From 493789cec59cc9d3e29f5545ad7ccc45f3d26b63 Mon Sep 17 00:00:00 2001 From: Klaus Leithoff Date: Wed, 2 Dec 2009 14:56:41 +0000 Subject: [PATCH] extend some debug infos in egw_sessions; add a 4th param to replaceTagsCompletley in translation class; prepare some more htmlpurifier stuff in order to use it for the activation of links; wrap the creation of the htmlpurifier default config in a function, to be used as config object for changes when about to be used with html::purify --- phpgwapi/inc/class.egw_session.inc.php | 9 +- phpgwapi/inc/class.html.inc.php | 109 +++++++++++++++++++++++++ phpgwapi/inc/class.translation.inc.php | 23 ++++-- 3 files changed, 132 insertions(+), 9 deletions(-) diff --git a/phpgwapi/inc/class.egw_session.inc.php b/phpgwapi/inc/class.egw_session.inc.php index 028b2e897f..b7eba8111a 100644 --- a/phpgwapi/inc/class.egw_session.inc.php +++ b/phpgwapi/inc/class.egw_session.inc.php @@ -749,7 +749,7 @@ class egw_session { $sessionid = false; } - if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.print_r($sessionid,true)); + if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.array2string($sessionid).' called from:'.function_backtrace()); return $sessionid; } @@ -1194,9 +1194,10 @@ class egw_session { self::set_cookiedomain(); } - if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,self::$cookie_domain)"); + if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,".self::$cookie_domain.")"); - setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain); + $rv = setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain); + //error_log(__METHOD__." $cookiename->$cookievalue".' returned:'.print_r($rv,true).print_r($_COOKIE,true)); } /** @@ -1421,7 +1422,7 @@ class egw_session { self::$session_handler = $GLOBALS['egw_info']['server']['session_handler']; } - if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler']); + if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler'].' called from:'.function_backtrace()); if (method_exists(self::$session_handler,'init_session_handler')) { diff --git a/phpgwapi/inc/class.html.inc.php b/phpgwapi/inc/class.html.inc.php index 1d80284dfc..be5d53c291 100644 --- a/phpgwapi/inc/class.html.inc.php +++ b/phpgwapi/inc/class.html.inc.php @@ -169,6 +169,97 @@ class html return preg_replace( $Expr, "$0", $result ); } + /** + * activates URLs in a text, URLs get replaced by html-links using htmlpurify + * + * @param string $content text containing URLs + * @return string html with activated links + */ + static function activateLinks($content) + { + if (!$content || strlen($content) < 20) return $content; // performance + + // spamsaver emailaddress + $result = preg_replace('/'.$NotAnchor.'mailto:([a-z0-9._-]+)@([a-z0-9_-]+)\.([a-z0-9._-]+)/i', + '\\1 AT \\2 DOT \\3', + $content); + + $config = self::purifyCreateDefaultConfig(); + $config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8')); + // maybe the two following lines are useful for caching??? + $config->set('HTML.DefinitionID', 'activatelinks'); + $config->set('HTML.DefinitionRev', 1); + // doctype and tidylevel + $config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); + $config->set('HTML.TidyLevel', 'light'); + // EnableID is needed for anchor tags + $config->set('Attr.EnableID',true); + // actual allowed tags and attributes + $config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true)); + $config->set('AutoFormat.RemoveEmpty', true); + $config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'. + 'font[size|color],'. + 'ul[type],ol[type|start],li,'. + 'h1,h2,h3,'. + 'span[class|style],'. + 'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'. + 'tbody,thead,tfoot,colgroup,'. + 'col[width|span],'. + 'blockquote[class|cite|dir],'. + 'tr[class|style|align|bgcolor|align|valign],'. + 'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'. + 'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'. + 'a[href|target|name|title],'. + 'img[src|alt|title]'); + $config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify'); + $config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir())); + $config->set('AutoFormat.Linkify',true); + return self::purify($result,$config); + } + + /** + * deactivates URLs in a text, URLs get replaced by html-links using htmlpurify + * + * @param string $content text containing URLs + * @return string html with activated links + */ + static function deactivateLinks($_html) + { + $config = self::purifyCreateDefaultConfig(); + $config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8')); + // maybe the two following lines are useful for caching??? + $config->set('HTML.DefinitionID', 'deactivatelinks'); + $config->set('HTML.DefinitionRev', 1); + // doctype and tidylevel + $config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); + $config->set('HTML.TidyLevel', 'light'); + // EnableID is needed for anchor tags + $config->set('Attr.EnableID',true); + // actual allowed tags and attributes + $config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true)); + $config->set('AutoFormat.RemoveEmpty', true); + $config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'. + 'font[size|color],'. + 'ul[type],ol[type|start],li,'. + 'h1,h2,h3,'. + 'span[class|style],'. + 'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'. + 'tbody,thead,tfoot,colgroup,'. + 'col[width|span],'. + 'blockquote[class|cite|dir],'. + 'tr[class|style|align|bgcolor|align|valign],'. + 'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'. + 'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'. + 'a[href|target|name|title],'. + 'img[src|alt|title]'); + $config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify'); + $config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir())); + + $config->set('AutoFormat.DisplayLinkURI',true); + $_html = self::purify($_html,$config); + return $_html; + } + /** * escapes chars with special meaning in html as entities * @@ -1262,6 +1353,24 @@ class html return $html; } + /** + * creates the HTMLPurifier default config + * + * @return HTMLPurifier_Config object + */ + static function purifyCreateDefaultConfig() + { + // add htmlpurifiers library to include_path + require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.path.php'); + // include most of the required files, for best performance with bytecode caches + require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.includes.php'); + // installs an autoloader for other files + require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.autoload.php'); + // testcase to test the processing of purify + //$html = "

h1

".$html; + return HTMLPurifier_Config::createDefault(); + } + /** * Runs HTMLPurifier over supplied html to remove malicious code * diff --git a/phpgwapi/inc/class.translation.inc.php b/phpgwapi/inc/class.translation.inc.php index 501229496f..c5572b6d8c 100644 --- a/phpgwapi/inc/class.translation.inc.php +++ b/phpgwapi/inc/class.translation.inc.php @@ -1049,11 +1049,13 @@ class translation * strip tags out of the message completely with their content * @param string $_body is the text to be processed * @param string $tag is the tagname which is to be removed. Note, that only the name of the tag is to be passed to the function - * without the enclosing brackets + * without the enclosing brackets * @param string $endtag can be different from tag but should be used only, if begin and endtag are known to be different e.g.: + * @param bool $addbbracesforendtag if endtag is given, you may decide if the braces are to be added, + * or if you want the string to be matched as is * @return void the modified text is passed via reference */ - static function replaceTagsCompletley(&$_body,$tag,$endtag='') + static function replaceTagsCompletley(&$_body,$tag,$endtag='',$addbracesforendtag=true) { if ($tag) $tag = strtolower($tag); if ($endtag == '' || empty($endtag) || !isset($endtag)) @@ -1061,14 +1063,25 @@ class translation $endtag = $tag; } else { $endtag = strtolower($endtag); + //error_log(__METHOD__.' Using EndTag:'.$endtag); } // strip tags out of the message completely with their content $taglen=strlen($tag); $endtaglen=strlen($endtag); if ($_body) { - $_body = preg_replace('~<'.$tag.'[^>]*?>(.*)~sim','',$_body); - // remove left over tags, unfinished ones, and so on - $_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body); + if ($addbracesforendtag === true ) + { + $_body = preg_replace('~<'.$tag.'[^>]*?>(.*)~sim','',$_body); + // remove left over tags, unfinished ones, and so on + $_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body); + } + if ($addbracesforendtag === false ) + { + $_body = preg_replace('~<'.$tag.'[^>]*?>(.*)'.$endtag.'~sim','',$_body); + // remove left over tags, unfinished ones, and so on + $_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body); + $_body = preg_replace('~'.$endtag.'~','',$_body); + } } }