extend some debug infos in egw_sessions; add a 4th param to replaceTagsCompletley in translation class; prepare some more htmlpurifier stuff in order to use it for the activation of links; wrap the creation of the htmlpurifier default config in a function, to be used as config object for changes when about to be used with html::purify

2024-11-23 00:13:35 +01:00 · 2009-12-02 14:56:41 +00:00 · 2009-12-02 14:56:41 +00:00 · 493789cec5
commit 493789cec5
parent 8d3d3c8a6d
3 changed files with 132 additions and 9 deletions
--- a/phpgwapi/inc/class.egw_session.inc.php
+++ b/phpgwapi/inc/class.egw_session.inc.php
@ -749,7 +749,7 @@ class egw_session
 		{
 			$sessionid = false;
 		}
-		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.print_r($sessionid,true));
+		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.array2string($sessionid).' called from:'.function_backtrace());
 		return $sessionid;
 	}

@ -1194,9 +1194,10 @@ class egw_session
 		{
 			self::set_cookiedomain();
 		}
-		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,self::$cookie_domain)");
+		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,".self::$cookie_domain.")");

-		setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain);
+		$rv = setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain);
+		//error_log(__METHOD__." $cookiename->$cookievalue".' returned:'.print_r($rv,true).print_r($_COOKIE,true));
 	}

 	/**
@ -1421,7 +1422,7 @@ class egw_session
 		{
 			self::$session_handler = $GLOBALS['egw_info']['server']['session_handler'];
 		}
-		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler']);
+		if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler'].' called from:'.function_backtrace());

 		if (method_exists(self::$session_handler,'init_session_handler'))
 		{
--- a/phpgwapi/inc/class.html.inc.php
+++ b/phpgwapi/inc/class.html.inc.php
@ -169,6 +169,97 @@ class html
 		return preg_replace( $Expr, "<a href=\"http://$0\" target=\"_blank\">$0</a>", $result );
 	}

+	/**
+	 * activates URLs in a text, URLs get replaced by html-links using htmlpurify
+	 *
+	 * @param string $content text containing URLs
+	 * @return string html with activated links
+	 */
+	static function activateLinks($content)
+	{
+		if (!$content || strlen($content) < 20) return $content;	// performance
+
+		// spamsaver emailaddress
+		$result = preg_replace('/'.$NotAnchor.'mailto:([a-z0-9._-]+)@([a-z0-9_-]+)\.([a-z0-9._-]+)/i',
+			'<a href="#" onclick="document.location=\'mai\'+\'lto:\\1\'+unescape(\'%40\')+\'\\2.\\3\'; return false;">\\1 AT \\2 DOT \\3</a>',
+			$content);
+
+		$config = self::purifyCreateDefaultConfig();
+		$config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8'));
+		// maybe the two following lines are useful for caching???
+		$config->set('HTML.DefinitionID', 'activatelinks');
+		$config->set('HTML.DefinitionRev', 1);
+		// doctype and tidylevel
+			$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
+		$config->set('HTML.TidyLevel', 'light');
+		// EnableID is needed for anchor tags
+		$config->set('Attr.EnableID',true);
+		// actual allowed tags and attributes
+		$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
+		$config->set('AutoFormat.RemoveEmpty', true);
+		$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'.
+					'font[size|color],'.
+					'ul[type],ol[type|start],li,'.
+					'h1,h2,h3,'.
+					'span[class|style],'.
+					'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'.
+					'tbody,thead,tfoot,colgroup,'.
+					'col[width|span],'.
+					'blockquote[class|cite|dir],'.
+					'tr[class|style|align|bgcolor|align|valign],'.
+					'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
+					'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
+					'a[href|target|name|title],'.
+					'img[src|alt|title]');
+		$config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify');
+		$config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir()));
+		$config->set('AutoFormat.Linkify',true);
+		return self::purify($result,$config);
+	}
+
+	/**
+	 * deactivates URLs in a text, URLs get replaced by html-links using htmlpurify
+	 *
+	 * @param string $content text containing URLs
+	 * @return string html with activated links
+	 */
+	static function deactivateLinks($_html)
+	{
+		$config = self::purifyCreateDefaultConfig();
+		$config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8'));
+		// maybe the two following lines are useful for caching???
+		$config->set('HTML.DefinitionID', 'deactivatelinks');
+		$config->set('HTML.DefinitionRev', 1);
+		// doctype and tidylevel
+			$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
+		$config->set('HTML.TidyLevel', 'light');
+		// EnableID is needed for anchor tags
+		$config->set('Attr.EnableID',true);
+		// actual allowed tags and attributes
+		$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
+		$config->set('AutoFormat.RemoveEmpty', true);
+		$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'.
+					'font[size|color],'.
+					'ul[type],ol[type|start],li,'.
+					'h1,h2,h3,'.
+					'span[class|style],'.
+					'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'.
+					'tbody,thead,tfoot,colgroup,'.
+					'col[width|span],'.
+					'blockquote[class|cite|dir],'.
+					'tr[class|style|align|bgcolor|align|valign],'.
+					'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
+					'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
+					'a[href|target|name|title],'.
+					'img[src|alt|title]');
+		$config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify');
+		$config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir()));
+
+		$config->set('AutoFormat.DisplayLinkURI',true);
+		$_html = self::purify($_html,$config);
+		return $_html;
+	}
+
 	/**
 	 * escapes chars with special meaning in html as entities
 	 *
@ -1262,6 +1353,24 @@ class html
 		return $html;
 	}

+	/**
+	 * creates the HTMLPurifier default config
+	 *
+	 * @return HTMLPurifier_Config object
+	 */
+	static function purifyCreateDefaultConfig()
+	{
+		// add htmlpurifiers library to include_path
+		require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.path.php');
+		// include most of the required files, for best performance with bytecode caches
+		require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.includes.php');
+		// installs an autoloader for other files
+		require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.autoload.php');
+		// testcase to test the processing of purify
+		//$html = "<h1 onclick=\"alert('hallo');\"> h1 </h1>".$html;
+		return HTMLPurifier_Config::createDefault();
+	}
+
 	/**
 	 * Runs HTMLPurifier over supplied html to remove malicious code
 	 *
--- a/phpgwapi/inc/class.translation.inc.php
+++ b/phpgwapi/inc/class.translation.inc.php
@ -1049,11 +1049,13 @@ class translation
 	 * strip tags out of the message completely with their content
 	 * @param string $_body is the text to be processed
 	 * @param string $tag is the tagname which is to be removed. Note, that only the name of the tag is to be passed to the function
-	 *            without the enclosing brackets
+	 *				without the enclosing brackets
 	 * @param string $endtag can be different from tag  but should be used only, if begin and endtag are known to be different e.g.: <!-- -->
+	 * @param bool $addbbracesforendtag if endtag is given, you may decide if the </ and > braces are to be added, 
+	 *				or if you want the string to be matched as is
 	 * @return void the modified text is passed via reference
 	 */
-	static function replaceTagsCompletley(&$_body,$tag,$endtag='')
+	static function replaceTagsCompletley(&$_body,$tag,$endtag='',$addbracesforendtag=true)
 	{
 		if ($tag) $tag = strtolower($tag);
 		if ($endtag == '' || empty($endtag) || !isset($endtag))
@ -1061,14 +1063,25 @@ class translation
 		        $endtag = $tag;
 		} else {
 		        $endtag = strtolower($endtag);
+				//error_log(__METHOD__.' Using EndTag:'.$endtag);
 		}
 		// strip tags out of the message completely with their content
 		$taglen=strlen($tag);
 		$endtaglen=strlen($endtag);
 		if ($_body) {
-			$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)</'.$endtag.'>~sim','',$_body);
-			// remove left over tags, unfinished ones, and so on
-			$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
+			if ($addbracesforendtag === true )
+			{
+				$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)</'.$endtag.'>~sim','',$_body);
+				// remove left over tags, unfinished ones, and so on
+				$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
+			}
+			if ($addbracesforendtag === false )
+			{
+				$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)'.$endtag.'~sim','',$_body);
+				// remove left over tags, unfinished ones, and so on
+				$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
+				$_body = preg_replace('~'.$endtag.'~','',$_body);
+			}
 		}
 	}