forked from extern/egroupware
extend some debug infos in egw_sessions; add a 4th param to replaceTagsCompletley in translation class; prepare some more htmlpurifier stuff in order to use it for the activation of links; wrap the creation of the htmlpurifier default config in a function, to be used as config object for changes when about to be used with html::purify
This commit is contained in:
parent
8d3d3c8a6d
commit
493789cec5
@ -749,7 +749,7 @@ class egw_session
|
||||
{
|
||||
$sessionid = false;
|
||||
}
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.print_r($sessionid,true));
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() returning '.array2string($sessionid).' called from:'.function_backtrace());
|
||||
return $sessionid;
|
||||
}
|
||||
|
||||
@ -1194,9 +1194,10 @@ class egw_session
|
||||
{
|
||||
self::set_cookiedomain();
|
||||
}
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,self::$cookie_domain)");
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__."($cookiename,$cookievalue,$cookietime,$cookiepath,".self::$cookie_domain.")");
|
||||
|
||||
setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain);
|
||||
$rv = setcookie($cookiename,$cookievalue,$cookietime,is_null($cookiepath) ? self::$cookie_path : $cookiepath,self::$cookie_domain);
|
||||
//error_log(__METHOD__." $cookiename->$cookievalue".' returned:'.print_r($rv,true).print_r($_COOKIE,true));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -1421,7 +1422,7 @@ class egw_session
|
||||
{
|
||||
self::$session_handler = $GLOBALS['egw_info']['server']['session_handler'];
|
||||
}
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler']);
|
||||
if (self::ERROR_LOG_DEBUG) error_log(__METHOD__.'() session_handler='.self::$session_handler.', egw_info[server][session_handler]='.$GLOBALS['egw_info']['server']['session_handler'].' called from:'.function_backtrace());
|
||||
|
||||
if (method_exists(self::$session_handler,'init_session_handler'))
|
||||
{
|
||||
|
@ -169,6 +169,97 @@ class html
|
||||
return preg_replace( $Expr, "<a href=\"http://$0\" target=\"_blank\">$0</a>", $result );
|
||||
}
|
||||
|
||||
/**
|
||||
* activates URLs in a text, URLs get replaced by html-links using htmlpurify
|
||||
*
|
||||
* @param string $content text containing URLs
|
||||
* @return string html with activated links
|
||||
*/
|
||||
static function activateLinks($content)
|
||||
{
|
||||
if (!$content || strlen($content) < 20) return $content; // performance
|
||||
|
||||
// spamsaver emailaddress
|
||||
$result = preg_replace('/'.$NotAnchor.'mailto:([a-z0-9._-]+)@([a-z0-9_-]+)\.([a-z0-9._-]+)/i',
|
||||
'<a href="#" onclick="document.location=\'mai\'+\'lto:\\1\'+unescape(\'%40\')+\'\\2.\\3\'; return false;">\\1 AT \\2 DOT \\3</a>',
|
||||
$content);
|
||||
|
||||
$config = self::purifyCreateDefaultConfig();
|
||||
$config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8'));
|
||||
// maybe the two following lines are useful for caching???
|
||||
$config->set('HTML.DefinitionID', 'activatelinks');
|
||||
$config->set('HTML.DefinitionRev', 1);
|
||||
// doctype and tidylevel
|
||||
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
|
||||
$config->set('HTML.TidyLevel', 'light');
|
||||
// EnableID is needed for anchor tags
|
||||
$config->set('Attr.EnableID',true);
|
||||
// actual allowed tags and attributes
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
|
||||
$config->set('AutoFormat.RemoveEmpty', true);
|
||||
$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'.
|
||||
'font[size|color],'.
|
||||
'ul[type],ol[type|start],li,'.
|
||||
'h1,h2,h3,'.
|
||||
'span[class|style],'.
|
||||
'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'.
|
||||
'tbody,thead,tfoot,colgroup,'.
|
||||
'col[width|span],'.
|
||||
'blockquote[class|cite|dir],'.
|
||||
'tr[class|style|align|bgcolor|align|valign],'.
|
||||
'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
|
||||
'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
|
||||
'a[href|target|name|title],'.
|
||||
'img[src|alt|title]');
|
||||
$config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify');
|
||||
$config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir()));
|
||||
$config->set('AutoFormat.Linkify',true);
|
||||
return self::purify($result,$config);
|
||||
}
|
||||
|
||||
/**
|
||||
* deactivates URLs in a text, URLs get replaced by html-links using htmlpurify
|
||||
*
|
||||
* @param string $content text containing URLs
|
||||
* @return string html with activated links
|
||||
*/
|
||||
static function deactivateLinks($_html)
|
||||
{
|
||||
$config = self::purifyCreateDefaultConfig();
|
||||
$config->set('Core.Encoding', (self::$charset?self::$charset:'UTF-8'));
|
||||
// maybe the two following lines are useful for caching???
|
||||
$config->set('HTML.DefinitionID', 'deactivatelinks');
|
||||
$config->set('HTML.DefinitionRev', 1);
|
||||
// doctype and tidylevel
|
||||
$config->set('HTML.Doctype', 'XHTML 1.0 Transitional');
|
||||
$config->set('HTML.TidyLevel', 'light');
|
||||
// EnableID is needed for anchor tags
|
||||
$config->set('Attr.EnableID',true);
|
||||
// actual allowed tags and attributes
|
||||
$config->set('URI.AllowedSchemes', array('http'=>true, 'https'=>true, 'ftp'=>true, 'file'=>true, 'cid'=>true));
|
||||
$config->set('AutoFormat.RemoveEmpty', true);
|
||||
$config->set('HTML.Allowed', 'br,p[align],b,i,u,s,em,pre,tt,strong,strike,center,div[align],hr[class|style],'.
|
||||
'font[size|color],'.
|
||||
'ul[type],ol[type|start],li,'.
|
||||
'h1,h2,h3,'.
|
||||
'span[class|style],'.
|
||||
'table[class|border|cellpadding|cellspacing|width|style|align|bgcolor|align],'.
|
||||
'tbody,thead,tfoot,colgroup,'.
|
||||
'col[width|span],'.
|
||||
'blockquote[class|cite|dir],'.
|
||||
'tr[class|style|align|bgcolor|align|valign],'.
|
||||
'td[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
|
||||
'th[class|colspan|rowspan|width|style|align|bgcolor|align|valign|nowrap],'.
|
||||
'a[href|target|name|title],'.
|
||||
'img[src|alt|title]');
|
||||
$config->set('Attr.DefaultInvalidImage', 'Image removed by htmlpurify');
|
||||
$config->set('Cache.SerializerPath', ($GLOBALS['egw_info']['server']['temp_dir']?$GLOBALS['egw_info']['server']['temp_dir']:sys_get_temp_dir()));
|
||||
|
||||
$config->set('AutoFormat.DisplayLinkURI',true);
|
||||
$_html = self::purify($_html,$config);
|
||||
return $_html;
|
||||
}
|
||||
|
||||
/**
|
||||
* escapes chars with special meaning in html as entities
|
||||
*
|
||||
@ -1262,6 +1353,24 @@ class html
|
||||
return $html;
|
||||
}
|
||||
|
||||
/**
|
||||
* creates the HTMLPurifier default config
|
||||
*
|
||||
* @return HTMLPurifier_Config object
|
||||
*/
|
||||
static function purifyCreateDefaultConfig()
|
||||
{
|
||||
// add htmlpurifiers library to include_path
|
||||
require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.path.php');
|
||||
// include most of the required files, for best performance with bytecode caches
|
||||
require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.includes.php');
|
||||
// installs an autoloader for other files
|
||||
require_once(EGW_API_INC.'/htmlpurifier/library/HTMLPurifier.autoload.php');
|
||||
// testcase to test the processing of purify
|
||||
//$html = "<h1 onclick=\"alert('hallo');\"> h1 </h1>".$html;
|
||||
return HTMLPurifier_Config::createDefault();
|
||||
}
|
||||
|
||||
/**
|
||||
* Runs HTMLPurifier over supplied html to remove malicious code
|
||||
*
|
||||
|
@ -1049,11 +1049,13 @@ class translation
|
||||
* strip tags out of the message completely with their content
|
||||
* @param string $_body is the text to be processed
|
||||
* @param string $tag is the tagname which is to be removed. Note, that only the name of the tag is to be passed to the function
|
||||
* without the enclosing brackets
|
||||
* without the enclosing brackets
|
||||
* @param string $endtag can be different from tag but should be used only, if begin and endtag are known to be different e.g.: <!-- -->
|
||||
* @param bool $addbbracesforendtag if endtag is given, you may decide if the </ and > braces are to be added,
|
||||
* or if you want the string to be matched as is
|
||||
* @return void the modified text is passed via reference
|
||||
*/
|
||||
static function replaceTagsCompletley(&$_body,$tag,$endtag='')
|
||||
static function replaceTagsCompletley(&$_body,$tag,$endtag='',$addbracesforendtag=true)
|
||||
{
|
||||
if ($tag) $tag = strtolower($tag);
|
||||
if ($endtag == '' || empty($endtag) || !isset($endtag))
|
||||
@ -1061,14 +1063,25 @@ class translation
|
||||
$endtag = $tag;
|
||||
} else {
|
||||
$endtag = strtolower($endtag);
|
||||
//error_log(__METHOD__.' Using EndTag:'.$endtag);
|
||||
}
|
||||
// strip tags out of the message completely with their content
|
||||
$taglen=strlen($tag);
|
||||
$endtaglen=strlen($endtag);
|
||||
if ($_body) {
|
||||
$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)</'.$endtag.'>~sim','',$_body);
|
||||
// remove left over tags, unfinished ones, and so on
|
||||
$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
|
||||
if ($addbracesforendtag === true )
|
||||
{
|
||||
$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)</'.$endtag.'>~sim','',$_body);
|
||||
// remove left over tags, unfinished ones, and so on
|
||||
$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
|
||||
}
|
||||
if ($addbracesforendtag === false )
|
||||
{
|
||||
$_body = preg_replace('~<'.$tag.'[^>]*?>(.*)'.$endtag.'~sim','',$_body);
|
||||
// remove left over tags, unfinished ones, and so on
|
||||
$_body = preg_replace('~<'.$tag.'[^>]*?>~si','',$_body);
|
||||
$_body = preg_replace('~'.$endtag.'~','',$_body);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user