From 544aaf2076330fe7121feec351036ac9911d3df9 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Sun, 1 Mar 2009 15:42:33 +0000
Subject: Closes #828: Quite correct - rather tired - arrays are individually
 trimmed - non-arrays are not. Closes #714: Input filtering now triggers on a
 plugin hook, this allows plugins to provide other filtering methods than kses
 (Refs #561).

git-svn-id: https://code.elgg.org/elgg/trunk@3009 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/input.php              | 111 ++++++++++++++++++++++----------------
 views/default/output/longtext.php |   2 +-
 2 files changed, 66 insertions(+), 47 deletions(-)

diff --git a/engine/lib/input.php b/engine/lib/input.php
index 4d6d36511..bceaa1398 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -35,12 +35,8 @@
 			}
 			
 			if ($filter_result)
-			{
-				
-				global $CONFIG;
-				$var = filter_tags($var, $CONFIG->allowedtags, $CONFIG->allowedprotocols);
-			}
-				
+				$var = filter_tags($var);
+
 			return $var;
 			
 		}
@@ -65,34 +61,55 @@
 		{
 			foreach ($value as $key => $val)
 				$value[$key] = trim($val);
-		}
-		$CONFIG->input[trim($variable)] = trim($value);
+			
+			$CONFIG->input[trim($variable)] = $value;
+		}
+		else
+			$CONFIG->input[trim($variable)] = trim($value);
 			
+	}
+	
+	/**
+	 * Kses filtering of tags, called on a plugin hook
+	 *
+	 * @param mixed $var Variable to filter
+	 * @return mixed
+	 */
+	function kses_filter_tags($hook, $entity_type, $returnvalue, $params)
+	{
+		$return = $returnvalue;
+		$var = $returnvalue;
+		
+		if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
+			
+			global $CONFIG;
+			
+			$allowedtags = $CONFIG->allowedtags; 
+			$allowedprotocols = $CONFIG->allowedprotocols;
+			
+			if (!is_array($var)) {
+				$return = "";
+				$return = kses($var, $allowedtags, $allowedprotocols);
+			} else {
+				$return = array();
+				
+				foreach($var as $key => $el) {
+					$return[$key] = kses($el, $allowedtags, $allowedprotocols);
+				}
+			}
+		}
+	
+		return $return;
 	}
 	
 	/**
-	 * Filter tags from a given string
+	 * Filter tags from a given string based on registered hooks.
 	 * @param $var
 	 * @return mixed The filtered result
 	 */
-	function filter_tags($var, $allowedtags, $allowedprotocols)
+	function filter_tags($var)
 	{
-		$return = false;
-		
-		if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {
-			if (!is_array($var)) {
-				$return = "";
-				$return = kses($var, $allowedtags, $allowedprotocols);
-			} else {
-				$return = array();
-				
-				foreach($var as $key => $el) {
-					$return[$key] = kses($el, $allowedtags, $allowedprotocols);
-				}
-			}
-		}
-		
-		return $return;
+		return trigger_plugin_hook('validate', 'input', null, $var);
 	}
 	
 	/**
@@ -115,25 +132,24 @@
 	}
 	
 	
-	    /**
-        * Takes a string and turns any URLs into formatted links
-        * 
-        * @param string $text The input string
-        * @return string The output stirng with formatted links
-        **/
-        
-       function parse_urls($text) {
-       	
-       		return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i', 
-       		create_function(
-	            '$matches',
-            	'
-            		$url = $matches[1];
-            		$urltext = str_replace("/", "/<wbr />", $url);
-            		return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>";
-            	'
-        	), $text);
-        }
+    /**
+     * Takes a string and turns any URLs into formatted links
+     * 
+     * @param string $text The input string
+     * @return string The output stirng with formatted links
+     **/
+    function parse_urls($text) {
+       
+       	return preg_replace_callback('/(?<!=["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\)]+)/i', 
+       	create_function(
+            '$matches',
+            '
+            	$url = $matches[1];
+            	$urltext = str_replace("/", "/<wbr />", $url);
+            	return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>";
+            '
+        ), $text);
+    }
 	
 	function autop($pee, $br = 1) {
 		$pee = $pee . "\n"; // just to make things a little easier, pad the end
@@ -478,7 +494,10 @@
 		
 		$CONFIG->allowedprotocols = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'teamspeak', 'gopher', 'mms',
                            'color', 'callto', 'cursor', 'text-align', 'font-size', 'font-weight', 'font-style', 
-                           'border', 'margin', 'padding', 'float');
+                           'border', 'margin', 'padding', 'float');
+		
+		// For now, register the kses for processing
+		register_plugin_hook('validate', 'input', 'kses_filter_tags', 1);
 	}
 	
 	register_elgg_event_handler('init','system','input_init');
diff --git a/views/default/output/longtext.php b/views/default/output/longtext.php
index 41cbf8f7b..ef43faa69 100644
--- a/views/default/output/longtext.php
+++ b/views/default/output/longtext.php
@@ -17,5 +17,5 @@
 
 	global $CONFIG;
 
-    echo autop(parse_urls(filter_tags($vars['value'], $CONFIG->allowedtags, $CONFIG->allowedprotocols)));
+    echo autop(parse_urls(filter_tags($vars['value'])));
 ?>
\ No newline at end of file
-- 
cgit v1.2.3