forked from extern/egroupware
fix issues with new namespaces / translation class moved to new api/src location
This commit is contained in:
parent
b60994f1f2
commit
5fc0e88b68
@ -11,6 +11,8 @@
|
||||
*/
|
||||
|
||||
namespace EGroupware\Api\Html;
|
||||
use EGroupware\Api;
|
||||
use translation;
|
||||
|
||||
require_once(__DIR__.'/htmLawed/htmLawed.php');
|
||||
|
||||
@ -136,7 +138,7 @@ class HtmLawed
|
||||
{
|
||||
//error_log(__METHOD__.__LINE__.array2string($newStyle[0]));
|
||||
$style2buffer = implode('',$newStyle[0]);
|
||||
// only replace what we have found, we use it here, as we use the same routine in Translation::replaceTagsCompletley
|
||||
// only replace what we have found, we use it here, as we use the same routine in translation::replaceTagsCompletley
|
||||
// no need to do the extra routine
|
||||
$html = str_ireplace($newStyle[0],'',$html);
|
||||
}
|
||||
@ -149,7 +151,7 @@ class HtmLawed
|
||||
if ($test=="null" && strlen($style2buffer)>0)
|
||||
{
|
||||
// this should not be needed, unless something fails with charset detection/ wrong charset passed
|
||||
error_log(__METHOD__.__LINE__.' Found Invalid sequence for utf-8 in CSS:'.$style2buffer.' Carset Detected:'.Translation::detect_encoding($style2buffer));
|
||||
error_log(__METHOD__.__LINE__.' Found Invalid sequence for utf-8 in CSS:'.$style2buffer.' Carset Detected:'.Api\Translation::detect_encoding($style2buffer));
|
||||
$style2buffer = utf8_encode($style2buffer);
|
||||
}
|
||||
}
|
||||
@ -165,15 +167,15 @@ class HtmLawed
|
||||
// CSS Security
|
||||
// http://code.google.com/p/browsersec/wiki/Part1#Cascading_stylesheets
|
||||
$css = preg_replace('/(javascript|expession|-moz-binding)/i','',$style);
|
||||
if (stripos($css,'script')!==false) Translation::replaceTagsCompletley($css,'script'); // Strip out script that may be included
|
||||
if (stripos($css,'script')!==false) translation::replaceTagsCompletley($css,'script'); // Strip out script that may be included
|
||||
// we need this, as styledefinitions are enclosed with curly brackets; and template stuff tries to replace everything between curly brackets that is having no horizontal whitespace
|
||||
// as the comments as <!-- styledefinition --> in stylesheet are outdated, and ck-editor does not understand it, we remove it
|
||||
$css_no_comment = str_replace(array(':','<!--','-->'),array(': ','',''),$css);
|
||||
//error_log(__METHOD__.__LINE__.$css);
|
||||
// we already removed what we have found, above, as we used pretty much the same routine as in Translation::replaceTagsCompletley
|
||||
// we already removed what we have found, above, as we used pretty much the same routine as in translation::replaceTagsCompletley
|
||||
// no need to do the extra routine
|
||||
// TODO: we may have to strip urls and maybe comments and ifs
|
||||
//if (stripos($html,'style')!==false) Translation::replaceTagsCompletley($html,'style'); // clean out empty or pagewide style definitions / left over tags
|
||||
//if (stripos($html,'style')!==false) translation::replaceTagsCompletley($html,'style'); // clean out empty or pagewide style definitions / left over tags
|
||||
return $css_no_comment;
|
||||
}
|
||||
|
||||
@ -389,17 +391,21 @@ function hl_email_tag_transform($element, $attribute_array=0)
|
||||
if (!isset($attribute_array['title'])) $attribute_array['title']=$attribute_array['alt'];
|
||||
$attribute_array['src']=common::image('phpgwapi','dialog_error');
|
||||
}
|
||||
if (!$GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'])
|
||||
if (!preg_match('/^cid:.*/',$attribute_array['src']))
|
||||
{
|
||||
if (!preg_match('/^cid:.*/',$attribute_array['src']))
|
||||
if (!$GLOBALS['egw_info']['user']['preferences']['mail']['allowExternalIMGs'])
|
||||
{
|
||||
$attribute_array['alt']= $attribute_array['alt'].' [blocked external image:'.$attribute_array['src'].']';
|
||||
if (!isset($attribute_array['title'])) $attribute_array['title']=$attribute_array['alt'];
|
||||
$attribute_array['src']=common::image('mail','no-image-shown');
|
||||
$attribute_array['border'] = 1;
|
||||
if ($attribute_array['style'])
|
||||
//the own webserver url is not external, so it should be allowed
|
||||
if (empty($GLOBALS['egw_info']['server']['webserver_url'])||!preg_match("$^".$GLOBALS['egw_info']['server']['webserver_url'].".*$",$attribute_array['src']))
|
||||
{
|
||||
if (stripos($attribute_array['style'],'border')!==false) $attribute_array['style'] = preg_replace('~border(:|-left:|-right:|-bottom:|-top:)+ (0px)+ (none)+;~si','',$attribute_array['style']);
|
||||
$attribute_array['alt']= $attribute_array['alt'].' [blocked external image:'.$attribute_array['src'].']';
|
||||
if (!isset($attribute_array['title'])) $attribute_array['title']=$attribute_array['alt'];
|
||||
$attribute_array['src']=common::image('mail','no-image-shown');
|
||||
$attribute_array['border'] = 1;
|
||||
if ($attribute_array['style'])
|
||||
{
|
||||
if (stripos($attribute_array['style'],'border')!==false) $attribute_array['style'] = preg_replace('~border(:|-left:|-right:|-bottom:|-top:)+ (0px)+ (none)+;~si','',$attribute_array['style']);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user