extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-11-07 16:44:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix issues with new namespaces / translation class moved to new api/src location

Browse Source
This commit is contained in:
Klaus Leithoff 2016-03-17 09:29:54 +00:00
parent b60994f1f2
commit 5fc0e88b68
1 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
api/src/Html/HtmLawed.php
View File

@ -11,6 +11,8 @@
*/
namespace EGroupware\Api\Html;
use EGroupware\Api;
use translation;
require_once(__DIR__.'/htmLawed/htmLawed.php');
@ -136,7 +138,7 @@ class HtmLawed
{
//error_log(__METHOD__.__LINE__.array2string($newStyle[0]));
$style2buffer = implode('',$newStyle[0]);
// only replace what we have found, we use it here, as we use the same routine in Translation::replaceTagsCompletley
// only replace what we have found, we use it here, as we use the same routine in translation::replaceTagsCompletley
// no need to do the extra routine
$html = str_ireplace($newStyle[0],'',$html);
}
@ -149,7 +151,7 @@ class HtmLawed
if ($test=="null" && strlen($style2buffer)>0)
{
// this should not be needed, unless something fails with charset detection/ wrong charset passed
error_log(__METHOD__.__LINE__.' Found Invalid sequence for utf-8 in CSS:'.$style2buffer.' Carset Detected:'.Translation::detect_encoding($style2buffer));
error_log(__METHOD__.__LINE__.' Found Invalid sequence for utf-8 in CSS:'.$style2buffer.' Carset Detected:'.Api\Translation::detect_encoding($style2buffer));
$style2buffer = utf8_encode($style2buffer);
}
}
@ -165,15 +167,15 @@ class HtmLawed
// CSS Security
// http://code.google.com/p/browsersec/wiki/Part1#Cascading_stylesheets
$css = preg_replace('/(javascript|expession|-moz-binding)/i','',$style);
if (stripos($css,'script')!==false) Translation::replaceTagsCompletley($css,'script'); // Strip out script that may be included
if (stripos($css,'script')!==false) translation::replaceTagsCompletley($css,'script'); // Strip out script that may be included
// we need this, as styledefinitions are enclosed with curly brackets; and template stuff tries to replace everything between curly brackets that is having no horizontal whitespace
// as the comments as <!-- styledefinition --> in stylesheet are outdated, and ck-editor does not understand it, we remove it
$css_no_comment = str_replace(array(':','<!--','-->'),array(': ','',''),$css);
//error_log(__METHOD__.__LINE__.$css);
// we already removed what we have found, above, as we used pretty much the same routine as in Translation::replaceTagsCompletley
// we already removed what we have found, above, as we used pretty much the same routine as in translation::replaceTagsCompletley
// no need to do the extra routine
// TODO: we may have to strip urls and maybe comments and ifs
//if (stripos($html,'style')!==false) Translation::replaceTagsCompletley($html,'style'); // clean out empty or pagewide style definitions / left over tags
//if (stripos($html,'style')!==false) translation::replaceTagsCompletley($html,'style'); // clean out empty or pagewide style definitions / left over tags
return $css_no_comment;
}
@ -389,17 +391,21 @@ function hl_email_tag_transform($element, $attribute_array=0)
if (!isset($attribute_array['title'])) $attribute_array['title']=$attribute_array['alt'];
$attribute_array['src']=common::image('phpgwapi','dialog_error');
}
if (!$GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'])
if (!preg_match('/^cid:.*/',$attribute_array['src']))
{
if (!preg_match('/^cid:.*/',$attribute_array['src']))
if (!$GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'])
{
$attribute_array['alt']= $attribute_array['alt'].' [blocked external image:'.$attribute_array['src'].']';
if (!isset($attribute_array['title'])) $attribute_array['title']=$attribute_array['alt'];
$attribute_array['src']=common::image('mail','no-image-shown');
$attribute_array['border'] = 1;
if ($attribute_array['style'])
//the own webserver url is not external, so it should be allowed
if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src']))
{
if (stripos($attribute_array['style'],'border')!==false) $attribute_array['style'] = preg_replace('~border(:|-left:|-right:|-bottom:|-top:)+ (0px)+ (none)+;~si','',$attribute_array['style']);
$attribute_array['alt']= $attribute_array['alt'].' [blocked external image:'.$attribute_array['src'].']';
if (!isset($attribute_array['title'])) $attribute_array['title']=$attribute_array['alt'];
$attribute_array['src']=common::image('mail','no-image-shown');
$attribute_array['border'] = 1;
if ($attribute_array['style'])
{
if (stripos($attribute_array['style'],'border')!==false) $attribute_array['style'] = preg_replace('~border(:|-left:|-right:|-bottom:|-top:)+ (0px)+ (none)+;~si','',$attribute_array['style']);
}
}
}
}