extend some debug infos in egw_sessions; add a 4th param to replaceTagsCompletley in translation class; prepare some more htmlpurifier stuff in order to use it for the activation of links; wrap the creation of the htmlpurifier default config in a function, to be used as config object for changes when about to be used with html::purify

This commit is contained in:
Klaus Leithoff 2009-12-02 14:56:41 +00:00
parent 8d3d3c8a6d
commit 493789cec5
3 changed files with 132 additions and 9 deletions

View File

@ -749,7 +749,7 @@ class egw_session
{ {
$sessionid = false; $sessionid = false;
} }
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.print_r($sessionid,true)); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.array2string($sessionid).' called from:'.function_backtrace());
return $sessionid; return $sessionid;
} }
@ -1194,9 +1194,10 @@ class egw_session
{ {
self::set_cookiedomain(); self::set_cookiedomain();
} }
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,self::$cookie_domain)"); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,".self::$cookie_domain.")");
setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain); $rv = setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain);
//error_log(__METHOD__." $cookiename->$cookievalue".' returned:'.print_r($rv,true).print_r($_COOKIE,true));
} }
/** /**
@ -1421,7 +1422,7 @@ class egw_session
{ {
self::$session_handler = $GLOBALS['egw_info']['server']['session_handler']; self::$session_handler = $GLOBALS['egw_info']['server']['session_handler'];
} }
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler']); if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler'].' called from:'.function_backtrace());
if (method_exists(self::$session_handler,'init_session_handler')) if (method_exists(self::$session_handler,'init_session_handler'))
{ {

View File

@ -169,6 +169,97 @@ class html
return preg_replace( $Expr, "<a href=\"http://$0\" target=\"_blank\">$0</a>", $result ); return preg_replace( $Expr, "<a href=\"http://$0\" target=\"_blank\">$0</a>", $result );
} }
/**
* activates URLs in a text, URLs get replaced by html-links using htmlpurify
*
* @param string $content text containing URLs
* @return string html with activated links
*/
static function activateLinks($content)
{
if (!$content || strlen($content) < 20) return $content; // performance
// spamsaver emailaddress
$result = preg_replace('/'.$NotAnchor.'mailto:([a-z0-9._-]+)@([a-z0-9_-]+)\.([a-z0-9._-]+)/i',
'<a href="#" onclick="document.location=\'mai\'+\'lto:\\1\'+unescape(\'%40\')+\'\\2.\\3\'; return false;">\\1 AT \\2 DOT \\3</a>',
$content);
$config = self::purifyCreateDefaultConfig();
$config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8'));
// maybe the two following lines are useful for caching???
$config->set('HTML.DefinitionID', 'activatelinks');
$config->set('HTML.DefinitionRev', 1);
// doctype and tidylevel
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
$config->set('HTML.TidyLevel', 'light');
// EnableID is needed for anchor tags
$config->set('Attr.EnableID',true);
// actual allowed tags and attributes
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
$config->set('AutoFormat.RemoveEmpty', true);
$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'.
'font[size|color],'.
'ul[type],ol[type|start],li,'.
'h1,h2,h3,'.
'span[class|style],'.
'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'.
'tbody,thead,tfoot,colgroup,'.
'col[width|span],'.
'blockquote[class|cite|dir],'.
'tr[class|style|align|bgcolor|align|valign],'.
'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
'a[href|target|name|title],'.
'img[src|alt|title]');
$config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify');
$config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir()));
$config->set('AutoFormat.Linkify',true);
return self::purify($result,$config);
}
/**
* deactivates URLs in a text, URLs get replaced by html-links using htmlpurify
*
* @param string $content text containing URLs
* @return string html with activated links
*/
static function deactivateLinks($_html)
{
$config = self::purifyCreateDefaultConfig();
$config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8'));
// maybe the two following lines are useful for caching???
$config->set('HTML.DefinitionID', 'deactivatelinks');
$config->set('HTML.DefinitionRev', 1);
// doctype and tidylevel
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
$config->set('HTML.TidyLevel', 'light');
// EnableID is needed for anchor tags
$config->set('Attr.EnableID',true);
// actual allowed tags and attributes
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
$config->set('AutoFormat.RemoveEmpty', true);
$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'.
'font[size|color],'.
'ul[type],ol[type|start],li,'.
'h1,h2,h3,'.
'span[class|style],'.
'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'.
'tbody,thead,tfoot,colgroup,'.
'col[width|span],'.
'blockquote[class|cite|dir],'.
'tr[class|style|align|bgcolor|align|valign],'.
'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
'a[href|target|name|title],'.
'img[src|alt|title]');
$config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify');
$config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir()));
$config->set('AutoFormat.DisplayLinkURI',true);
$_html = self::purify($_html,$config);
return $_html;
}
/** /**
* escapes chars with special meaning in html as entities * escapes chars with special meaning in html as entities
* *
@ -1262,6 +1353,24 @@ class html
return $html; return $html;
} }
/**
* creates the HTMLPurifier default config
*
* @return HTMLPurifier_Config object
*/
static function purifyCreateDefaultConfig()
{
// add htmlpurifiers library to include_path
require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.path.php');
// include most of the required files, for best performance with bytecode caches
require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.includes.php');
// installs an autoloader for other files
require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.autoload.php');
// testcase to test the processing of purify
//$html = "<h1 onclick=\"alert('hallo');\"> h1 </h1>".$html;
return HTMLPurifier_Config::createDefault();
}
/** /**
* Runs HTMLPurifier over supplied html to remove malicious code * Runs HTMLPurifier over supplied html to remove malicious code
* *

View File

@ -1049,11 +1049,13 @@ class translation
* strip tags out of the message completely with their content * strip tags out of the message completely with their content
* @param string $_body is the text to be processed * @param string $_body is the text to be processed
* @param string $tag is the tagname which is to be removed. Note, that only the name of the tag is to be passed to the function * @param string $tag is the tagname which is to be removed. Note, that only the name of the tag is to be passed to the function
* without the enclosing brackets * without the enclosing brackets
* @param string $endtag can be different from tag but should be used only, if begin and endtag are known to be different e.g.: <!-- --> * @param string $endtag can be different from tag but should be used only, if begin and endtag are known to be different e.g.: <!-- -->
* @param bool $addbbracesforendtag if endtag is given, you may decide if the </ and > braces are to be added,
* or if you want the string to be matched as is
* @return void the modified text is passed via reference * @return void the modified text is passed via reference
*/ */
static function replaceTagsCompletley(&$_body,$tag,$endtag='') static function replaceTagsCompletley(&$_body,$tag,$endtag='',$addbracesforendtag=true)
{ {
if ($tag) $tag = strtolower($tag); if ($tag) $tag = strtolower($tag);
if ($endtag == '' || empty($endtag) || !isset($endtag)) if ($endtag == '' || empty($endtag) || !isset($endtag))
@ -1061,14 +1063,25 @@ class translation
$endtag = $tag; $endtag = $tag;
} else { } else {
$endtag = strtolower($endtag); $endtag = strtolower($endtag);
//error_log(__METHOD__.' Using EndTag:'.$endtag);
} }
// strip tags out of the message completely with their content // strip tags out of the message completely with their content
$taglen=strlen($tag); $taglen=strlen($tag);
$endtaglen=strlen($endtag); $endtaglen=strlen($endtag);
if ($_body) { if ($_body) {
$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)</'.$endtag.'>~sim','',$_body); if ($addbracesforendtag === true )
// remove left over tags, unfinished ones, and so on {
$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body); $_body = preg_replace('~<'.$tag.'[^>]*?>(.*)</'.$endtag.'>~sim','',$_body);
// remove left over tags, unfinished ones, and so on
$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
}
if ($addbracesforendtag === false )
{
$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)'.$endtag.'~sim','',$_body);
// remove left over tags, unfinished ones, and so on
$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
$_body = preg_replace('~'.$endtag.'~','',$_body);
}
} }
} }