Home Explore Help
Sign In
epsylon
/
Elgg-Lorea-Hydra
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0
Tree: e48014c2e0
Branches Tags
Elgg-Lorea-H...
/
mod
/
htmlawed
/
start.php

start.php 4.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. <?php
    2. 

  2. /**
    3. 

  3.  * Elgg htmLawed tag filtering.
    4. 

  4.  *
    5. 

  5.  * http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/
    6. 

  6.  *
    7. 

  7.  * @package ElgghtmLawed
    8. 

  8.  */
    9. 

  9. 

  10. 

  11. elgg_register_event_handler('init', 'system', 'htmlawed_init');
    12. 

  12. 

  13. /**
    14. 

  14.  * Initialize the htmlawed plugin
    15. 

  15.  */
    16. 

  16. function htmlawed_init() {
    17. 

  17. 	elgg_register_plugin_hook_handler('validate', 'input', 'htmlawed_filter_tags', 1);
    18. 

  18. 

  19. 	$lib = elgg_get_plugins_path() . "htmlawed/vendors/htmLawed/htmLawed.php";
    20. 

  20. 	elgg_register_library('htmlawed', $lib);
    21. 

  21. 	
    22. 

  22. 	elgg_register_plugin_hook_handler('unit_test', 'system', 'htmlawed_test');
    23. 

  23. }
    24. 

  24. 

  25. /**
    26. 

  26.  * htmLawed filtering of data
    27. 

  27.  *
    28. 

  28.  * Called on the 'validate', 'input' plugin hook
    29. 

  29.  *
    30. 

  30.  * Triggers the 'config', 'htmlawed' plugin hook so that plugins can change
    31. 

  31.  * htmlawed's configuration. For information on configuraton options, see
    32. 

  32.  * http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s2.2
    33. 

  33.  *
    34. 

  34.  * @param string $hook   Hook name
    35. 

  35.  * @param string $type   The type of hook
    36. 

  36.  * @param mixed  $result Data to filter
    37. 

  37.  * @param array  $params Not used
    38. 

  38.  * @return mixed
    39. 

  39.  */
    40. 

  40. function htmlawed_filter_tags($hook, $type, $result, $params = null) {
    41. 

  41. 	$var = $result;
    42. 

  42. 

  43. 	elgg_load_library('htmlawed');
    44. 

  44. 

  45. 	$htmlawed_config = array(
    46. 

  46. 		// seems to handle about everything we need.
    47. 

  47. 		'safe' => true,
    48. 

  48. 

  49. 		// remove comments/CDATA instead of converting to text
    50. 

  50. 		'comment' => 1,
    51. 

  51. 		'cdata' => 1,
    52. 

  52. 

  53. 		'deny_attribute' => 'class, on*',
    54. 

  54. 		'hook_tag' => 'htmlawed_tag_post_processor',
    55. 

  55. 

  56. 		'schemes' => '*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto',
    57. 

  57. 		// apparent this doesn't work.
    58. 

  58. 		// 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float'
    59. 

  59. 	);
    60. 

  60. 

  61. 	// add nofollow to all links on output
    62. 

  62. 	if (!elgg_in_context('input')) {
    63. 

  63. 		$htmlawed_config['anti_link_spam'] = array('/./', '');
    64. 

  64. 	}
    65. 

  65. 

  66. 	$htmlawed_config = elgg_trigger_plugin_hook('config', 'htmlawed', null, $htmlawed_config);
    67. 

  67. 

  68. 	if (!is_array($var)) {
    69. 

  69. 		$result = htmLawed($var, $htmlawed_config);
    70. 

  70. 	} else {
    71. 

  71. 		array_walk_recursive($var, 'htmLawedArray', $htmlawed_config);
    72. 

  72. 		$result = $var;
    73. 

  73. 	}
    74. 

  74. 

  75. 	return $result;
    76. 

  76. }
    77. 

  77. 

  78. /**
    79. 

  79.  * wrapper function for htmlawed for handling arrays
    80. 

  80.  */
    81. 

  81. function htmLawedArray(&$v, $k, $htmlawed_config) {
    82. 

  82. 	$v = htmLawed($v, $htmlawed_config);
    83. 

  83. }
    84. 

  84. 

  85. /**
    86. 

  86.  * Post processor for tags in htmlawed
    87. 

  87.  * 
    88. 

  88.  * This runs after htmlawed has filtered. It runs for each tag and filters out
    89. 

  89.  * style attributes we don't want.
    90. 

  90.  *
    91. 

  91.  * This function triggers the 'allowed_styles', 'htmlawed' plugin hook.
    92. 

  92.  *
    93. 

  93.  * @param string $element    The tag element name
    94. 

  94.  * @param array  $attributes An array of attributes
    95. 

  95.  * @return string
    96. 

  96.  */
    97. 

  97. function htmlawed_tag_post_processor($element, $attributes = false) {
    98. 

  98.     if ($attributes === false) {
    99. 

  99.         // This is a closing tag. Prevent further processing to avoid inserting a duplicate tag
    100. 

  100.         return "</${element}>";
    101. 

  101.     }
    102. 

  102. 

  103. 	// this list should be coordinated with the WYSIWYG editor used (tinymce, ckeditor, etc.)
    104. 

  104. 	$allowed_styles = array(
    105. 

  105. 		'color', 'cursor', 'text-align', 'vertical-align', 'font-size',
    106. 

  106. 		'font-weight', 'font-style', 'border', 'border-top', 'background-color',
    107. 

  107. 		'border-bottom', 'border-left', 'border-right',
    108. 

  108. 		'margin', 'margin-top', 'margin-bottom', 'margin-left',
    109. 

  109. 		'margin-right',	'padding', 'float', 'text-decoration'
    110. 

  110. 	);
    111. 

  111. 

  112. 	$params = array('tag' => $element);
    113. 

  113. 	$allowed_styles = elgg_trigger_plugin_hook('allowed_styles', 'htmlawed', $params, $allowed_styles);
    114. 

  114. 

  115. 	// must return something.
    116. 

  116. 	$string = '';
    117. 

  117. 

  118. 	foreach ($attributes as $attr => $value) {
    119. 

  119. 		if ($attr == 'style') {
    120. 

  120. 			$styles = explode(';', $value);
    121. 

  121. 

  122. 			$style_str = '';
    123. 

  123. 			foreach ($styles as $style) {
    124. 

  124. 				if (!trim($style)) {
    125. 

  125. 					continue;
    126. 

  126. 				}
    127. 

  127. 				list($style_attr, $style_value) = explode(':', trim($style));
    128. 

  128. 				$style_attr = trim($style_attr);
    129. 

  129. 				$style_value = trim($style_value);
    130. 

  130. 

  131. 				if (in_array($style_attr, $allowed_styles)) {
    132. 

  132. 					$style_str .= "$style_attr: $style_value; ";
    133. 

  133. 				}
    134. 

  134. 			}
    135. 

  135. 

  136. 			if ($style_str) {
    137. 

  137. 				$style_str = trim($style_str);
    138. 

  138. 				$string .= " style=\"$style_str\"";
    139. 

  139. 			}
    140. 

  140. 

  141. 		} else {
    142. 

  142. 			$string .= " $attr=\"$value\"";
    143. 

  143. 		}
    144. 

  144. 	}
    145. 

  145. 

  146. 	// Some WYSIWYG editors do not like tags like <p > so only add a space if needed.
    147. 

  147. 	if ($string = trim($string)) {
    148. 

  148. 		$string = " $string";
    149. 

  149. 	}
    150. 

  150. 

  151. 	$r = "<$element$string>";
    152. 

  152. 	return $r;
    153. 

  153. }
    154. 

  154. 

  155. /**
    156. 

  156.  * Runs unit tests for htmlawed
    157. 

  157.  *
    158. 

  158.  * @return array
    159. 

  159.  */
    160. 

  160. function htmlawed_test($hook, $type, $value, $params) {
    161. 

  161.     $value[] = dirname(__FILE__) . '/tests/tags.php';
    162. 

  162.     return $value;
    163. 

  163. }
    164. 

  164.