'=>1), 'tr'=>array('td'=>1, 'th'=>1), 'ul'=>array('li'=>1)); // Specific - immediate parent-child
+if($GLOBALS['C']['direct_list_nest']){$cS['ol'] = $cS['ul'] += array('ol'=>1, 'ul'=>1);}
$cO = array('address'=>array('p'=>1), 'applet'=>array('param'=>1), 'blockquote'=>array('script'=>1), 'fieldset'=>array('legend'=>1, '#pcdata'=>1), 'form'=>array('script'=>1), 'map'=>array('area'=>1), 'object'=>array('param'=>1, 'embed'=>1)); // Other
$cT = array('colgroup'=>1, 'dd'=>1, 'dt'=>1, 'li'=>1, 'option'=>1, 'p'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1); // Omitable closing
// block/inline type; ins & del both type; #pcdata: text
$eB = array('address'=>1, 'blockquote'=>1, 'center'=>1, 'del'=>1, 'dir'=>1, 'dl'=>1, 'div'=>1, 'fieldset'=>1, 'form'=>1, 'ins'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'hr'=>1, 'isindex'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'p'=>1, 'pre'=>1, 'table'=>1, 'ul'=>1);
-$eI = array('#pcdata'=>1, 'a'=>1, 'abbr'=>1, 'acronym'=>1, 'applet'=>1, 'b'=>1, 'bdo'=>1, 'big'=>1, 'br'=>1, 'button'=>1, 'cite'=>1, 'code'=>1, 'del'=>1, 'dfn'=>1, 'em'=>1, 'embed'=>1, 'font'=>1, 'i'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'ins'=>1, 'kbd'=>1, 'label'=>1, 'map'=>1, 'object'=>1, 'param'=>1, 'q'=>1, 'ruby'=>1, 's'=>1, 'samp'=>1, 'select'=>1, 'script'=>1, 'small'=>1, 'span'=>1, 'strike'=>1, 'strong'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1, 'tt'=>1, 'u'=>1, 'var'=>1);
+$eI = array('#pcdata'=>1, 'a'=>1, 'abbr'=>1, 'acronym'=>1, 'applet'=>1, 'b'=>1, 'bdo'=>1, 'big'=>1, 'br'=>1, 'button'=>1, 'cite'=>1, 'code'=>1, 'del'=>1, 'dfn'=>1, 'em'=>1, 'embed'=>1, 'font'=>1, 'i'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'ins'=>1, 'kbd'=>1, 'label'=>1, 'map'=>1, 'object'=>1, 'q'=>1, 'ruby'=>1, 's'=>1, 'samp'=>1, 'select'=>1, 'script'=>1, 'small'=>1, 'span'=>1, 'strike'=>1, 'strong'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1, 'tt'=>1, 'u'=>1, 'var'=>1);
$eN = array('a'=>1, 'big'=>1, 'button'=>1, 'fieldset'=>1, 'font'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'label'=>1, 'object'=>1, 'ruby'=>1, 'script'=>1, 'select'=>1, 'small'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1); // Exclude from specific ele; $cN values
-$eO = array('area'=>1, 'caption'=>1, 'col'=>1, 'colgroup'=>1, 'dd'=>1, 'dt'=>1, 'legend'=>1, 'li'=>1, 'optgroup'=>1, 'option'=>1, 'rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1, 'script'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'thead'=>1, 'th'=>1, 'tr'=>1); // Missing in $eB & $eI
+$eO = array('area'=>1, 'caption'=>1, 'col'=>1, 'colgroup'=>1, 'dd'=>1, 'dt'=>1, 'legend'=>1, 'li'=>1, 'optgroup'=>1, 'option'=>1, 'param'=>1, 'rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1, 'script'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'thead'=>1, 'th'=>1, 'tr'=>1); // Missing in $eB & $eI
$eF = $eB + $eI;
// $in sets allowed child
@@ -295,20 +297,14 @@ function hl_cmtcd($t){
// comment/CDATA sec handler
$t = $t[0];
global $C;
-if($t[3] == '-'){
- if(!$C['comment']){return $t;}
- if($C['comment'] == 1){return '';}
+if(!($v = $C[$n = $t[3] == '-' ? 'comment' : 'cdata'])){return $t;}
+if($v == 1){return '';}
+if($n == 'comment'){
if(substr(($t = preg_replace('`--+`', '-', substr($t, 4, -3))), -1) != ' '){$t .= ' ';}
- $t = $C['comment'] == 2 ? str_replace(array('&', '<', '>'), array('&amp;', '&lt;', '&gt;'), $t) : $t;
- $t = "\x01\x02\x04!--$t--\x05\x02\x01";
-}else{ // CDATA
- if(!$C['cdata']){return $t;}
- if($C['cdata'] == 1){return '';}
- $t = substr($t, 1, -1);
- $t = $C['cdata'] == 2 ? str_replace(array('&', '<', '>'), array('&amp;', '&lt;', '&gt;'), $t) : $t;
- $t = "\x01\x01\x04$t\x05\x01\x01";
-}
-return str_replace(array('&', '<', '>'), array("\x03", "\x04", "\x05"), $t);
+}
+else{$t = substr($t, 1, -1);}
+$t = $v == 2 ? str_replace(array('&', '<', '>'), array('&amp;', '&lt;', '&gt;'), $t) : $t;
+return str_replace(array('&', '<', '>'), array("\x03", "\x04", "\x05"), ($n == 'comment' ? "\x01\x02\x04!--$t--\x05\x02\x01" : "\x01\x01\x04$t\x05\x01\x01"));
// eof
}
@@ -334,9 +330,11 @@ global $C;
$b = $a = '';
if($c == null){$c = 'style'; $b = $p[1]; $a = $p[3]; $p = trim($p[2]);}
$c = isset($C['schemes'][$c]) ? $C['schemes'][$c] : $C['schemes']['*'];
-if(isset($c['*']) or !strcspn($p, '#?;')){return "{$b}{$p}{$a}";} // All ok, frag, query, param
+static $d = 'denied:';
+if(isset($c['!']) && substr($p, 0, 7) != $d){$p = "$d$p";}
+if(isset($c['*']) or !strcspn($p, '#?;') or (substr($p, 0, 7) == $d)){return "{$b}{$p}{$a}";} // All ok, frag, query, param
if(preg_match('`^([a-z\d\-+.&#; ]+?)(:|&#(58|x3a);|%3a|\\\\0{0,4}3a).`i', $p, $m) && !isset($c[strtolower($m[1])])){ // Denied prot
- return "{$b}denied:{$p}{$a}";
+ return "{$b}{$d}{$p}{$a}";
}
if($C['abs_url']){
if($C['abs_url'] == -1 && strpos($p, $C['base_url']) === 0){ // Make url rel
@@ -429,11 +427,11 @@ if($C['make_tag_strict'] && isset($eD[$e])){
// close tag
static $eE = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1); // Empty ele
if(!empty($m[1])){
- return (!isset($eE[$e]) ? "</$e>" : (($C['keep_bad'])%2 ? str_replace(array('<', '>'), array('&lt;', '&gt;'), $t) : ''));
+ return (!isset($eE[$e]) ? (empty($C['hook_tag']) ? "</$e>" : $C['hook_tag']($e)) : (($C['keep_bad'])%2 ? str_replace(array('<', '>'), array('&lt;', '&gt;'), $t) : ''));
}
// open tag & attr
-static $aN = array('abbr'=>array('td'=>1, 'th'=>1), 'accept-charset'=>array('form'=>1), 'accept'=>array('form'=>1, 'input'=>1), 'accesskey'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'legend'=>1, 'textarea'=>1), 'action'=>array('form'=>1), 'align'=>array('caption'=>1, 'embed'=>1, 'applet'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'object'=>1, 'legend'=>1, 'table'=>1, 'hr'=>1, 'div'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'p'=>1, 'col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'alt'=>array('applet'=>1, 'area'=>1, 'img'=>1, 'input'=>1), 'archive'=>array('applet'=>1, 'object'=>1), 'axis'=>array('td'=>1, 'th'=>1), 'bgcolor'=>array('embed'=>1, 'table'=>1, 'tr'=>1, 'td'=>1, 'th'=>1), 'border'=>array('table'=>1, 'img'=>1, 'object'=>1), 'bordercolor'=>array('table'=>1, 'td'=>1, 'tr'=>1), 'cellpadding'=>array('table'=>1), 'cellspacing'=>array('table'=>1), 'char'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charoff'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charset'=>array('a'=>1, 'script'=>1), 'checked'=>array('input'=>1), 'cite'=>array('blockquote'=>1, 'q'=>1, 'del'=>1, 'ins'=>1), 'classid'=>array('object'=>1), 'clear'=>array('br'=>1), 'code'=>array('applet'=>1), 'codebase'=>array('object'=>1, 'applet'=>1), 'codetype'=>array('object'=>1), 'color'=>array('font'=>1), 'cols'=>array('textarea'=>1), 'colspan'=>array('td'=>1, 'th'=>1), 'compact'=>array('dir'=>1, 'dl'=>1, 'menu'=>1, 'ol'=>1, 'ul'=>1), 'coords'=>array('area'=>1, 'a'=>1), 'data'=>array('object'=>1), 'datetime'=>array('del'=>1, 'ins'=>1), 'declare'=>array('object'=>1), 'defer'=>array('script'=>1), 'dir'=>array('bdo'=>1), 'disabled'=>array('button'=>1, 'input'=>1, 'optgroup'=>1, 'option'=>1, 'select'=>1, 'textarea'=>1), 'enctype'=>array('form'=>1), 'face'=>array('font'=>1), 'for'=>array('label'=>1), 'frame'=>array('table'=>1), 'frameborder'=>array('iframe'=>1), 'headers'=>array('td'=>1, 'th'=>1), 'height'=>array('embed'=>1, 'iframe'=>1, 'td'=>1, 'th'=>1, 'img'=>1, 'object'=>1, 'applet'=>1), 'href'=>array('a'=>1, 'area'=>1), 'hreflang'=>array('a'=>1), 'hspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'ismap'=>array('img'=>1, 'input'=>1), 'label'=>array('option'=>1, 'optgroup'=>1), 'language'=>array('script'=>1), 'longdesc'=>array('img'=>1, 'iframe'=>1), 'marginheight'=>array('iframe'=>1), 'marginwidth'=>array('iframe'=>1), 'maxlength'=>array('input'=>1), 'method'=>array('form'=>1), 'model'=>array('embed'=>1), 'multiple'=>array('select'=>1), 'name'=>array('button'=>1, 'embed'=>1, 'textarea'=>1, 'applet'=>1, 'select'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'a'=>1, 'input'=>1, 'object'=>1, 'map'=>1, 'param'=>1), 'nohref'=>array('area'=>1), 'noshade'=>array('hr'=>1), 'nowrap'=>array('td'=>1, 'th'=>1), 'object'=>array('applet'=>1), 'onblur'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onchange'=>array('input'=>1, 'select'=>1, 'textarea'=>1), 'onfocus'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onreset'=>array('form'=>1), 'onselect'=>array('input'=>1, 'textarea'=>1), 'onsubmit'=>array('form'=>1), 'pluginspage'=>array('embed'=>1), 'pluginurl'=>array('embed'=>1), 'prompt'=>array('isindex'=>1), 'readonly'=>array('textarea'=>1, 'input'=>1), 'rel'=>array('a'=>1), 'rev'=>array('a'=>1), 'rows'=>array('textarea'=>1), 'rowspan'=>array('td'=>1, 'th'=>1), 'rules'=>array('table'=>1), 'scope'=>array('td'=>1, 'th'=>1), 'scrolling'=>array('iframe'=>1), 'selected'=>array('option'=>1), 'shape'=>array('area'=>1, 'a'=>1), 'size'=>array('hr'=>1, 'font'=>1, 'input'=>1, 'select'=>1), 'span'=>array('col'=>1, 'colgroup'=>1), 'src'=>array('embed'=>1, 'script'=>1, 'input'=>1, 'iframe'=>1, 'img'=>1), 'standby'=>array('object'=>1), 'start'=>array('ol'=>1), 'summary'=>array('table'=>1), 'tabindex'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'object'=>1, 'select'=>1, 'textarea'=>1), 'target'=>array('a'=>1, 'area'=>1, 'form'=>1), 'type'=>array('a'=>1, 'embed'=>1, 'object'=>1, 'param'=>1, 'script'=>1, 'input'=>1, 'li'=>1, 'ol'=>1, 'ul'=>1, 'button'=>1), 'usemap'=>array('img'=>1, 'input'=>1, 'object'=>1), 'valign'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'value'=>array('input'=>1, 'option'=>1, 'param'=>1, 'button'=>1, 'li'=>1), 'valuetype'=>array('param'=>1), 'vspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'width'=>array('embed'=>1, 'hr'=>1, 'iframe'=>1, 'img'=>1, 'object'=>1, 'table'=>1, 'td'=>1, 'th'=>1, 'applet'=>1, 'col'=>1, 'colgroup'=>1, 'pre'=>1), 'wmode'=>array('embed'=>1), 'xml:space'=>array('pre'=>1, 'script'=>1, 'style'=>1)); // Ele-specific
+static $aN = array('abbr'=>array('td'=>1, 'th'=>1), 'accept-charset'=>array('form'=>1), 'accept'=>array('form'=>1, 'input'=>1), 'accesskey'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'legend'=>1, 'textarea'=>1), 'action'=>array('form'=>1), 'align'=>array('caption'=>1, 'embed'=>1, 'applet'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'object'=>1, 'legend'=>1, 'table'=>1, 'hr'=>1, 'div'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'p'=>1, 'col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'alt'=>array('applet'=>1, 'area'=>1, 'img'=>1, 'input'=>1), 'archive'=>array('applet'=>1, 'object'=>1), 'axis'=>array('td'=>1, 'th'=>1), 'bgcolor'=>array('embed'=>1, 'table'=>1, 'tr'=>1, 'td'=>1, 'th'=>1), 'border'=>array('table'=>1, 'img'=>1, 'object'=>1), 'bordercolor'=>array('table'=>1, 'td'=>1, 'tr'=>1), 'cellpadding'=>array('table'=>1), 'cellspacing'=>array('table'=>1), 'char'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charoff'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charset'=>array('a'=>1, 'script'=>1), 'checked'=>array('input'=>1), 'cite'=>array('blockquote'=>1, 'q'=>1, 'del'=>1, 'ins'=>1), 'classid'=>array('object'=>1), 'clear'=>array('br'=>1), 'code'=>array('applet'=>1), 'codebase'=>array('object'=>1, 'applet'=>1), 'codetype'=>array('object'=>1), 'color'=>array('font'=>1), 'cols'=>array('textarea'=>1), 'colspan'=>array('td'=>1, 'th'=>1), 'compact'=>array('dir'=>1, 'dl'=>1, 'menu'=>1, 'ol'=>1, 'ul'=>1), 'coords'=>array('area'=>1, 'a'=>1), 'data'=>array('object'=>1), 'datetime'=>array('del'=>1, 'ins'=>1), 'declare'=>array('object'=>1), 'defer'=>array('script'=>1), 'dir'=>array('bdo'=>1), 'disabled'=>array('button'=>1, 'input'=>1, 'optgroup'=>1, 'option'=>1, 'select'=>1, 'textarea'=>1), 'enctype'=>array('form'=>1), 'face'=>array('font'=>1), 'flashvars'=>array('embed'=>1), 'for'=>array('label'=>1), 'frame'=>array('table'=>1), 'frameborder'=>array('iframe'=>1), 'headers'=>array('td'=>1, 'th'=>1), 'height'=>array('embed'=>1, 'iframe'=>1, 'td'=>1, 'th'=>1, 'img'=>1, 'object'=>1, 'applet'=>1), 'href'=>array('a'=>1, 'area'=>1), 'hreflang'=>array('a'=>1), 'hspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'ismap'=>array('img'=>1, 'input'=>1), 'label'=>array('option'=>1, 'optgroup'=>1), 'language'=>array('script'=>1), 'longdesc'=>array('img'=>1, 'iframe'=>1), 'marginheight'=>array('iframe'=>1), 'marginwidth'=>array('iframe'=>1), 'maxlength'=>array('input'=>1), 'method'=>array('form'=>1), 'model'=>array('embed'=>1), 'multiple'=>array('select'=>1), 'name'=>array('button'=>1, 'embed'=>1, 'textarea'=>1, 'applet'=>1, 'select'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'a'=>1, 'input'=>1, 'object'=>1, 'map'=>1, 'param'=>1), 'nohref'=>array('area'=>1), 'noshade'=>array('hr'=>1), 'nowrap'=>array('td'=>1, 'th'=>1), 'object'=>array('applet'=>1), 'onblur'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onchange'=>array('input'=>1, 'select'=>1, 'textarea'=>1), 'onfocus'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onreset'=>array('form'=>1), 'onselect'=>array('input'=>1, 'textarea'=>1), 'onsubmit'=>array('form'=>1), 'pluginspage'=>array('embed'=>1), 'pluginurl'=>array('embed'=>1), 'prompt'=>array('isindex'=>1), 'readonly'=>array('textarea'=>1, 'input'=>1), 'rel'=>array('a'=>1), 'rev'=>array('a'=>1), 'rows'=>array('textarea'=>1), 'rowspan'=>array('td'=>1, 'th'=>1), 'rules'=>array('table'=>1), 'scope'=>array('td'=>1, 'th'=>1), 'scrolling'=>array('iframe'=>1), 'selected'=>array('option'=>1), 'shape'=>array('area'=>1, 'a'=>1), 'size'=>array('hr'=>1, 'font'=>1, 'input'=>1, 'select'=>1), 'span'=>array('col'=>1, 'colgroup'=>1), 'src'=>array('embed'=>1, 'script'=>1, 'input'=>1, 'iframe'=>1, 'img'=>1), 'standby'=>array('object'=>1), 'start'=>array('ol'=>1), 'summary'=>array('table'=>1), 'tabindex'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'object'=>1, 'select'=>1, 'textarea'=>1), 'target'=>array('a'=>1, 'area'=>1, 'form'=>1), 'type'=>array('a'=>1, 'embed'=>1, 'object'=>1, 'param'=>1, 'script'=>1, 'input'=>1, 'li'=>1, 'ol'=>1, 'ul'=>1, 'button'=>1), 'usemap'=>array('img'=>1, 'input'=>1, 'object'=>1), 'valign'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'value'=>array('input'=>1, 'option'=>1, 'param'=>1, 'button'=>1, 'li'=>1), 'valuetype'=>array('param'=>1), 'vspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'width'=>array('embed'=>1, 'hr'=>1, 'iframe'=>1, 'img'=>1, 'object'=>1, 'table'=>1, 'td'=>1, 'th'=>1, 'applet'=>1, 'col'=>1, 'colgroup'=>1, 'pre'=>1), 'wmode'=>array('embed'=>1), 'xml:space'=>array('pre'=>1, 'script'=>1, 'style'=>1)); // Ele-specific
static $aNE = array('checked'=>1, 'compact'=>1, 'declare'=>1, 'defer'=>1, 'disabled'=>1, 'ismap'=>1, 'multiple'=>1, 'nohref'=>1, 'noresize'=>1, 'noshade'=>1, 'nowrap'=>1, 'readonly'=>1, 'selected'=>1); // Empty
static $aNP = array('action'=>1, 'cite'=>1, 'classid'=>1, 'codebase'=>1, 'data'=>1, 'href'=>1, 'longdesc'=>1, 'model'=>1, 'pluginspage'=>1, 'pluginurl'=>1, 'usemap'=>1); // Need scheme check; excludes style, on* & src
static $aNU = array('class'=>array('param'=>1, 'script'=>1), 'dir'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'id'=>array('script'=>1), 'lang'=>array('applet'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'xml:lang'=>array('applet'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'onclick'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'ondblclick'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeydown'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeypress'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeyup'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmousedown'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmousemove'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseout'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseover'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseup'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'style'=>array('param'=>1, 'script'=>1), 'title'=>array('param'=>1, 'script'=>1)); // Univ & exceptions
@@ -472,8 +470,8 @@ while(strlen($a)){
$aA[$nm] = '';
}
break; case 2: // Val
- if(preg_match('`^"[^"]*"`', $a, $m) or preg_match("`^'[^']*'`", $a, $m) or preg_match("`^\s*[^\s\"']+`", $a, $m)){
- $m = $m[0]; $w = 1; $mode = 0; $a = ltrim(substr_replace($a, '', 0, strlen($m)));
+ if(preg_match('`^((?:"[^"]*")|(?:\'[^\']*\')|(?:\s*[^\s"\']+))(.*)`', $a, $m)){
+ $a = ltrim($m[2]); $m = $m[1]; $w = 1; $mode = 0;
$aA[$nm] = trim(($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m);
}
break;
@@ -500,7 +498,7 @@ foreach($aA as $k=>$v){
static $sC = array('&#x20;'=>' ', '&#32;'=>' ', '&#x45;'=>'e', '&#69;'=>'e', '&#x65;'=>'e', '&#101;'=>'e', '&#x58;'=>'x', '&#88;'=>'x', '&#x78;'=>'x', '&#120;'=>'x', '&#x50;'=>'p', '&#80;'=>'p', '&#x70;'=>'p', '&#112;'=>'p', '&#x53;'=>'s', '&#83;'=>'s', '&#x73;'=>'s', '&#115;'=>'s', '&#x49;'=>'i', '&#73;'=>'i', '&#x69;'=>'i', '&#105;'=>'i', '&#x4f;'=>'o', '&#79;'=>'o', '&#x6f;'=>'o', '&#111;'=>'o', '&#x4e;'=>'n', '&#78;'=>'n', '&#x6e;'=>'n', '&#110;'=>'n', '&#x55;'=>'u', '&#85;'=>'u', '&#x75;'=>'u', '&#117;'=>'u', '&#x52;'=>'r', '&#82;'=>'r', '&#x72;'=>'r', '&#114;'=>'r', '&#x4c;'=>'l', '&#76;'=>'l', '&#x6c;'=>'l', '&#108;'=>'l', '&#x28;'=>'(', '&#40;'=>'(', '&#x29;'=>')', '&#41;'=>')', '&#x20;'=>':', '&#32;'=>':', '&#x22;'=>'"', '&#34;'=>'"', '&#x27;'=>"'", '&#39;'=>"'", '&#x2f;'=>'/', '&#47;'=>'/', '&#x2a;'=>'*', '&#42;'=>'*', '&#x5c;'=>'\\', '&#92;'=>'\\');
$v = strtr($v, $sC);
}
- $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v);
+ $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+?)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v);
$v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v;
}elseif(isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o'){
$v = str_replace("\xad", ' ', (strpos($v, '&') !== false ? str_replace(array('&#xad;', '&#173;', '&shy;'), ' ', $v) : $v));
@@ -643,7 +641,7 @@ return '';
function hl_tidy($t, $w, $p){
// Tidy/compact HTM
if(strpos(' pre,script,textarea', "$p,")){return $t;}
-$t = str_replace(' </', '</', preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea).*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t)));
+$t = str_replace(' </', '</', preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea)[^>]*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t)));
if(($w = strtolower($w)) == -1){
return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t);
}
@@ -688,7 +686,7 @@ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array(
function hl_version(){
// rel
-return '1.1.9';
+return '1.1.11';
// eof
}
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php
index 160bd012d..806aa4641 100644..100755
--- a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php
+++ b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php
@@ -1,10 +1,10 @@
<?php
/*
-htmLawedTest.php, 16 July 2009
-htmLawed 1.1.9, 22 December 2009
+htmLawedTest.php, 22 October 2011
+htmLawed 1.1.11, 5 June 2012
Copyright Santosh Patnaik
-GPL v3 license
+Dual licensed with LGPL 3 and GPL 2 or later
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
Test htmLawed; user provides text input; input and processed input are shown as highlighted code and rendered HTML; also shown are execution time and peak memory usage
@@ -44,7 +44,9 @@ if(get_magic_quotes_gpc()){
}
ini_set('magic_quotes_gpc', 0);
}
-set_magic_quotes_runtime(0);
+if(get_magic_quotes_runtime()){
+ set_magic_quotes_runtime(0);
+}
$_POST['enc'] = (isset($_POST['enc']) and preg_match('`^[-\w]+$`', $_POST['enc'])) ? $_POST['enc'] : 'utf-8';
@@ -328,7 +330,7 @@ tRs = {
a.appendChild(document.createTextNode("\u2195"));
a.style.cursor = 'n-resize';
a.className= 'resizer';
- a.title = 'click-drag to resize'
+ a.title = 'click-drag to resize textarea'
tRs.adEv(a, 'mousedown', tRs.initResize);
textareas[i].parentNode.appendChild(a);
}
@@ -420,7 +422,7 @@ else{
}
?>
-<span style="float:right;" class="help"><span style="font-size: 85%;">Encoding: </span><input type="text" size="8" id="enc" name="enc" style="vertical-align: middle;" value="<?php echo htmlspecialchars($_POST['enc']); ?>" title="IANA-recognized name of the input character-set; can be multiple ;- or space-separated values; may not work in some browsers" /></span>
+<span style="float:right;" class="help" title="IANA-recognized name of the input character-set; can be multiple ;- or space-separated values; may not work in some browsers"><span style="font-size: 85%;">Encoding: </span><input type="text" size="8" id="enc" name="enc" style="vertical-align: middle;" value="<?php echo htmlspecialchars($_POST['enc']); ?>" /></span>
</div>
<br style="clear:both;" />
@@ -454,6 +456,7 @@ $cfg = array(
'comment'=>array('4', 'nil', 'allow HTML comments', 'nil'),
'css_expression'=>array('2', 'nil', 'allow dynamic expressions in CSS style properties', 'nil'),
'deny_attribute'=>array('1', '0', 'denied attributes', '0', '50', '', 'these'),
+'direct_list_nest'=>array('2', 'nil', 'allow direct nesting of a list within another without requiring it to be a list item', 'nil'),
'elements'=>array('', '', 'allowed elements', '50'),
'hexdec_entity'=>array('3', '1', 'convert hexadecimal numeric entities to decimal ones, or vice versa', '0'),
'hook'=>array('', '', 'name of hook function', '25'),
@@ -516,23 +519,23 @@ if($do){
}
}
- if($cfg['anti_link_spam'] && (!empty($cfg['anti_link_spam11']) or !empty($cfg['anti_link_spam12']))){
+ if(isset($cfg['anti_link_spam']) && $cfg['anti_link_spam'] && (!empty($cfg['anti_link_spam11']) or !empty($cfg['anti_link_spam12']))){
$cfg['anti_link_spam'] = array($cfg['anti_link_spam11'], $cfg['anti_link_spam12']);
}
unset($cfg['anti_link_spam11'], $cfg['anti_link_spam12']);
- if($cfg['anti_mail_spam'] == 1){
+ if(isset($cfg['anti_mail_spam']) && $cfg['anti_mail_spam'] == 1){
$cfg['anti_mail_spam'] = isset($cfg['anti_mail_spam1'][0]) ? $cfg['anti_mail_spam1'] : 0;
}
unset($cfg['anti_mail_spam11']);
- if($cfg['deny_attribute'] == 1){
+ if(isset($cfg['deny_attribute']) && $cfg['deny_attribute'] == 1){
$cfg['deny_attribute'] = isset($cfg['deny_attribute1'][0]) ? $cfg['deny_attribute1'] : 0;
}
unset($cfg['deny_attribute1']);
- if($cfg['tidy'] == 2){
+ if(isset($cfg['tidy']) && $cfg['tidy'] == 2){
$cfg['tidy'] = isset($cfg['tidy2'][0]) ? $cfg['tidy2'] : 0;
}
unset($cfg['tidy2']);
- if($cfg['unique_ids'] == 2){
+ if(isset($cfg['unique_ids']) && $cfg['unique_ids'] == 2){
$cfg['unique_ids'] = isset($cfg['unique_ids2'][0]) ? $cfg['unique_ids2'] : 1;
}
unset($cfg['unique_ids2']);
@@ -540,9 +543,9 @@ if($do){
$cfg['show_setting'] = 'hlcfg';
$st = microtime();
- $out = htmLawed($_POST['text'], $cfg, str_replace(array('$', '{'), '', $_POST['spec']));
+ $out = htmLawed($_POST['text'], $cfg, $_POST['spec']);
$et = microtime();
- echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code &raquo;</span></a> <span class="help" title="tags estimated as half of total &gt; and &lt; chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2), '</big> tags</small>&nbsp;</span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary &raquo;&nbsp;</span></a><div id="inputD" style="display: none;">'. hexdump($_POST['text']). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings &raquo;&nbsp;</span></a> <div id="settingF" style="display: none;">', str_replace(array(' ', "\t", ' '), array(' ', '&nbsp; ', '&nbsp; '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output &raquo;</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), '</big> s</small></span>', (($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>'. round(($mem-$pre_mem)/1048576, 2). '</big> <small>MB</small>' : ''), '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>';
+ echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code &raquo;</span></a> <span class="help" title="tags estimated as half of total &gt; and &lt; chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', ($tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2)), '</big> tag', ($tag > 1 ? 's' : ''), '</small>&nbsp;</span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary &raquo;&nbsp;</span></a><div id="inputD" style="display: none;">'. hexdump($_POST['text']). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings &raquo;&nbsp;</span></a> <div id="settingF" style="display: none;">', str_replace(array(' ', "\t", ' '), array(' ', '&nbsp; ', '&nbsp; '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output &raquo;</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), '</big> s</small></span>', (($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>'. round(($mem-$pre_mem)/1048576, 2). '</big> <small>MB</small>' : ''), '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>';
if($_w3c_validate && $validation)
{
?>
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm b/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm
index 7138ee9c0..6dd78fb2e 100644
--- a/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm
+++ b/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm
@@ -7,40 +7,74 @@
<meta name="keywords" content="htmLawed, HTM, HTML, HTML Tidy, converter, filter, formatter, purifier, sanitizer, XSS, input, PHP, software, code, script, security, cross-site scripting, hack, sanitize, remove, standards, tags, attributes, elements, htmLawed_README.txt, rTxt2htm, PHP Labware" />
<style type="text/css" media="all">
<!--/*--><![CDATA[/*><!--*/
-a {text-decoration:none; color: blue;}
-a:hover {color: red;}
-a:visited {color: blue;}
-body {margin: 0; padding: 0;}
-body, div, html, p {font-family: Georgia, 'Times new roman', Times;}
-code.code {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-div.comment {padding: 5px; color: #999999; font-size: 80%;}
-div.comment a {color: #6699cc;}
-div#body {width: 70%; margin: 5px; padding: 5px;} /* holds non-toc content */
-div#toc {position: fixed; top: 5px; left: 73%; z-index: 2; margin-top: 5px; margin-left: 5px; border: 1px solid gray; padding: 5px; background-color: #ededed; width: 23%; overflow: auto; max-height:94%; font-size: 90%;} /* holds content table (toc) */
-div#top {font-size: 14px; margin: 5px; padding: 5px;} /* holds all content */
-div.monospace {overflow: auto; font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-div.sub-section {padding-left: 15px;}
-div.sub-sub-section {padding-left: 30px;}
-h1 {font-size: 22px; margin-top: 5px; margin-bottom: 5px;}
-h2 {font-size: 20px; float: left; margin-top: 15px; margin-bottom: 5px;}
-h3 {font-size: 18px; float: left; margin-top: 15px; margin-bottom: 5px;}
-h4 {font-size: 16px; float: left; margin-top: 15px; margin-bottom: 5px;}
-hr {margin-top: 15px; margin-bottom: 5px;}
-input, textarea {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-p.subtle {color: gray; padding: 0; padding-top: 10px; margin: 0;}
-p.subtle a, p.subtle a:visited {color: #6699cc;}
-span.item-no {color: black;}
-span.subtle {color: gray; margin: 0; padding:0;}
-span.subtle a, span.subtle a:visited {color: #6699cc;}
-span.term {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-span.toc-item {color: black;}
-span.totop {float: right; margin-top: 15px; margin-bottom: 5px;}
-span.totop a, span.totop a:visited {color: #6699cc;}
-@media screen { /* fixes for old IE */
- * html, * html body {overflow-y: auto!important; height: 100%; margin: 0; padding: 0;}
- * html div#body {height: 100%; overflow-y: auto; position: relative;}
- * html div#toc {position: absolute;}
-}
+a {text-decoration:none; color: blue;}
+
+a:hover {color: red;}
+
+a:visited {color: blue;}
+
+body {margin: 0; padding: 0;}
+
+body, div, html, p {font-family: Georgia, 'Times new roman', Times;}
+
+code.code {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
+
+div.comment {padding: 5px; color: #999999; font-size: 80%;}
+
+div.comment a {color: #6699cc;}
+
+div#body {width: 70%; margin: 5px; padding: 5px;} /* holds non-toc content */
+
+div#toc {position: fixed; top: 5px; left: 73%; z-index: 2; margin-top: 5px; margin-left: 5px; border: 1px solid gray; padding: 5px; background-color: #ededed; width: 23%; overflow: auto; max-height:94%; font-size: 90%;} /* holds content table (toc) */
+
+div#top {font-size: 14px; margin: 5px; padding: 5px;} /* holds all content */
+
+div.monospace {overflow: auto; font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
+
+div.sub-section {padding-left: 15px;}
+
+div.sub-sub-section {padding-left: 30px;}
+
+h1 {font-size: 22px; margin-top: 5px; margin-bottom: 5px;}
+
+h2 {font-size: 20px; float: left; margin-top: 15px; margin-bottom: 5px;}
+
+h3 {font-size: 18px; float: left; margin-top: 15px; margin-bottom: 5px;}
+
+h4 {font-size: 16px; float: left; margin-top: 15px; margin-bottom: 5px;}
+
+hr {margin-top: 15px; margin-bottom: 5px;}
+
+input, textarea {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
+
+p.subtle {color: gray; padding: 0; padding-top: 10px; margin: 0;}
+
+p.subtle a, p.subtle a:visited {color: #6699cc;}
+
+span.item-no {color: black;}
+
+span.subtle {color: gray; margin: 0; padding:0;}
+
+span.subtle a, span.subtle a:visited {color: #6699cc;}
+
+span.term {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
+
+span.toc-item {color: black;}
+
+span.totop {float: right; margin-top: 15px; margin-bottom: 5px;}
+
+span.totop a, span.totop a:visited {color: #6699cc;}
+
+@media screen { /* fixes for old IE */
+
+ * html, * html body {overflow-y: auto!important; height: 100%; margin: 0; padding: 0;}
+
+ * html div#body {height: 100%; overflow-y: auto; position: relative;}
+
+ * html div#toc {position: absolute;}
+
+}
+
/*]]>*/-->
</style>
<title>htmLawed documentation | htmLawed PHP software is a free, open-source, customizable HTML input purifier and filter</title>
@@ -110,10 +144,10 @@ span.totop a, span.totop a:visited {color: #6699cc;}
<div id="body">
<br />
-<div class="comment">htmLawed_README.txt, 22 December 2009<br />
-htmLawed 1.1.9, 22 December 2009<br />
+<div class="comment">htmLawed_README.txt, 8 June 2012<br />
+htmLawed 1.1.11, 5 June 2012<br />
Copyright Santosh Patnaik<br />
-GPL v3 license<br />
+Dual licensed with LGPL 3 and GPL 2 or later<br />
A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed</a>&#160;</div>
<br />
@@ -222,7 +256,7 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<a name="s1.4" id="s1.4"></a><span class="item-no">1.4</span>&#160; License &amp; copyright
</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
<br />
-&#160; htmLawed is free and open-source software licensed under GPL license version <a href="http://www.gnu.org/licenses/gpl-3.0.txt">3</a>, and copyrighted by Santosh Patnaik, MD, PhD.<br />
+&#160; htmLawed is free and open-source software dual licensed under LGPL license version <a href="http://www.gnu.org/licenses/lgpl-3.0.txt">3</a>&#160;and GPL license version <a href="http://www.gnu.org/licenses/gpl-2.0.txt">2</a>&#160;or later, and copyrighted by Santosh Patnaik, MD, PhD.<br />
</div>
<div class="sub-section"><h3>
@@ -254,9 +288,11 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<a name="s2" id="s2"></a><span class="item-no">2</span>&#160; Usage
</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
<br />
-&#160; htmLawed should work with PHP 4.3 and higher. Either <span class="term">include()</span>&#160;the <span class="term">htmLawed.php</span>&#160;file or copy-paste the entire code.<br />
+&#160; htmLawed should work with PHP 4.4 and higher. Either <span class="term">include()</span>&#160;the <span class="term">htmLawed.php</span>&#160;file or copy-paste the entire code.<br />
<br />
&#160; To easily <strong>test</strong>&#160;htmLawed using a form-based interface, use the provided <a href="htmLawedTest.php">demo</a>&#160;(<span class="term">htmLawed.php</span>&#160;and <span class="term">htmLawedTest.php</span>&#160;should be in the same directory on the web-server).<br />
+<br />
+&#160; <strong>Note</strong>: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to the <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">htmLawed</a>&#160;website; the filtering itself can be configured, etc., as described here.<br />
<div class="sub-section"><h3>
<a name="s2.1" id="s2.1"></a><span class="item-no">2.1</span>&#160; Simple
@@ -371,6 +407,12 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
&#160; <span class="term">string</span>&#160;- dictated by values in <span class="term">string</span><br />
&#160; <span class="term">on&#42;</span>&#160;(like <span class="term">onfocus</span>) attributes not allowed - "<br />
<br />
+&#160; <strong>direct_nest_list</strong><br />
+&#160; Allow direct nesting of a list within another without requiring it to be a list item; see <a href="#s3.3.4">section 3.3.4</a><br />
+<br />
+&#160; <span class="term">0</span>&#160;- no &#160;*<br />
+&#160; <span class="term">1</span>&#160;- yes<br />
+<br />
&#160; <strong>elements</strong><br />
&#160; Allowed HTML elements; see <a href="#s3.3">section 3.3</a><br />
<br />
@@ -441,11 +483,11 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
&#160; <span class="term">1</span>&#160;- will auto-adjust other relevant <span class="term">$config</span>&#160;parameters (indicated by <span class="term">"</span>&#160;in this list)<br />
<br />
&#160; <strong>schemes</strong><br />
-&#160; Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs; <span class="term">&#42;</span>&#160;covers all unspecified attributes; see <a href="#s3.4.3">section 3.4.3</a><br />
+&#160; Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs (or <span class="term">!</span>&#160;to <em>deny</em>&#160;any URL); <span class="term">&#42;</span>&#160;covers all unspecified attributes; see <a href="#s3.4.3">section 3.4.3</a><br />
<br />
&#160; <span class="term">href&#58; aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; &#42;&#58;file, http, https</span>&#160; *<br />
&#160; <span class="term">&#42;&#58; ftp, gopher, http, https, mailto, news, nntp, telnet</span>&#160; ^<br />
-&#160; <span class="term">href&#58; aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style&#58; nil; &#42;&#58;file, http, https</span>&#160; "<br />
+&#160; <span class="term">href&#58; aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style&#58; !; &#42;&#58;file, http, https</span>&#160; "<br />
<br />
&#160; <strong>show_setting</strong><br />
&#160; Name of a PHP variable to assign the <em>finalized</em>&#160;<span class="term">$config</span>&#160;and <span class="term">$spec</span>&#160;values; see <a href="#s3.8">section 3.8</a><br />
@@ -541,7 +583,7 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
&#160; <em>Rule</em>: <span class="term">input=title(), value(maxval=8/default=6)</span><br />
&#160; <em>Output</em>: <span class="term">&lt;input title="WIDTH" value="6" /&gt;&lt;input title="length" value="5" /&gt;</span><br />
<br />
-&#160; <em>Rule</em>: <span class="term">input=title(nomatch=$w.d$i), value(match=$em$/default=6em)</span><br />
+&#160; <em>Rule</em>: <span class="term">input=title(nomatch=%w.d%i), value(match=%em%/default=6em)</span><br />
&#160; <em>Output</em>: <span class="term">&lt;input value="10em" /&gt;&lt;input title="length" value="6em" /&gt;</span><br />
<br />
&#160; <em>Rule</em>: <span class="term">input=title(oneof=height|depth/default=depth), value(noneof=5|6)</span><br />
@@ -565,9 +607,9 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<a name="s2.5" id="s2.5"></a><span class="item-no">2.5</span>&#160; Some security risks to keep in mind
</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
<br />
-&#160; When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially <em>dangerous</em>&#160;HTML code. (This may not be a problem if the authors are trusted.)<br />
+&#160; When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially <em>dangerous</em>&#160;HTML code which is meant to steal user-data, deface a website, render a page non-functional, etc.<br />
<br />
-&#160; For example, following increase security risks:<br />
+&#160; Unless end-users, either people or software, supplying the content are completely trusted, security issues arising from the degree of HTML usage permission has to be kept in mind. For example, following increase security risks:<br />
<br />
&#160; * &#160;Allowing <span class="term">script</span>, <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>&#160;or <span class="term">object</span>&#160;elements, or certain of their attributes like <span class="term">allowscriptaccess</span><br />
<br />
@@ -575,7 +617,13 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<br />
&#160; * &#160;Allowing dynamic CSS expressions (a feature of the IE browser)<br />
<br />
-&#160; <em>Unsafe</em>&#160;HTML can be removed by setting <span class="term">$config</span>&#160;appropriately. E.g., <span class="term">$config["elements"] = "&#42; -script"</span>&#160;(<a href="#s3.3">section 3.3</a>), <span class="term">$config["safe"] = 1</span>&#160;(<a href="#s3.6">section 3.6</a>), etc.<br />
+&#160; * &#160;Allowing the <span class="term">style</span>&#160;attribute<br />
+<br />
+&#160; To remove <em>unsecure</em>&#160;HTML, code-developers using htmLawed must set <span class="term">$config</span>&#160;appropriately. E.g., <span class="term">$config["elements"] = "&#42; -script"</span>&#160;to deny the <span class="term">script</span>&#160;element (<a href="#s3.3">section 3.3</a>), <span class="term">$config["safe"] = 1</span>&#160;to auto-configure ceratin htmLawed parameters for maximizing security (<a href="#s3.6">section 3.6</a>), etc.<br />
+<br />
+&#160; Permitting the <span class="term">&#42;style&#42;</span>&#160;attribute brings in risks of <em>click-jacking</em>, <em>phishing</em>, web-page overlays, etc., <em>even</em>&#160;when the <span class="term">safe</span>&#160;parameter is enabled (see <a href="#s3.6">section 3.6</a>). Except for URLs and a few other things like CSS dynamic expressions, htmLawed currently does not check every CSS style property. It does provide ways for the code-developer implementing htmLawed to do such checks through htmLawed's <span class="term">$spec</span>&#160;argument, and through the <span class="term">hook_tag</span>&#160;parameter (see <a href="#s3.4.8">section 3.4.8</a>&#160;for more). Disallowing <span class="term">style</span>&#160;completely and relying on CSS classes and stylesheet files is recommended.<br />
+<br />
+&#160; htmLawed does not check or correct the character <strong>encoding</strong>&#160;of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML <span class="term">meta</span>&#160;tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).<br />
</div>
<div class="sub-section"><h3>
@@ -722,6 +770,8 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<br />
&#160; * &#160;Because of poor Unicode support in PHP, htmLawed does not remove the <em>high value</em>&#160;HTML-invalid characters with multi-byte code-points. Such characters however are extremely unlikely to be in the input. (see <a href="#s3.1">section 3.1</a>).<br />
<br />
+&#160; * &#160;htmLawed does not check or correct the character encoding of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML <span class="term">meta</span>&#160;tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).<br />
+<br />
&#160; * &#160;Like any script using PHP's PCRE regex functions, PHP setup-specific low PCRE limit values can cause htmLawed to at least partially fail with very long input texts.<br />
</div>
@@ -1162,6 +1212,8 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
&#160; In some cases, the specs stipulate the number and/or the ordering of the child elements. A <span class="term">table</span>&#160;can have 0 or 1 <span class="term">caption</span>, <span class="term">tbody</span>, <span class="term">tfoot</span>, and <span class="term">thead</span>, but they must be in this order: <span class="term">caption</span>, <span class="term">thead</span>, <span class="term">tfoot</span>, <span class="term">tbody</span>.<br />
<br />
&#160; htmLawed currently does not check for conformance to these rules. Note that any non-compliance in this regard will not introduce security vulnerabilities, crash browser applications, or affect the rendering of web-pages.<br />
+<br />
+&#160; With <span class="term">$config["direct_list_nest"]</span>&#160;set to <span class="term">1</span>, htmLawed will allow direct nesting of an <span class="term">ol</span>&#160;or <span class="term">ul</span>&#160;list within another <span class="term">ol</span>&#160;or <span class="term">ul</span>&#160;without requiring the child list to be within an <span class="term">li</span>&#160;of the parent list. While this is not standard-compliant, directly nested lists are rendered properly by almost all browsers. The parameter <span class="term">$config["direct_list_nest"]</span>&#160;has no effect if tag-balancing (<a href="#s3.3.3">section 3.3.3</a>) is turned off.<br />
</div>
<div class="sub-section"><h3>
@@ -1271,6 +1323,8 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<br />
&#160; As a side-note, one may find <span class="term">style&#58; &#42;</span>&#160;useful as URLs in <span class="term">style</span>&#160;attributes can be specified in a variety of ways, and the patterns that htmLawed uses to identify URLs may mistakenly identify non-URL text.<br />
<br />
+&#160; <span class="term">!</span>&#160;can be put in the list of schemes to disallow all protocols as well as <em>local</em>&#160;URLs. Thus, with <span class="term">href&#58; http, style&#58; !</span>, '&lt;a href="http://cnn.com" style="background-image: url('local.jpg');"&gt;CNN&lt;/a&gt;' will become '&lt;a href="http://cnn.com" style="background-image: url('denied:local.jpg');"&gt;CNN&lt;/a&gt;'.<br />
+<br />
&#160; <strong>Note</strong>: If URL-accepting attributes other than those listed above are being allowed, then the scheme will not be checked unless the attribute name contains the string <span class="term">src</span>&#160;(e.g., <span class="term">dynsrc</span>) or starts with <span class="term">o</span>&#160;(e.g., <span class="term">onbeforecopy</span>).<br />
<br />
&#160; With <span class="term">$config["safe"] = 1</span>, all URLs are disallowed in the <span class="term">style</span>&#160;attribute values.<br />
@@ -1488,7 +1542,7 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<a name="s3.4.8" id="s3.4.8"></a><span class="item-no">3.4.8</span>&#160; Inline style properties
</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
<br />
-&#160; htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the <span class="term">style</span>&#160;attributes. (CSS properties like <span class="term">background-image</span>&#160;that accept URLs in their values are noted in <a href="#s5.3">section 5.3</a>.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting <span class="term">$config["css_expression"]</span>&#160;to <span class="term">1</span>&#160;(default setting).<br />
+&#160; htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the <span class="term">style</span>&#160;attributes. (CSS properties like <span class="term">background-image</span>&#160;that accept URLs in their values are noted in <a href="#s5.3">section 5.3</a>.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting <span class="term">$config["css_expression"]</span>&#160;to <span class="term">1</span>&#160;(default setting). Note that when <span class="term">$config["css_expression"]</span>&#160;is set to <span class="term">1</span>, htmLawed will remove <span class="term">/&#42;</span>&#160;from the <span class="term">style</span>&#160;values.<br />
<br />
&#160; <strong>Note</strong>: Because of the various ways of representing characters in attribute values (URL-escapement, entitification, etc.), htmLawed might alter the values of the <span class="term">style</span>&#160;attribute values, and may even falsely identify dynamic CSS expressions and URL schemes in them. If this is an important issue, checking of URLs and dynamic expressions can be turned off (<span class="term">$config["schemes"] = "...style&#58;&#42;..."</span>, see <a href="#s3.4.3">section 3.4.3</a>, and <span class="term">$config["css_expression"] = 0</span>). Alternately, admins can use their own custom function for finer handling of <span class="term">style</span>&#160;values through the <span class="term">hook_tag</span>&#160;parameter (see <a href="#s3.4.9">section 3.4.9</a>).<br />
<br />
@@ -1503,14 +1557,30 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<br />
&#160; It is possible to utilize a custom hook function to alter the tag content htmLawed has finalized (i.e., after it has checked/corrected for required attributes, transformed attributes, lower-cased attribute names, etc.).<br />
<br />
-&#160; When <span class="term">$config</span>&#160;parameter <span class="term">hook_tag</span>&#160;is set to the name of a function, htmLawed (function <span class="term">hl_tag()</span>) will pass on the element name, and the <em>finalized</em>&#160;attribute name-value pairs as array elements to the function. The function is expected to return the full opening tag string like <span class="term">&lt;element_name attribute_1_name="attribute_1_value"...&gt;</span>&#160;(for empty elements like <span class="term">img</span>&#160;and <span class="term">input</span>, the element-closing slash <span class="term">/</span>&#160;should also be included).<br />
+&#160; When <span class="term">$config</span>&#160;parameter <span class="term">hook_tag</span>&#160;is set to the name of a function, htmLawed (function <span class="term">hl_tag()</span>) will pass on the element name, and, in the case of an opening tag, the <em>finalized</em>&#160;attribute name-value pairs as array elements to the function. The function, after completing a task such as filtering or tag transformation, will typically return an empty string, the full opening tag string like <span class="term">&lt;element_name attribute_1_name="attribute_1_value"...&gt;</span>&#160;(for empty elements like <span class="term">img</span>&#160;and <span class="term">input</span>, the element-closing slash <span class="term">/</span>&#160;should also be included), etc.<br />
+<br />
+&#160; Any <span class="term">hook_tag</span>&#160;function, since htmLawed version 1.1.11, also receives names of elements in closing tags, such as <span class="term">a</span>&#160;in the closing <span class="term">&lt;/a&gt;</span>&#160;tag of the element <span class="term">&lt;a href="http&#58;//cnn.com"&gt;CNN&lt;/a&gt;</span>. Unlike for opening tags, no other value (i.e., the attribute name-value array) is passed to the function since a closing tag contains only element names. Typically, the function will return an empty string or a full closing tag (like <span class="term">&lt;/a&gt;</span>).<br />
<br />
&#160; This is a <strong>powerful functionality</strong>&#160;that can be exploited for various objectives: consolidate-and-convert inline <span class="term">style</span>&#160;attributes to <span class="term">class</span>, convert <span class="term">embed</span>&#160;elements to <span class="term">object</span>, permit only one <span class="term">caption</span>&#160;element in a <span class="term">table</span>&#160;element, disallow embedding of certain types of media, <strong>inject HTML</strong>, use <a href="http://csstidy.sourceforge.net">CSSTidy</a>&#160;to sanitize <span class="term">style</span>&#160;attribute values, etc.<br />
<br />
&#160; As an example, the custom hook code below can be used to force a series of specifically ordered <span class="term">id</span>&#160;attributes on all elements, and a specific <span class="term">param</span>&#160;element inside all <span class="term">object</span>&#160;elements:<br />
<br />
-<code class="code">&#160; &#160; function my_tag_function($element, $attribute_array){</code>
+<code class="code">&#160; &#160; function my_tag_function($element, $attribute_array=0){</code>
+<br />
+<br />
+
+<code class="code">&#160; &#160; &#160; // If second argument is not received, it means a closing tag is being handled</code>
+<br />
+
+<code class="code">&#160; &#160; &#160; if(is_numeric($attribute_array)){</code>
+<br />
+
+<code class="code">&#160; &#160; &#160; &#160; return "&lt;/$element&gt;";</code>
+<br />
+
+<code class="code">&#160; &#160; &#160; }</code>
+<br />
<br />
<code class="code">&#160; &#160; &#160; static $id = 0;</code>
@@ -1570,6 +1640,11 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<code class="code">&#160; &#160; &#160; }</code>
<br />
+<br />
+
+<code class="code">&#160; &#160; &#160; static $empty_elements = array(&#39;area&#39;=&gt;1, &#39;br&#39;=&gt;1, &#39;col&#39;=&gt;1, &#39;embed&#39;=&gt;1, &#39;hr&#39;=&gt;1, &#39;img&#39;=&gt;1, &#39;input&#39;=&gt;1, &#39;isindex&#39;=&gt;1, &#39;param&#39;=&gt;1);</code>
+<br />
+<br />
<code class="code">&#160; &#160; &#160; return "&lt;{$element}{$string}". (isset($in_array($element, $empty_elements) ? &#39; /&#39; &#58; &#39;&#39;). &#39;&gt;&#39;. $new_element;</code>
<br />
@@ -1598,7 +1673,7 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<br />
&#160; htmLawed allows an admin to use <span class="term">$config["safe"]</span>&#160;to auto-adjust multiple <span class="term">$config</span>&#160;parameters (such as <span class="term">elements</span>&#160;which declares the allowed element-set), which otherwise would have to be manually set. The relevant parameters are indicated by <span class="term">"</span>&#160;in <a href="#s2.2">section 2.2</a>). Thus, one can pass the <span class="term">$config</span>&#160;argument with a simpler value.<br />
<br />
-&#160; With the value of <span class="term">1</span>, htmLawed considers <span class="term">CDATA</span>&#160;sections and HTML comments as plain text, and prohibits the <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>, <span class="term">object</span>&#160;and <span class="term">script</span>&#160;elements, and the <span class="term">on&#42;</span>&#160;attributes like <span class="term">onclick</span>. ( There are <span class="term">$config</span>&#160;parameters like <span class="term">css_expression</span>&#160;that are not affected by the value set for <span class="term">safe</span>&#160;but whose default values still contribute towards a more <em>safe</em>&#160;output.) Further, URLs with schemes (see <a href="#s3.4.3">section 3.4.3</a>) are neutralized so that, e.g., <span class="term">style="moz-binding&#58;url(http&#58;//danger)"</span>&#160;becomes <span class="term">style="moz-binding&#58;url(denied&#58;http&#58;//danger)"</span>&#160;while <span class="term">style="moz-binding&#58;url(ok)"</span>&#160;remains intact.<br />
+&#160; With the value of <span class="term">1</span>, htmLawed considers <span class="term">CDATA</span>&#160;sections and HTML comments as plain text, and prohibits the <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>, <span class="term">object</span>&#160;and <span class="term">script</span>&#160;elements, and the <span class="term">on&#42;</span>&#160;attributes like <span class="term">onclick</span>. ( There are <span class="term">$config</span>&#160;parameters like <span class="term">css_expression</span>&#160;that are not affected by the value set for <span class="term">safe</span>&#160;but whose default values still contribute towards a more <em>safe</em>&#160;output.) Further, URLs with schemes (see <a href="#s3.4.3">section 3.4.3</a>) are neutralized so that, e.g., <span class="term">style="moz-binding&#58;url(http&#58;//danger)"</span>&#160;becomes <span class="term">style="moz-binding&#58;url(denied&#58;http&#58;//danger)"</span>.<br />
<br />
&#160; Admins, however, may still want to completely deny the <span class="term">style</span>&#160;attribute, e.g., with code like<br />
<br />
@@ -1606,6 +1681,8 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<code class="code">&#160; &#160; $processed = htmLawed($text, array(&#39;safe&#39;=&gt;1, &#39;deny_attribute&#39;=&gt;&#39;style&#39;));</code>
<br />
<br />
+&#160; Permitting the <span class="term">style</span>&#160;attribute brings in risks of <em>click-jacking</em>, etc. CSS property values can render a page non-functional or be used to deface it. Except for URLs, dynamic expressions, and some other things, htmLawed does not completely check <span class="term">style</span>&#160;values. It does provide ways for the code-developer implementing htmLawed to do such checks through the <span class="term">$spec</span>&#160;argument, and through the <span class="term">hook_tag</span>&#160;parameter (see <a href="#s3.4.8">section 3.4.8</a>&#160;for more). Disallowing style completely and relying on CSS classes and stylesheet files is recommended.<br />
+<br />
&#160; If a value for a parameter auto-set through <span class="term">safe</span>&#160;is still manually provided, then that value can over-ride the auto-set value. E.g., with <span class="term">$config["safe"] = 1</span>&#160;and <span class="term">$config["elements"] = "&#42;+script"</span>, <span class="term">script</span>, but not <span class="term">applet</span>, is allowed.<br />
<br />
&#160; A page illustrating the efficacy of htmLawed's anti-XSS abilities with <span class="term">safe</span>&#160;set to <span class="term">1</span>&#160;against XSS vectors listed by <a href="http://ha.ckers.org/xss.html">RSnake</a>&#160;may be available <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm">here</a>.<br />
@@ -1688,6 +1765,20 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<br />
&#160; <em>Version number - Release date. Notes</em><br />
<br />
+&#160; 1.1.11 - 5 June 2012. Fix for possible problem with handling of multi-byte characters in attribute values in an mbstring.func_overload enviroment. <span class="term">$config["hook_tag"]</span>, if specified, now receives names of elements in closing tags.<br />
+<br />
+&#160; 1.1.10 - 22 October 2011. Fix for a bug in the <span class="term">tidy</span>&#160;functionality that caused the entire input to be replaced with a single space; new parameter, <span class="term">$config["direct_list_nest"]</span>&#160;to allow direct descendance of a list in a list. (5 April 2012. Dual licensing from LGPLv3 to LGPLv3 and GPLv2+.)<br />
+<br />
+&#160; 1.1.9.5 - 6 July 2011. Minor correction of a rule for nesting of <span class="term">li</span>&#160;within <span class="term">dir</span><br />
+<br />
+&#160; 1.1.9.4 - 3 July 2010. Parameter <span class="term">schemes</span>&#160;now accepts <span class="term">!</span>&#160;so any URL, even a local one, can be <em>denied</em>. An issue in which a second URL value in <span class="term">style</span>&#160;properties was not checked was fixed.<br />
+<br />
+&#160; 1.1.9.3 - 17 May 2010. Checks for correct nesting of <span class="term">param</span><br />
+<br />
+&#160; 1.1.9.2 - 26 April 2010. Minor fix regarding rendering of denied URL schemes<br />
+<br />
+&#160; 1.1.9.1 - 26 February 2010. htmLawed now uses the LGPL version 3 license; support for <span class="term">flashvars</span>&#160;attribute for <span class="term">embed</span><br />
+<br />
&#160; 1.1.9 - 22 December 2009. Soft-hyphens are now removed only from URL-accepting attribute values<br />
<br />
&#160; 1.1.8.1 - 16 July 2009. Minor code-change to fix a PHP error notice<br />
@@ -1738,6 +1829,10 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<br />
&#160; Upgrading is as simple as replacing the previous version of <span class="term">htmLawed.php</span>&#160;(assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content.<br />
<br />
+&#160; <strong>Important</strong>&#160; The following upgrades may affect the functionality of a specific htmLawed as indicated by their corresponding notes:<br />
+<br />
+&#160; (1) From version 1.1-1.1.10 to 1.1.11, if a <span class="term">hook_tag</span>&#160;function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a <span class="term">hook_tag</span>&#160;function receives only the element name. The <span class="term">hook_tag</span>&#160;function therefore may have to be edited. See <a href="#s3.4.9">section 3.4.9</a>.<br />
+<br />
&#160; Old versions of htmLawed may be available online. E.g., for version 1.0, check <a href="http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip">http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip</a>, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip.<br />
</div>
@@ -1789,7 +1884,7 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
<a name="s4.10" id="s4.10"></a><span class="item-no">4.10</span>&#160; Acknowledgements
</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
<br />
-&#160; Bryan Blakey, Ulf Harnhammer, Gareth Heyes, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users.<br />
+&#160; Nicholas Alipaz, Bryan Blakey, Pádraic Brady, Ulf Harnhammer, Gareth Heyes, Klaus Leithoff, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users.<br />
<br />
&#160; Thank you!<br />
@@ -1856,6 +1951,7 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
&#160; disabled - button, input, optgroup, option, select, textarea<br />
&#160; enctype - form<br />
&#160; face - font<br />
+&#160; flashvars* - embed<br />
&#160; for - label<br />
&#160; frame - table<br />
&#160; frameborder - iframe<br />
@@ -2057,7 +2153,7 @@ A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phpl
</div>
</div>
<br />
-<hr /><br /><br /><span class="subtle"><small>HTM version of <em><a href="htmLawed_README.txt">htmLawed_README.txt</a></em> generated on 22 Dec, 2009 using <a href="http://www.bioinformatics.org/phplabware/internal_utilities">rTxt2htm</a> from PHP Labware</small></span>
+<hr /><br /><br /><span class="subtle"><small>HTM version of <em><a href="htmLawed_README.txt">htmLawed_README.txt</a></em> generated on 06 Jun, 2012 using <a href="http://www.bioinformatics.org/phplabware/internal_utilities">rTxt2htm</a> from PHP Labware</small></span>
</div><!-- ended div body -->
</div><!-- ended div top -->
</body>
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt b/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt
index 48a67009b..e4027e465 100644..100755
--- a/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt
+++ b/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt
@@ -1,8 +1,8 @@
/*
-htmLawed_README.txt, 22 December 2009
-htmLawed 1.1.9, 22 December 2009
+htmLawed_README.txt, 8 June 2012
+htmLawed 1.1.11, 5 June 2012
Copyright Santosh Patnaik
-GPL v3 license
+Dual licensed with LGPL 3 and GPL 2 or later
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
*/
@@ -171,7 +171,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
-- 1.4 License & copyright ----------------------------------------o
- htmLawed is free and open-source software licensed under GPL license version 3:- http://www.gnu.org/licenses/gpl-3.0.txt, and copyrighted by Santosh Patnaik, MD, PhD.
+ htmLawed is free and open-source software dual licensed under LGPL license version 3:- http://www.gnu.org/licenses/lgpl-3.0.txt and GPL license version 2:- http://www.gnu.org/licenses/gpl-2.0.txt or later, and copyrighted by Santosh Patnaik, MD, PhD.
-- 1.5 Terms used here --------------------------------------------o
@@ -200,9 +200,11 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
== 2 Usage ========================================================oo
- htmLawed should work with PHP 4.3 and higher. Either 'include()' the 'htmLawed.php' file or copy-paste the entire code.
+ htmLawed should work with PHP 4.4 and higher. Either 'include()' the 'htmLawed.php' file or copy-paste the entire code.
To easily *test* htmLawed using a form-based interface, use the provided demo:- htmLawedTest.php ('htmLawed.php' and 'htmLawedTest.php' should be in the same directory on the web-server).
+
+ *Note*: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to the htmLawed:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed website; the filtering itself can be configured, etc., as described here.
-- 2.1 Simple ------------------------------------------------------
@@ -305,6 +307,12 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
'0' - none *
'string' - dictated by values in 'string'
'on*' (like 'onfocus') attributes not allowed - "
+
+ *direct_nest_list*
+ Allow direct nesting of a list within another without requiring it to be a list item; see section:- #3.3.4
+
+ '0' - no *
+ '1' - yes
*elements*
Allowed HTML elements; see section:- #3.3
@@ -376,11 +384,11 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
'1' - will auto-adjust other relevant '$config' parameters (indicated by '"' in this list)
*schemes*
- Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs; '*' covers all unspecified attributes; see section:- #3.4.3
+ Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs (or '!' to `deny` any URL); '*' covers all unspecified attributes; see section:- #3.4.3
'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https' *
'*: ftp, gopher, http, https, mailto, news, nntp, telnet' ^
- 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https' "
+ 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: !; *:file, http, https' "
*show_setting*
Name of a PHP variable to assign the `finalized` '$config' and '$spec' values; see section:- #3.8
@@ -469,7 +477,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
`Rule`: 'input=title(), value(maxval=8/default=6)'
`Output`: '<input title="WIDTH" value="6" /><input title="length" value="5" />'
- `Rule`: 'input=title(nomatch=$w.d$i), value(match=$em$/default=6em)'
+ `Rule`: 'input=title(nomatch=%w.d%i), value(match=%em%/default=6em)'
`Output`: '<input value="10em" /><input title="length" value="6em" />'
`Rule`: 'input=title(oneof=height|depth/default=depth), value(noneof=5|6)'
@@ -491,17 +499,23 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
-- 2.5 Some security risks to keep in mind ------------------------o
- When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially `dangerous` HTML code. (This may not be a problem if the authors are trusted.)
+ When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially `dangerous` HTML code which is meant to steal user-data, deface a website, render a page non-functional, etc.
- For example, following increase security risks:
+ Unless end-users, either people or software, supplying the content are completely trusted, security issues arising from the degree of HTML usage permission has to be kept in mind. For example, following increase security risks:
* Allowing 'script', 'applet', 'embed', 'iframe' or 'object' elements, or certain of their attributes like 'allowscriptaccess'
* Allowing HTML comments (some Internet Explorer versions are vulnerable with, e.g., '<!--[if gte IE 4]><script>alert("xss");</script><![endif]-->'
* Allowing dynamic CSS expressions (a feature of the IE browser)
+
+ * Allowing the 'style' attribute
- `Unsafe` HTML can be removed by setting '$config' appropriately. E.g., '$config["elements"] = "* -script"' (section:- #3.3), '$config["safe"] = 1' (section:- #3.6), etc.
+ To remove `unsecure` HTML, code-developers using htmLawed must set '$config' appropriately. E.g., '$config["elements"] = "* -script"' to deny the 'script' element (section:- #3.3), '$config["safe"] = 1' to auto-configure ceratin htmLawed parameters for maximizing security (section:- #3.6), etc.
+
+ Permitting the '*style*' attribute brings in risks of `click-jacking`, `phishing`, web-page overlays, etc., `even` when the 'safe' parameter is enabled (see section:- #3.6). Except for URLs and a few other things like CSS dynamic expressions, htmLawed currently does not check every CSS style property. It does provide ways for the code-developer implementing htmLawed to do such checks through htmLawed's '$spec' argument, and through the 'hook_tag' parameter (see section:- #3.4.8 for more). Disallowing 'style' completely and relying on CSS classes and stylesheet files is recommended.
+
+ htmLawed does not check or correct the character *encoding* of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML 'meta' tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).
-- 2.6 Use without modifying old 'kses()' code --------------------o
@@ -614,6 +628,8 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
* htmLawed does not correct certain possible attribute-based security vulnerabilities (e.g., '<a href="http://x%22+style=%22background-image:xss">x</a>'). These arise when browsers mis-identify markup in `escaped` text, defeating the very purpose of escaping text (a bad browser will read the given example as '<a href="http://x" style="background-image:xss">x</a>').
* Because of poor Unicode support in PHP, htmLawed does not remove the `high value` HTML-invalid characters with multi-byte code-points. Such characters however are extremely unlikely to be in the input. (see section:- #3.1).
+
+ * htmLawed does not check or correct the character encoding of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML 'meta' tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).
* Like any script using PHP's PCRE regex functions, PHP setup-specific low PCRE limit values can cause htmLawed to at least partially fail with very long input texts.
@@ -925,6 +941,8 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
In some cases, the specs stipulate the number and/or the ordering of the child elements. A 'table' can have 0 or 1 'caption', 'tbody', 'tfoot', and 'thead', but they must be in this order: 'caption', 'thead', 'tfoot', 'tbody'.
htmLawed currently does not check for conformance to these rules. Note that any non-compliance in this regard will not introduce security vulnerabilities, crash browser applications, or affect the rendering of web-pages.
+
+ With '$config["direct_list_nest"]' set to '1', htmLawed will allow direct nesting of an 'ol' or 'ul' list within another 'ol' or 'ul' without requiring the child list to be within an 'li' of the parent list. While this is not standard-compliant, directly nested lists are rendered properly by almost all browsers. The parameter '$config["direct_list_nest"]' has no effect if tag-balancing (section:- #3.3.3) is turned off.
-- 3.3.5 Beautify or compact HTML ---------------------------------o
@@ -1020,6 +1038,8 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
Thus, `to allow Javascript`, one can set '$config["schemes"]' as 'href: mailto, http, https; *: http, https, javascript', or 'href: mailto, http, https, javascript; *: http, https, javascript', or '*: *', and so on.
As a side-note, one may find 'style: *' useful as URLs in 'style' attributes can be specified in a variety of ways, and the patterns that htmLawed uses to identify URLs may mistakenly identify non-URL text.
+
+ '!' can be put in the list of schemes to disallow all protocols as well as `local` URLs. Thus, with 'href: http, style: !', '<a href="http://cnn.com" style="background-image: url('local.jpg');">CNN</a>' will become '<a href="http://cnn.com" style="background-image: url('denied:local.jpg');">CNN</a>'.
*Note*: If URL-accepting attributes other than those listed above are being allowed, then the scheme will not be checked unless the attribute name contains the string 'src' (e.g., 'dynsrc') or starts with 'o' (e.g., 'onbeforecopy').
@@ -1149,7 +1169,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
-- 3.4.8 Inline style properties ----------------------------------o
- htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the 'style' attributes. (CSS properties like 'background-image' that accept URLs in their values are noted in section:- #5.3.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting '$config["css_expression"]' to '1' (default setting).
+ htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the 'style' attributes. (CSS properties like 'background-image' that accept URLs in their values are noted in section:- #5.3.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting '$config["css_expression"]' to '1' (default setting). Note that when '$config["css_expression"]' is set to '1', htmLawed will remove '/*' from the 'style' values.
*Note*: Because of the various ways of representing characters in attribute values (URL-escapement, entitification, etc.), htmLawed might alter the values of the 'style' attribute values, and may even falsely identify dynamic CSS expressions and URL schemes in them. If this is an important issue, checking of URLs and dynamic expressions can be turned off ('$config["schemes"] = "...style:*..."', see section:- #3.4.3, and '$config["css_expression"] = 0'). Alternately, admins can use their own custom function for finer handling of 'style' values through the 'hook_tag' parameter (see section:- #3.4.9).
@@ -1163,13 +1183,21 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
It is possible to utilize a custom hook function to alter the tag content htmLawed has finalized (i.e., after it has checked/corrected for required attributes, transformed attributes, lower-cased attribute names, etc.).
- When '$config' parameter 'hook_tag' is set to the name of a function, htmLawed (function 'hl_tag()') will pass on the element name, and the `finalized` attribute name-value pairs as array elements to the function. The function is expected to return the full opening tag string like '<element_name attribute_1_name="attribute_1_value"...>' (for empty elements like 'img' and 'input', the element-closing slash '/' should also be included).
+ When '$config' parameter 'hook_tag' is set to the name of a function, htmLawed (function 'hl_tag()') will pass on the element name, and, in the case of an opening tag, the `finalized` attribute name-value pairs as array elements to the function. The function, after completing a task such as filtering or tag transformation, will typically return an empty string, the full opening tag string like '<element_name attribute_1_name="attribute_1_value"...>' (for empty elements like 'img' and 'input', the element-closing slash '/' should also be included), etc.
+
+ Any 'hook_tag' function, since htmLawed version 1.1.11, also receives names of elements in closing tags, such as 'a' in the closing '</a>' tag of the element '<a href="http://cnn.com">CNN</a>'. Unlike for opening tags, no other value (i.e., the attribute name-value array) is passed to the function since a closing tag contains only element names. Typically, the function will return an empty string or a full closing tag (like '</a>').
This is a *powerful functionality* that can be exploited for various objectives: consolidate-and-convert inline 'style' attributes to 'class', convert 'embed' elements to 'object', permit only one 'caption' element in a 'table' element, disallow embedding of certain types of media, *inject HTML*, use CSSTidy:- http://csstidy.sourceforge.net to sanitize 'style' attribute values, etc.
As an example, the custom hook code below can be used to force a series of specifically ordered 'id' attributes on all elements, and a specific 'param' element inside all 'object' elements:
- function my_tag_function($element, $attribute_array){
+ function my_tag_function($element, $attribute_array=0){
+
+ // If second argument is not received, it means a closing tag is being handled
+ if(is_numeric($attribute_array)){
+ return "</$element>";
+ }
+
static $id = 0;
// Remove any duplicate element
if($element == 'param' && isset($attribute_array['allowscriptaccess'])){
@@ -1192,6 +1220,9 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
foreach($attribute_array as $k=>$v){
$string .= " {$k}=\"{$v}\"";
}
+
+ static $empty_elements = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1);
+
return "<{$element}{$string}". (isset($in_array($element, $empty_elements) ? ' /' : ''). '>'. $new_element;
}
@@ -1213,12 +1244,14 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
htmLawed allows an admin to use '$config["safe"]' to auto-adjust multiple '$config' parameters (such as 'elements' which declares the allowed element-set), which otherwise would have to be manually set. The relevant parameters are indicated by '"' in section:- #2.2). Thus, one can pass the '$config' argument with a simpler value.
- With the value of '1', htmLawed considers 'CDATA' sections and HTML comments as plain text, and prohibits the 'applet', 'embed', 'iframe', 'object' and 'script' elements, and the 'on*' attributes like 'onclick'. ( There are '$config' parameters like 'css_expression' that are not affected by the value set for 'safe' but whose default values still contribute towards a more `safe` output.) Further, URLs with schemes (see section:- #3.4.3) are neutralized so that, e.g., 'style="moz-binding:url(http://danger)"' becomes 'style="moz-binding:url(denied:http://danger)"' while 'style="moz-binding:url(ok)"' remains intact.
+ With the value of '1', htmLawed considers 'CDATA' sections and HTML comments as plain text, and prohibits the 'applet', 'embed', 'iframe', 'object' and 'script' elements, and the 'on*' attributes like 'onclick'. ( There are '$config' parameters like 'css_expression' that are not affected by the value set for 'safe' but whose default values still contribute towards a more `safe` output.) Further, URLs with schemes (see section:- #3.4.3) are neutralized so that, e.g., 'style="moz-binding:url(http://danger)"' becomes 'style="moz-binding:url(denied:http://danger)"'.
Admins, however, may still want to completely deny the 'style' attribute, e.g., with code like
$processed = htmLawed($text, array('safe'=>1, 'deny_attribute'=>'style'));
+ Permitting the 'style' attribute brings in risks of `click-jacking`, etc. CSS property values can render a page non-functional or be used to deface it. Except for URLs, dynamic expressions, and some other things, htmLawed does not completely check 'style' values. It does provide ways for the code-developer implementing htmLawed to do such checks through the '$spec' argument, and through the 'hook_tag' parameter (see section:- #3.4.8 for more). Disallowing style completely and relying on CSS classes and stylesheet files is recommended.
+
If a value for a parameter auto-set through 'safe' is still manually provided, then that value can over-ride the auto-set value. E.g., with '$config["safe"] = 1' and '$config["elements"] = "*+script"', 'script', but not 'applet', is allowed.
A page illustrating the efficacy of htmLawed's anti-XSS abilities with 'safe' set to '1' against XSS vectors listed by RSnake:- http://ha.ckers.org/xss.html may be available here:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm.
@@ -1288,6 +1321,20 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
`Version number - Release date. Notes`
+ 1.1.11 - 5 June 2012. Fix for possible problem with handling of multi-byte characters in attribute values in an mbstring.func_overload enviroment. '$config["hook_tag"]', if specified, now receives names of elements in closing tags.
+
+ 1.1.10 - 22 October 2011. Fix for a bug in the 'tidy' functionality that caused the entire input to be replaced with a single space; new parameter, '$config["direct_list_nest"]' to allow direct descendance of a list in a list. (5 April 2012. Dual licensing from LGPLv3 to LGPLv3 and GPLv2+.)
+
+ 1.1.9.5 - 6 July 2011. Minor correction of a rule for nesting of 'li' within 'dir'
+
+ 1.1.9.4 - 3 July 2010. Parameter 'schemes' now accepts '!' so any URL, even a local one, can be `denied`. An issue in which a second URL value in 'style' properties was not checked was fixed.
+
+ 1.1.9.3 - 17 May 2010. Checks for correct nesting of 'param'
+
+ 1.1.9.2 - 26 April 2010. Minor fix regarding rendering of denied URL schemes
+
+ 1.1.9.1 - 26 February 2010. htmLawed now uses the LGPL version 3 license; support for 'flashvars' attribute for 'embed'
+
1.1.9 - 22 December 2009. Soft-hyphens are now removed only from URL-accepting attribute values
1.1.8.1 - 16 July 2009. Minor code-change to fix a PHP error notice
@@ -1336,6 +1383,10 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
Upgrading is as simple as replacing the previous version of 'htmLawed.php' (assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content.
+ *Important* The following upgrades may affect the functionality of a specific htmLawed as indicated by their corresponding notes:
+
+ (1) From version 1.1-1.1.10 to 1.1.11, if a 'hook_tag' function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a 'hook_tag' function receives only the element name. The 'hook_tag' function therefore may have to be edited. See section:- #3.4.9.
+
Old versions of htmLawed may be available online. E.g., for version 1.0, check http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip.
@@ -1382,7 +1433,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
-- 4.10 Acknowledgements ------------------------------------------o
- Bryan Blakey, Ulf Harnhammer, Gareth Heyes, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users.
+ Nicholas Alipaz, Bryan Blakey, Pádraic Brady, Ulf Harnhammer, Gareth Heyes, Klaus Leithoff, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users.
Thank you!
@@ -1446,6 +1497,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern
disabled - button, input, optgroup, option, select, textarea
enctype - form
face - font
+ flashvars* - embed
for - label
frame - table
frameborder - iframe
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt b/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt
index ea24b1839..793a5a6a7 100644..100755
--- a/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt
+++ b/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt
@@ -1,8 +1,8 @@
/*
-htmLawed_TESTCASE.txt, 22 December 2009
-htmLawed 1.1.9, 22 December 2009
+htmLawed_TESTCASE.txt, 22 October 2011
+htmLawed 1.1.11, 5 June 2012
Copyright Santosh Patnaik
-GPL v3 license
+Dual licensed with LGPL 3 and GPL 2 or later
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
*/
@@ -94,6 +94,15 @@ The PHP <s>software</s> script used for this <strike>web-page</strike> webpage i
<area href="5" shape="Rect" coords="0,0,118,28">
</map></object>
+<param name="name">value</param>
+
+<object id="obj1">
+ <param name="param1">
+ <object id="obj2">
+ <param name="param2">
+ </object>
+</object>
+
<h6>Complex-4: nested and other tables</h6>
<table border="1" bgcolor="red"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" bgcolor="green"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br />
@@ -181,10 +190,13 @@ text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b>
<h6>HTML comments (also CDATA)</h6>
-Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 &gt; 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br />
-Normal: <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br />
-Malformed: <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br />
-Invalid: <em <!-- check -->>comment in tag content</em>, <!--check-->
+<strong>Script inside:</strong> <!--[if gte IE 4]>
+<SCRIPT>alert('XSS');</SCRIPT>
+<![endif]--><br />
+<strong>Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 &gt; 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br />
+<strong>Normal:</strong> <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br />
+<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br />
+Invalid:</strong> <em <!-- check -->>comment in tag content</em>, <!--check-->
<h6>Ins-Del</h6>
@@ -224,6 +236,11 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check-->
<li>l3</li>
<li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li>
</ul><br />
+<strong>Nested, directly</strong>: <ul>
+ <li>l1</li>
+ <ol>l2</ol>
+ <li>l3</li>
+</ul><br />
<strong>Nested, close-tags omitted</strong>: <ul>
<li>l1</li>
<li>l2<ol><li>lo1<li>lo2</ol>
@@ -242,6 +259,13 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check-->
</li></ul>
</td></tr></table></li></ol>
+<h6>Microdata</h6>
+
+<div itemscope itemtype="http://data-vocabulary.org/Person">
+I am <span itemprop="name">X</span> but people call me <span itemprop="nickname">Y</span>.
+Find me at <a href="http://www.xy.com" itemprop="url">www.xy.com</a>
+</div>
+
<h6>Non-English text-1</h6>
Inscrieţi-vă acum la a Zecea Conferinţă Internaţională<br />
@@ -320,7 +344,8 @@ na Alemanha.
<strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br />
(try base URL value of 'http://a.com/b/')<br />
<strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL(&quot;a.gif&quot;);"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: &#117;r&#x6C;('js&#58;xss'&#x29;"></div><br />
-<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f"></a><br />
+<strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br />
+<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br />
<h6>XSS</h6>
diff --git a/mod/infinite_scroll b/mod/infinite_scroll
-Subproject 96bdef76f1e3c27e392373b8152d471c88f46b8
+Subproject 0b5e837358e3bc0e23261b414509383a0eb617f
diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php
index db3036bb4..88cb84467 100644
--- a/mod/likes/actions/likes/delete.php
+++ b/mod/likes/actions/likes/delete.php
@@ -4,17 +4,12 @@
*
*/
-$likes = elgg_get_annotations(array(
- 'guid' => (int) get_input('guid'),
- 'annotation_owner_guid' => elgg_get_logged_in_user_guid(),
- 'annotation_name' => 'likes',
-));
-if ($likes) {
- if ($likes[0]->canEdit()) {
- $likes[0]->delete();
- system_message(elgg_echo("likes:deleted"));
- forward(REFERER);
- }
+$id = (int) get_input('id');
+$like = elgg_get_annotation_from_id($id);
+if ($like && $like->canEdit()) {
+ $like->delete();
+ system_message(elgg_echo("likes:deleted"));
+ forward(REFERER);
}
register_error(elgg_echo("likes:notdeleted"));
diff --git a/mod/likes/languages/en.php b/mod/likes/languages/en.php
index 4a98d7cfe..b9460aa10 100644
--- a/mod/likes/languages/en.php
+++ b/mod/likes/languages/en.php
@@ -17,6 +17,7 @@ $english = array(
'likes:userlikedthis' => '%s like',
'likes:userslikedthis' => '%s likes',
'likes:river:annotate' => 'likes',
+ 'likes:delete:confirm' => 'Are you sure you want to unlike this?',
'river:likes' => 'likes %s %s',
diff --git a/mod/likes/views/default/annotation/likes.php b/mod/likes/views/default/annotation/likes.php
index d41522fc4..abd4df823 100644
--- a/mod/likes/views/default/annotation/likes.php
+++ b/mod/likes/views/default/annotation/likes.php
@@ -29,9 +29,9 @@ $friendlytime = elgg_view_friendly_time($like->time_created);
if ($like->canEdit()) {
$delete_button = elgg_view("output/confirmlink",array(
- 'href' => "action/likes/delete?annotation_id={$like->id}",
+ 'href' => "action/likes/delete?id={$like->id}",
'text' => "<span class=\"elgg-icon elgg-icon-delete float-alt\"></span>",
- 'confirm' => elgg_echo('deleteconfirm'),
+ 'confirm' => elgg_echo('likes:delete:confirm'),
'encode_text' => false,
));
}
diff --git a/mod/likes/views/default/likes/button.php b/mod/likes/views/default/likes/button.php
index bc7c8fd8a..956bbcb19 100644
--- a/mod/likes/views/default/likes/button.php
+++ b/mod/likes/views/default/likes/button.php
@@ -24,7 +24,13 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
);
$likes_button = elgg_view('output/url', $params);
} else {
- $url = elgg_get_site_url() . "action/likes/delete?guid={$guid}";
+ $like = elgg_get_annotations(array(
+ 'guid' => $guid,
+ 'annotation_owner_guid' => elgg_get_logged_in_user_guid(),
+ 'annotation_name' => 'likes',
+ ));
+ $like = $like[0];
+ $url = elgg_get_site_url() . "action/likes/delete?id={$like->id}";
$params = array(
'href' => $url,
'text' => elgg_view_icon('thumbs-up-alt'),
diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php
index d41551be4..19e3ecdd7 100644
--- a/mod/messages/pages/messages/read.php
+++ b/mod/messages/pages/messages/read.php
@@ -9,7 +9,7 @@ gatekeeper();
$message = get_entity(get_input('guid'));
if (!$message) {
- forward();
+ forward('messages/inbox');
}
// mark the message as read
diff --git a/mod/messages/start.php b/mod/messages/start.php
index 1a2709324..2e61d6e21 100644
--- a/mod/messages/start.php
+++ b/mod/messages/start.php
@@ -356,16 +356,10 @@ function messages_count_unread() {
"msg_msg.name_id='{$map['msg']}' AND msg_msg.value_id='{$map[1]}'",
),
'owner_guid' => $user_guid,
- 'limit' => 0
+ 'count' => true,
);
- $num_messages = elgg_get_entities_from_metadata($options);
-
- if (is_array($num_messages)) {
- return sizeof($num_messages);
- }
-
- return 0;
+ return elgg_get_entities_from_metadata($options);
}
/**
diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php
index c304cb856..7838f7e63 100644
--- a/mod/notifications/actions/groupsave.php
+++ b/mod/notifications/actions/groupsave.php
@@ -6,27 +6,42 @@
* @package ElggNotifications
*/
-// Load important global vars
-global $NOTIFICATION_HANDLERS;
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
// Get group memberships and condense them down to an array of guids
$groups = array();
-if ($groupmemberships = elgg_get_entities_from_relationship(array('relationship' => 'member', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'group', 'limit' => 9999))) {
+$options = array(
+ 'relationship' => 'member',
+ 'relationship_guid' => $user->guid,
+ 'types' => 'group',
+ 'limit' => 9999,
+);
+if ($groupmemberships = elgg_get_entities_from_relationship($options)) {
foreach($groupmemberships as $groupmembership) {
$groups[] = $groupmembership->guid;
}
-}
+}
+// Load important global vars
+global $NOTIFICATION_HANDLERS;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');
$collections[$method] = get_input($method.'collections');
if (!empty($groups)) {
foreach($groups as $group) {
- if (in_array($group,$subscriptions[$method])) {
- add_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group);
+ if (in_array($group, $subscriptions[$method])) {
+ add_entity_relationship($user->guid, 'notify'.$method, $group);
} else {
- remove_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group);
+ remove_entity_relationship($user->guid, 'notify'.$method, $group);
}
}
}
diff --git a/mod/notifications/actions/save.php b/mod/notifications/actions/save.php
index 163b656aa..3fe0001a3 100644
--- a/mod/notifications/actions/save.php
+++ b/mod/notifications/actions/save.php
@@ -6,9 +6,18 @@
* @package ElggNotifications
*/
-$user = elgg_get_logged_in_user_entity();
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
global $NOTIFICATION_HANDLERS;
+$subscriptions = array();
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');
diff --git a/mod/notifications/groups.php b/mod/notifications/groups.php
index 45fb94e83..3347d4054 100644
--- a/mod/notifications/groups.php
+++ b/mod/notifications/groups.php
@@ -3,16 +3,16 @@
* Elgg notifications plugin group index
*
* @package ElggNotifications
+ *
+ * @uses $user ElggUser
*/
-// Load Elgg framework
-require_once(dirname(dirname(dirname(__FILE__))) . '/engine/start.php');
-
-// Ensure only logged-in users can see this page
-gatekeeper();
+if (!isset($user) || !($user instanceof ElggUser)) {
+ $url = 'notifications/group/' . elgg_get_logged_in_user_entity()->username;
+ forward($url);
+}
-elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
-$user = elgg_get_page_owner_entity();
+elgg_set_page_owner_guid($user->guid);
// Set the context to settings
elgg_set_context('settings');
@@ -27,12 +27,15 @@ $people = array();
$groupmemberships = elgg_get_entities_from_relationship(array(
'relationship' => 'member',
- 'relationship_guid' => elgg_get_logged_in_user_guid(),
+ 'relationship_guid' => $user->guid,
'types' => 'group',
'limit' => 9999,
));
-$body = elgg_view_form('notificationsettings/groupsave', array(), array('groups' => $groupmemberships));
+$body = elgg_view_form('notificationsettings/groupsave', array(), array(
+ 'groups' => $groupmemberships,
+ 'user' => $user,
+));
$params = array(
'content' => $body,
diff --git a/mod/notifications/index.php b/mod/notifications/index.php
index 882389fde..cd1857f04 100644
--- a/mod/notifications/index.php
+++ b/mod/notifications/index.php
@@ -3,16 +3,16 @@
* Elgg notifications plugin index
*
* @package ElggNotifications
+ *
+ * @uses $user ElggUser
*/
-// Load Elgg framework
-require_once(dirname(dirname(dirname(__FILE__))) . '/engine/start.php');
-
-// Ensure only logged-in users can see this page
-gatekeeper();
+if (!isset($user) || !($user instanceof ElggUser)) {
+ $url = 'notifications/personal/' . elgg_get_logged_in_user_entity()->username;
+ forward($url);
+}
-elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
-$user = elgg_get_page_owner_entity();
+elgg_set_page_owner_guid($user->guid);
// Set the context to settings
elgg_set_context('settings');
@@ -26,7 +26,7 @@ elgg_push_breadcrumb($title);
$people = array();
if ($people_ents = elgg_get_entities_from_relationship(array(
'relationship' => 'notify',
- 'relationship_guid' => elgg_get_logged_in_user_guid(),
+ 'relationship_guid' => $user->guid,
'types' => 'user',
'limit' => 99999,
))) {
@@ -36,7 +36,10 @@ if ($people_ents = elgg_get_entities_from_relationship(array(
}
}
-$body = elgg_view('notifications/subscriptions/form', array('people' => $people));
+$body = elgg_view('notifications/subscriptions/form', array(
+ 'people' => $people,
+ 'user' => $user,
+));
$params = array(
'content' => $body,
diff --git a/mod/notifications/languages/en.php b/mod/notifications/languages/en.php
index b29c9df25..0f2ba2304 100644
--- a/mod/notifications/languages/en.php
+++ b/mod/notifications/languages/en.php
@@ -8,7 +8,7 @@ $english = array(
'notifications:subscriptions:personal:title' => 'Personal notifications',
'notifications:subscriptions:friends:title' => 'Friends',
- 'notifications:subscriptions:friends:description' => 'The following is an automatic collection made up of your friends. To receive updates select below. This will affect the corresponding users in the main notification settings panel at the bottom of the page. ',
+ 'notifications:subscriptions:friends:description' => 'Below are collections of your friends. Selecting a collection turns on notifications for the users in that collection.',
'notifications:subscriptions:collections:edit' => 'To edit your shared access notifications, click here.',
'notifications:subscriptions:changesettings' => 'Notifications',
diff --git a/mod/notifications/start.php b/mod/notifications/start.php
index 761f17e40..b76b0aa1e 100644
--- a/mod/notifications/start.php
+++ b/mod/notifications/start.php
@@ -25,7 +25,7 @@ function notifications_plugin_init() {
// update notifications when new friend or access collection membership
elgg_register_event_handler('create', 'friend', 'notifications_update_friend_notify');
- elgg_register_plugin_hook_handler('access:collections:add-user', 'collection', 'notifications_update_collection_notify');
+ elgg_register_plugin_hook_handler('access:collections:add_user', 'collection', 'notifications_update_collection_notify');
$actions_base = elgg_get_plugins_path() . 'notifications/actions';
elgg_register_action("notificationsettings/save", "$actions_base/save.php");
@@ -40,13 +40,25 @@ function notifications_plugin_init() {
*/
function notifications_page_handler($page) {
+ gatekeeper();
+ $current_user = elgg_get_logged_in_user_entity();
+
// default to personal notifications
if (!isset($page[0])) {
$page[0] = 'personal';
}
+ if (!isset($page[1])) {
+ forward("notifications/{$page[0]}/{$current_user->username}");
+ }
+
+ $user = get_user_by_username($page[1]);
+ if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+ }
$base = elgg_get_plugins_path() . 'notifications';
+ // note: $user passed in
switch ($page[0]) {
case 'group':
require "$base/groups.php";
@@ -66,12 +78,16 @@ function notifications_page_handler($page) {
*/
function notifications_plugin_pagesetup() {
if (elgg_get_context() == "settings" && elgg_get_logged_in_user_guid()) {
- $user = elgg_get_logged_in_user_entity();
+
+ $user = elgg_get_page_owner_entity();
+ if (!$user) {
+ $user = elgg_get_logged_in_user_entity();
+ }
$params = array(
'name' => '2_a_user_notify',
'text' => elgg_echo('notifications:subscriptions:changesettings'),
- 'href' => "notifications/personal",
+ 'href' => "notifications/personal/{$user->username}",
);
elgg_register_menu_item('page', $params);
@@ -79,7 +95,7 @@ function notifications_plugin_pagesetup() {
$params = array(
'name' => '2_group_notify',
'text' => elgg_echo('notifications:subscriptions:changesettings:groups'),
- 'href' => "notifications/group",
+ 'href' => "notifications/group/{$user->username}",
);
elgg_register_menu_item('page', $params);
}
@@ -178,7 +194,7 @@ function notifications_update_collection_notify($event, $object_type, $returnval
}
if (in_array($collection_id, $collections_preferences)) {
// notifications are on for this collection so we add/remove
- if ($event == 'access:collections:add-user') {
+ if ($event == 'access:collections:add_user') {
add_entity_relationship($user->guid, "notify$method", $member_guid);
} elseif ($event == 'access:collections:remove_user') {
// removing someone from an access collection is not a guarantee
diff --git a/mod/notifications/views/default/forms/notificationsettings/groupsave.php b/mod/notifications/views/default/forms/notificationsettings/groupsave.php
index 61b94ff8b..168639ab2 100644
--- a/mod/notifications/views/default/forms/notificationsettings/groupsave.php
+++ b/mod/notifications/views/default/forms/notificationsettings/groupsave.php
@@ -3,13 +3,18 @@
* Elgg notifications groups subscription form
*
* @package ElggNotifications
+ *
+ * @uses $vars['user'] ElggUser
*/
+/* @var ElggUser $user */
+$user = $vars['user'];
+
global $NOTIFICATION_HANDLERS;
foreach ($NOTIFICATION_HANDLERS as $method => $foo) {
$subsbig[$method] = elgg_get_entities_from_relationship(array(
'relationship' => 'notify' . $method,
- 'relationship_guid' => elgg_get_logged_in_user_guid(),
+ 'relationship_guid' => $user->guid,
'types' => 'group',
'limit' => 99999,
));
@@ -97,6 +102,7 @@ END;
<?php
}
echo '<div class="elgg-foot mtm">';
+ echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid));
echo elgg_view('input/submit', array('value' => elgg_echo('save')));
echo '</div>';
diff --git a/mod/notifications/views/default/forms/notificationsettings/save.php b/mod/notifications/views/default/forms/notificationsettings/save.php
index ff32d8558..9470256ca 100644
--- a/mod/notifications/views/default/forms/notificationsettings/save.php
+++ b/mod/notifications/views/default/forms/notificationsettings/save.php
@@ -1,13 +1,21 @@
<?php
/**
* Personal notifications form body
+ *
+ * @uses $vars['user'] ElggUser
*/
-echo elgg_view('notifications/subscriptions/personal');
-echo elgg_view('notifications/subscriptions/collections');
-echo elgg_view('notifications/subscriptions/forminternals');
+/* @var ElggUser $user */
+$user = $vars['user'];
+
+echo elgg_view('notifications/subscriptions/personal', $vars);
+echo elgg_view('notifications/subscriptions/collections', $vars);
+echo elgg_view('notifications/subscriptions/forminternals', $vars);
?>
<div class="elgg-foot">
-<?php echo elgg_view('input/submit', array('value' => elgg_echo('save'))); ?>
+<?php
+echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid));
+echo elgg_view('input/submit', array('value' => elgg_echo('save')));
+?>
</div>
diff --git a/mod/notifications/views/default/notifications/subscriptions/collections.php b/mod/notifications/views/default/notifications/subscriptions/collections.php
index 28d9fb5b8..207b2e3b9 100644
--- a/mod/notifications/views/default/notifications/subscriptions/collections.php
+++ b/mod/notifications/views/default/notifications/subscriptions/collections.php
@@ -1,4 +1,12 @@
-<?php //@todo JS 1.8: no ?>
+<?php
+/**
+ * @uses $vars['user'] ElggUser
+ */
+
+/* @var ElggUser $user */
+$user = $vars['user'];
+
+//@todo JS 1.8: no ?>
<script type="text/javascript">
function setCollection(members, method, id) {
@@ -42,7 +50,7 @@
</tr>
<?php
$members = array();
- if ($friends = get_user_friends(elgg_get_logged_in_user_guid(), '', 9999, 0)) {
+ if ($friends = get_user_friends($user->guid, '', 9999, 0)) {
foreach($friends as $friend) {
$members[] = $friend->guid;
}
@@ -63,7 +71,7 @@
$i = 0;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$metaname = 'collections_notifications_preferences_' . $method;
- if ($collections_preferences = elgg_get_logged_in_user_entity()->$metaname) {
+ if ($collections_preferences = $user->$metaname) {
if (!empty($collections_preferences) && !is_array($collections_preferences)) {
$collections_preferences = array($collections_preferences);
}
@@ -91,15 +99,18 @@ END;
<td>&nbsp;</td>
</tr>
<?php
-/*
- @todo
- collections removed from notifications - they are no longer used and will be replaced with shared access collections
-
- if ($collections = get_user_access_collections(elgg_get_logged_in_user_guid())) {
- foreach($collections as $collection) {
+
+ if ($collections = get_user_access_collections($user->guid)) {
+ foreach ($collections as $collection) {
$members = get_members_of_access_collection($collection->id, true);
- $memberno = sizeof($members);
- $members = implode(',', $members);
+ $memberno = 0;
+ if ($members) {
+ $memberno = sizeof($members);
+ $members = implode(',', $members);
+ } else {
+ $members = '';
+ }
+
?>
<tr>
@@ -115,7 +126,7 @@ END;
$i = 0;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$metaname = 'collections_notifications_preferences_' . $method;
- if ($collections_preferences = elgg_get_logged_in_user_entity()->$metaname) {
+ if ($collections_preferences = $user->$metaname) {
if (!empty($collections_preferences) && !is_array($collections_preferences)) {
$collections_preferences = array($collections_preferences);
}
@@ -148,7 +159,6 @@ END;
}
}
-*/
?>
</table>
</div>
diff --git a/mod/notifications/views/default/notifications/subscriptions/form.php b/mod/notifications/views/default/notifications/subscriptions/form.php
index f2f6238f9..559354eff 100644
--- a/mod/notifications/views/default/notifications/subscriptions/form.php
+++ b/mod/notifications/views/default/notifications/subscriptions/form.php
@@ -1,11 +1,12 @@
<?php
/**
* Elgg personal notifications
+ *
+ * @uses $vars['user'] ElggUser that owns the notification settings
*/
-
-echo elgg_view('subscriptions/form/additions',$vars);
-
-// Display a description
+// @todo is this a view for extensions?
+echo elgg_view('subscriptions/form/additions', $vars);
-echo elgg_view_form('notificationsettings/save', array('class' => 'elgg-form-alt'));
+$form_vars = array('class' => 'elgg-form-alt');
+echo elgg_view_form('notificationsettings/save', $form_vars, $vars);
diff --git a/mod/notifications/views/default/notifications/subscriptions/forminternals.php b/mod/notifications/views/default/notifications/subscriptions/forminternals.php
index e89ce02be..11f266303 100644
--- a/mod/notifications/views/default/notifications/subscriptions/forminternals.php
+++ b/mod/notifications/views/default/notifications/subscriptions/forminternals.php
@@ -1,8 +1,13 @@
<?php
/**
* Hacked up friends picker that needs to be replaced
+ *
+ * @uses $vars['user'] ElggUser
*/
+/* @var ElggUser $user */
+$user = $vars['user'];
+
elgg_load_js('elgg.friendspicker');
elgg_load_js('jquery.easing');
@@ -19,11 +24,16 @@ elgg_load_js('jquery.easing');
<?php
// Get friends and subscriptions
-$friends = get_user_friends(elgg_get_logged_in_user_guid(),'',9999,0);
+$friends = get_user_friends($user->guid, '', 9999, 0);
global $NOTIFICATION_HANDLERS;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
- $subsbig[$method] = elgg_get_entities_from_relationship(array('relationship' => 'notify' . $method, 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'user', 'limit' => 99999));
+ $subsbig[$method] = elgg_get_entities_from_relationship(array(
+ 'relationship' => 'notify' . $method,
+ 'relationship_guid' => $user->guid,
+ 'types' => 'user',
+ 'limit' => 99999,
+ ));
}
$subs = array();
@@ -88,9 +98,9 @@ if (isset($vars['formtarget'])) {
// Sort users by letter
if (is_array($friends) && sizeof($friends)) {
- foreach($friends as $user) {
+ foreach($friends as $friend) {
- $letter = elgg_substr($user->name,0,1);
+ $letter = elgg_substr($friend->name,0,1);
$letter = elgg_strtoupper($letter);
if (!elgg_substr_count($chararray,$letter)) {
$letter = "*";
@@ -98,7 +108,7 @@ if (is_array($friends) && sizeof($friends)) {
if (!isset($users[$letter])) {
$users[$letter] = array();
}
- $users[$letter][$user->guid] = $user;
+ $users[$letter][$friend->guid] = $friend;
}
}
diff --git a/mod/notifications/views/default/notifications/subscriptions/personal.php b/mod/notifications/views/default/notifications/subscriptions/personal.php
index 7dac908fc..cf05426e2 100644
--- a/mod/notifications/views/default/notifications/subscriptions/personal.php
+++ b/mod/notifications/views/default/notifications/subscriptions/personal.php
@@ -1,4 +1,10 @@
<?php
+/**
+ * @uses $vars['user'] ElggUser
+ */
+
+/* @var ElggUser $user */
+$user = $vars['user'];
global $NOTIFICATION_HANDLERS;
@@ -40,7 +46,7 @@ foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$fields = '';
$i = 0;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
- if ($notification_settings = get_user_notification_settings(elgg_get_logged_in_user_guid())) {
+ if ($notification_settings = get_user_notification_settings($user->guid)) {
if ($notification_settings->$method) {
$personalchecked[$method] = 'checked="checked"';
} else {
diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php
index 3f27118a6..9a9ba12e9 100644
--- a/mod/pages/lib/pages.php
+++ b/mod/pages/lib/pages.php
@@ -103,16 +103,18 @@ function pages_register_navigation_tree($container) {
'metadata_value' => $parent->getGUID(),
'limit' => 0,
));
-
- foreach ($children as $child) {
- elgg_register_menu_item('pages_nav', array(
- 'name' => $child->getGUID(),
- 'text' => $child->title,
- 'href' => $child->getURL(),
- 'parent_name' => $parent->getGUID(),
- ));
- array_push($stack, $child);
+
+ if ($children) {
+ foreach ($children as $child) {
+ elgg_register_menu_item('pages_nav', array(
+ 'name' => $child->getGUID(),
+ 'text' => $child->title,
+ 'href' => $child->getURL(),
+ 'parent_name' => $parent->getGUID(),
+ ));
+ array_push($stack, $child);
+ }
}
}
}
-} \ No newline at end of file
+}
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 6b9d03f49..e1c3fdbfd 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -9,7 +9,8 @@ $page_guid = get_input('guid');
$page = get_entity($page_guid);
if (!$page) {
register_error(elgg_echo('noaccess'));
- forward();
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward('');
}
elgg_set_page_owner_guid($page->getContainerGUID());
diff --git a/mod/pages/start.php b/mod/pages/start.php
index 834e98870..6b0ad38b0 100644
--- a/mod/pages/start.php
+++ b/mod/pages/start.php
@@ -30,7 +30,6 @@ function pages_init() {
// Register some actions
$action_base = elgg_get_plugins_path() . 'pages/actions/pages';
elgg_register_action("pages/edit", "$action_base/edit.php");
- elgg_register_action("pages/editwelcome", "$action_base/editwelcome.php");
elgg_register_action("pages/delete", "$action_base/delete.php");
// Extend the main css view
@@ -106,10 +105,6 @@ function pages_page_handler($page) {
elgg_load_library('elgg:pages');
- // add the jquery treeview files for navigation
- elgg_load_js('jquery-treeview');
- elgg_load_css('jquery-treeview');
-
if (!isset($page[0])) {
$page[0] = 'all';
}
diff --git a/mod/pages/views/default/pages/sidebar/navigation.php b/mod/pages/views/default/pages/sidebar/navigation.php
index fe017b1a7..65eb500c8 100644
--- a/mod/pages/views/default/pages/sidebar/navigation.php
+++ b/mod/pages/views/default/pages/sidebar/navigation.php
@@ -5,6 +5,11 @@
* @uses $vars['page'] Page object if manually setting selected item
*/
+// add the jquery treeview files for navigation
+elgg_load_js('jquery-treeview');
+elgg_load_css('jquery-treeview');
+
+
$selected_page = elgg_extract('page', $vars, false);
if ($selected_page) {
$url = $selected_page->getURL();
@@ -51,4 +56,3 @@ if ($selected_page) {
});
</script>
-
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index 6c3148f2b..c4439f78c 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -11,6 +11,12 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
global $CONFIG;
+// won't be able to serve anything if no joindate or guid
+if (!isset($_GET['joindate']) || !isset($_GET['guid'])) {
+ header("HTTP/1.1 404 Not Found");
+ exit;
+}
+
$join_date = (int)$_GET['joindate'];
$last_cache = (int)$_GET['lastcache']; // icontime
$guid = (int)$_GET['guid'];
diff --git a/mod/reportedcontent/views/default/widgets/reportedcontent/content.php b/mod/reportedcontent/views/default/widgets/reportedcontent/content.php
index 4f8906ef2..4c6595653 100644
--- a/mod/reportedcontent/views/default/widgets/reportedcontent/content.php
+++ b/mod/reportedcontent/views/default/widgets/reportedcontent/content.php
@@ -7,6 +7,7 @@ $list = elgg_list_entities(array(
'types' => 'object',
'subtypes' => 'reported_content',
'limit' => $vars['entity']->num_display,
+ 'pagination' => false,
));
if (!$list) {
$list = '<p class="mtm">' . elgg_echo('reportedcontent:none') . '</p>';
diff --git a/mod/thewire/actions/delete.php b/mod/thewire/actions/delete.php
index 58502a7e7..38355d25e 100644
--- a/mod/thewire/actions/delete.php
+++ b/mod/thewire/actions/delete.php
@@ -24,7 +24,7 @@ if ($thewire->getSubtype() == "thewire" && $thewire->canEdit()) {
}
// Get owning user
- $owner = get_entity($thewire->getOwner());
+ $owner = get_entity($thewire->getOwnerGUID());
// Delete it
$rowsaffected = $thewire->delete();
diff --git a/mod/thewire/pages/thewire/view.php b/mod/thewire/pages/thewire/view.php
index 1818e725a..1709e5e9a 100644
--- a/mod/thewire/pages/thewire/view.php
+++ b/mod/thewire/pages/thewire/view.php
@@ -6,6 +6,7 @@
$post = get_entity(get_input('guid'));
if (!$post) {
register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
forward('');
}
$owner = $post->getOwnerEntity();
diff --git a/mod/thewire/start.php b/mod/thewire/start.php
index 8e3b5224a..1ba48263a 100644
--- a/mod/thewire/start.php
+++ b/mod/thewire/start.php
@@ -37,7 +37,7 @@ function thewire_init() {
elgg_register_plugin_hook_handler('register', 'menu:entity', 'thewire_setup_entity_menu_items');
// Extend system CSS with our own styles, which are defined in the thewire/css view
- elgg_extend_view('css', 'thewire/css');
+ elgg_extend_view('css/elgg', 'thewire/css');
//extend views
elgg_extend_view('activity/thewire', 'thewire/activity_view');
@@ -110,6 +110,7 @@ function thewire_page_handler($page) {
set_input('guid', $page[1]);
}
include "$base_dir/view.php";
+ break;
case "thread":
if (isset($page[1])) {
diff --git a/mod/tinymce/README.txt b/mod/tinymce/README.txt
new file mode 100644
index 000000000..2814e9390
--- /dev/null
+++ b/mod/tinymce/README.txt
@@ -0,0 +1,10 @@
+Adding a language
+======================
+1. Download the language pack from [TinyMCE][1]
+2. Extract the files from the zip file.
+3. Copy the langs, plugins, and themes directories into mod/tinymce/vendor/tinymce/jscripts/tiny_mce/.
+There are already directories with those names. You do not want to delete those directories.
+Instead, copy the new directories on top of the old ones.
+4. Flush the Elgg caches.
+
+[1]: http://www.tinymce.com/i18n/index.php?ctrl=lang&act=download "TinyMCE"
diff --git a/mod/tinymce/activate.php b/mod/tinymce/activate.php
new file mode 100644
index 000000000..6f5cc8d50
--- /dev/null
+++ b/mod/tinymce/activate.php
@@ -0,0 +1,14 @@
+<?php
+/**
+ * Prompt the user to install a tinymce language after activating
+ */
+
+if (elgg_get_config('language') != tinymce_get_site_language()) {
+ $message = elgg_echo('tinymce:lang_notice', array(
+ elgg_echo(elgg_get_config('language')),
+ "http://www.tinymce.com/i18n/index.php?ctrl=lang&act=download",
+ elgg_get_plugins_path() . "tinymce/vendor/tinymce/jscripts/tiny_mce/",
+ elgg_add_action_tokens_to_url(elgg_normalize_url('action/admin/site/flush_cache')),
+ ));
+ elgg_add_admin_notice('tinymce_admin_notice_no_lang', $message);
+}
diff --git a/mod/tinymce/languages/en.php b/mod/tinymce/languages/en.php
index 811e93492..b2702549c 100644
--- a/mod/tinymce/languages/en.php
+++ b/mod/tinymce/languages/en.php
@@ -9,6 +9,7 @@ $english = array(
'tinymce:remove' => "Remove editor",
'tinymce:add' => "Add editor",
'tinymce:word_count' => 'Word count: ',
+ 'tinymce:lang_notice' => "Your site language is %s but it isn't installed for TinyMCE. Get it <a target=\"_blank\" href=\"%s\">here</a> and copy it to %s. Then, <a href=\"%s\">flush the caches</a>. See the TinyMCE README for more details.",
);
-add_translation("en", $english); \ No newline at end of file
+add_translation("en", $english);
diff --git a/mod/tinymce/start.php b/mod/tinymce/start.php
index 48625f456..6aba837e0 100644
--- a/mod/tinymce/start.php
+++ b/mod/tinymce/start.php
@@ -33,3 +33,15 @@ function tinymce_longtext_menu($hook, $type, $items, $vars) {
return $items;
}
+
+function tinymce_get_site_language() {
+
+ if ($site_language = elgg_get_config('language')) {
+ $path = elgg_get_plugins_path() . "tinymce/vendor/tinymce/jscripts/tiny_mce/langs";
+ if (file_exists("$path/$site_language.js")) {
+ return $site_language;
+ }
+ }
+
+ return 'en';
+}
diff --git a/mod/tinymce/views/default/js/tinymce.php b/mod/tinymce/views/default/js/tinymce.php
index e6e2865a5..51e99c223 100644
--- a/mod/tinymce/views/default/js/tinymce.php
+++ b/mod/tinymce/views/default/js/tinymce.php
@@ -38,6 +38,7 @@ elgg.tinymce.init = function() {
mode : "specific_textareas",
editor_selector : "elgg-input-longtext",
theme : "advanced",
+ language : "<?php echo tinymce_get_site_language(); ?>",
plugins : "lists,spellchecker,autosave,fullscreen,paste",
relative_urls : false,
remove_script_host : false,
@@ -86,4 +87,4 @@ elgg.tinymce.init = function() {
}
}
-elgg.register_hook_handler('init', 'system', elgg.tinymce.init); \ No newline at end of file
+elgg.register_hook_handler('init', 'system', elgg.tinymce.init);
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-26 01:40:24 +0000