From 7049fe4bc099086f3425d536be5d3e6d7dc80203 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Tue, 19 May 2009 19:23:38 +0000 Subject: [PATCH] - implemented htmlpurifier also for sitemgr (only non site-admins) and knowledgebase - html::fckEditor() has optional parameter to NOT use htmlpurifier --- etemplate/inc/class.etemplate.inc.php | 5 ++--- phpgwapi/inc/class.html.inc.php | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/etemplate/inc/class.etemplate.inc.php b/etemplate/inc/class.etemplate.inc.php index 477ba5109d..76de20eb31 100644 --- a/etemplate/inc/class.etemplate.inc.php +++ b/etemplate/inc/class.etemplate.inc.php @@ -1157,8 +1157,6 @@ class etemplate extends boetemplate { $value = nl2br(html::htmlspecialchars($value)); } - $value = html::purify($value); - if (!$readonly) { $mode = $mode ? $mode : 'simple'; @@ -1167,6 +1165,7 @@ class etemplate extends boetemplate $fckoptions = array( 'toolbar_expanded' => $toolbar, ); + // html::fckEditor runs everything through html::purify $html .= html::fckEditor($form_name,$value,$mode,$fckoptions,$height,$width,$baseref); self::$request->set_to_process($form_name,$cell['type'],array( @@ -1175,7 +1174,7 @@ class etemplate extends boetemplate } else { - $html .= html::div(html::activate_links($value),'style="overflow: auto; width='. $width. '; height='. $height. '"'); + $html .= html::div(html::purify(html::activate_links($value)),'style="overflow: auto; width='. $width. '; height='. $height. '"'); } break; case 'checkbox': diff --git a/phpgwapi/inc/class.html.inc.php b/phpgwapi/inc/class.html.inc.php index 4c319e58fa..91cf826732 100644 --- a/phpgwapi/inc/class.html.inc.php +++ b/phpgwapi/inc/class.html.inc.php @@ -460,15 +460,20 @@ class html * @param array $_options (toolbar_expanded true/false) * @param string $_height='400px' * @param string $_width='100%' - * @param string $base_href='' if passed activates the browser for image at absolute path passed + * @param string $_base_href='' if passed activates the browser for image at absolute path passed + * @param boolean $_purify=true run $_content through htmlpurifier before handing it to fckEditor * @return string the necessary html for the textarea */ - static function fckEditor($_name, $_content, $_mode, $_options=array('toolbar_expanded' =>'true'), $_height='400px', $_width='100%',$_base_href='') + static function fckEditor($_name, $_content, $_mode, $_options=array('toolbar_expanded' =>'true'), + $_height='400px', $_width='100%',$_base_href='',$_purify=true) { if (!self::htmlarea_availible() || $_mode == 'ascii') { return self::textarea($_name,$_content,'style="width: '.$_width.'; height: '.$_height.';"'); } + // run content through htmlpurifier + if ($_purify && !empty($_content)) $_content = self::purify($_content); + include_once(EGW_INCLUDE_ROOT."/phpgwapi/js/fckeditor/fckeditor.php"); $oFCKeditor = new FCKeditor($_name) ; @@ -969,7 +974,7 @@ class html { $url = "/index.php?menuaction=$url"; } - if ($url{0} == '/') // link relative to eGW + if ($url[0] == '/') // link relative to eGW { $url = self::link($url,$vars); } @@ -1185,7 +1190,7 @@ class html } } // evtl. remove leading delimiter - if ($_selected{0} == $delimiter) $_selected = substr($_selected,1); + if ($_selected[0] == $delimiter) $_selected = substr($_selected,1); foreach($_folders as $path => $data) { if (!is_array($data)) @@ -1198,7 +1203,7 @@ class html $image1 = $image2 = $image3 = "'".$data['image']."'"; } // evtl. remove leading delimiter - if ($path{0} == $delimiter) $path = substr($path,1); + if ($path[0] == $delimiter) $path = substr($path,1); $folderParts = explode($delimiter,$path); //get rightmost folderpart @@ -1255,6 +1260,8 @@ class html { static $purifier; + if (empty($html)) return $html; // no need to process further + if (is_null($purifier) || !is_null($config)) { // add htmlpurifiers library to include_path