forked from extern/egroupware
- implemented htmlpurifier also for sitemgr (only non site-admins) and
knowledgebase - html::fckEditor() has optional parameter to NOT use htmlpurifier
This commit is contained in:
parent
8f797be836
commit
7049fe4bc0
@ -1157,8 +1157,6 @@ class etemplate extends boetemplate
|
|||||||
{
|
{
|
||||||
$value = nl2br(html::htmlspecialchars($value));
|
$value = nl2br(html::htmlspecialchars($value));
|
||||||
}
|
}
|
||||||
$value = html::purify($value);
|
|
||||||
|
|
||||||
if (!$readonly)
|
if (!$readonly)
|
||||||
{
|
{
|
||||||
$mode = $mode ? $mode : 'simple';
|
$mode = $mode ? $mode : 'simple';
|
||||||
@ -1167,6 +1165,7 @@ class etemplate extends boetemplate
|
|||||||
$fckoptions = array(
|
$fckoptions = array(
|
||||||
'toolbar_expanded' => $toolbar,
|
'toolbar_expanded' => $toolbar,
|
||||||
);
|
);
|
||||||
|
// html::fckEditor runs everything through html::purify
|
||||||
$html .= html::fckEditor($form_name,$value,$mode,$fckoptions,$height,$width,$baseref);
|
$html .= html::fckEditor($form_name,$value,$mode,$fckoptions,$height,$width,$baseref);
|
||||||
|
|
||||||
self::$request->set_to_process($form_name,$cell['type'],array(
|
self::$request->set_to_process($form_name,$cell['type'],array(
|
||||||
@ -1175,7 +1174,7 @@ class etemplate extends boetemplate
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$html .= html::div(html::activate_links($value),'style="overflow: auto; width='. $width. '; height='. $height. '"');
|
$html .= html::div(html::purify(html::activate_links($value)),'style="overflow: auto; width='. $width. '; height='. $height. '"');
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'checkbox':
|
case 'checkbox':
|
||||||
|
@ -460,15 +460,20 @@ class html
|
|||||||
* @param array $_options (toolbar_expanded true/false)
|
* @param array $_options (toolbar_expanded true/false)
|
||||||
* @param string $_height='400px'
|
* @param string $_height='400px'
|
||||||
* @param string $_width='100%'
|
* @param string $_width='100%'
|
||||||
* @param string $base_href='' if passed activates the browser for image at absolute path passed
|
* @param string $_base_href='' if passed activates the browser for image at absolute path passed
|
||||||
|
* @param boolean $_purify=true run $_content through htmlpurifier before handing it to fckEditor
|
||||||
* @return string the necessary html for the textarea
|
* @return string the necessary html for the textarea
|
||||||
*/
|
*/
|
||||||
static function fckEditor($_name, $_content, $_mode, $_options=array('toolbar_expanded' =>'true'), $_height='400px', $_width='100%',$_base_href='')
|
static function fckEditor($_name, $_content, $_mode, $_options=array('toolbar_expanded' =>'true'),
|
||||||
|
$_height='400px', $_width='100%',$_base_href='',$_purify=true)
|
||||||
{
|
{
|
||||||
if (!self::htmlarea_availible() || $_mode == 'ascii')
|
if (!self::htmlarea_availible() || $_mode == 'ascii')
|
||||||
{
|
{
|
||||||
return self::textarea($_name,$_content,'style="width: '.$_width.'; height: '.$_height.';"');
|
return self::textarea($_name,$_content,'style="width: '.$_width.'; height: '.$_height.';"');
|
||||||
}
|
}
|
||||||
|
// run content through htmlpurifier
|
||||||
|
if ($_purify && !empty($_content)) $_content = self::purify($_content);
|
||||||
|
|
||||||
include_once(EGW_INCLUDE_ROOT."/phpgwapi/js/fckeditor/fckeditor.php");
|
include_once(EGW_INCLUDE_ROOT."/phpgwapi/js/fckeditor/fckeditor.php");
|
||||||
|
|
||||||
$oFCKeditor = new FCKeditor($_name) ;
|
$oFCKeditor = new FCKeditor($_name) ;
|
||||||
@ -969,7 +974,7 @@ class html
|
|||||||
{
|
{
|
||||||
$url = "/index.php?menuaction=$url";
|
$url = "/index.php?menuaction=$url";
|
||||||
}
|
}
|
||||||
if ($url{0} == '/') // link relative to eGW
|
if ($url[0] == '/') // link relative to eGW
|
||||||
{
|
{
|
||||||
$url = self::link($url,$vars);
|
$url = self::link($url,$vars);
|
||||||
}
|
}
|
||||||
@ -1185,7 +1190,7 @@ class html
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// evtl. remove leading delimiter
|
// evtl. remove leading delimiter
|
||||||
if ($_selected{0} == $delimiter) $_selected = substr($_selected,1);
|
if ($_selected[0] == $delimiter) $_selected = substr($_selected,1);
|
||||||
foreach($_folders as $path => $data)
|
foreach($_folders as $path => $data)
|
||||||
{
|
{
|
||||||
if (!is_array($data))
|
if (!is_array($data))
|
||||||
@ -1198,7 +1203,7 @@ class html
|
|||||||
$image1 = $image2 = $image3 = "'".$data['image']."'";
|
$image1 = $image2 = $image3 = "'".$data['image']."'";
|
||||||
}
|
}
|
||||||
// evtl. remove leading delimiter
|
// evtl. remove leading delimiter
|
||||||
if ($path{0} == $delimiter) $path = substr($path,1);
|
if ($path[0] == $delimiter) $path = substr($path,1);
|
||||||
$folderParts = explode($delimiter,$path);
|
$folderParts = explode($delimiter,$path);
|
||||||
|
|
||||||
//get rightmost folderpart
|
//get rightmost folderpart
|
||||||
@ -1255,6 +1260,8 @@ class html
|
|||||||
{
|
{
|
||||||
static $purifier;
|
static $purifier;
|
||||||
|
|
||||||
|
if (empty($html)) return $html; // no need to process further
|
||||||
|
|
||||||
if (is_null($purifier) || !is_null($config))
|
if (is_null($purifier) || !is_null($config))
|
||||||
{
|
{
|
||||||
// add htmlpurifiers library to include_path
|
// add htmlpurifiers library to include_path
|
||||||
|
Loading…
Reference in New Issue
Block a user