- implemented htmlpurifier also for sitemgr (only non site-admins) and

knowledgebase
- html::fckEditor() has optional parameter to NOT use htmlpurifier
This commit is contained in:
Ralf Becker 2009-05-19 19:23:38 +00:00
parent 8f797be836
commit 7049fe4bc0
2 changed files with 14 additions and 8 deletions

View File

@ -1157,8 +1157,6 @@ class etemplate extends boetemplate
{ {
$value = nl2br(html::htmlspecialchars($value)); $value = nl2br(html::htmlspecialchars($value));
} }
$value = html::purify($value);
if (!$readonly) if (!$readonly)
{ {
$mode = $mode ? $mode : 'simple'; $mode = $mode ? $mode : 'simple';
@ -1167,6 +1165,7 @@ class etemplate extends boetemplate
$fckoptions = array( $fckoptions = array(
'toolbar_expanded' => $toolbar, 'toolbar_expanded' => $toolbar,
); );
// html::fckEditor runs everything through html::purify
$html .= html::fckEditor($form_name,$value,$mode,$fckoptions,$height,$width,$baseref); $html .= html::fckEditor($form_name,$value,$mode,$fckoptions,$height,$width,$baseref);
self::$request->set_to_process($form_name,$cell['type'],array( self::$request->set_to_process($form_name,$cell['type'],array(
@ -1175,7 +1174,7 @@ class etemplate extends boetemplate
} }
else else
{ {
$html .= html::div(html::activate_links($value),'style="overflow: auto; width='. $width. '; height='. $height. '"'); $html .= html::div(html::purify(html::activate_links($value)),'style="overflow: auto; width='. $width. '; height='. $height. '"');
} }
break; break;
case 'checkbox': case 'checkbox':

View File

@ -460,15 +460,20 @@ class html
* @param array $_options (toolbar_expanded true/false) * @param array $_options (toolbar_expanded true/false)
* @param string $_height='400px' * @param string $_height='400px'
* @param string $_width='100%' * @param string $_width='100%'
* @param string $base_href='' if passed activates the browser for image at absolute path passed * @param string $_base_href='' if passed activates the browser for image at absolute path passed
* @param boolean $_purify=true run $_content through htmlpurifier before handing it to fckEditor
* @return string the necessary html for the textarea * @return string the necessary html for the textarea
*/ */
static function fckEditor($_name, $_content, $_mode, $_options=array('toolbar_expanded' =>'true'), $_height='400px', $_width='100%',$_base_href='') static function fckEditor($_name, $_content, $_mode, $_options=array('toolbar_expanded' =>'true'),
$_height='400px', $_width='100%',$_base_href='',$_purify=true)
{ {
if (!self::htmlarea_availible() || $_mode == 'ascii') if (!self::htmlarea_availible() || $_mode == 'ascii')
{ {
return self::textarea($_name,$_content,'style="width: '.$_width.'; height: '.$_height.';"'); return self::textarea($_name,$_content,'style="width: '.$_width.'; height: '.$_height.';"');
} }
// run content through htmlpurifier
if ($_purify && !empty($_content)) $_content = self::purify($_content);
include_once(EGW_INCLUDE_ROOT."/phpgwapi/js/fckeditor/fckeditor.php"); include_once(EGW_INCLUDE_ROOT."/phpgwapi/js/fckeditor/fckeditor.php");
$oFCKeditor = new FCKeditor($_name) ; $oFCKeditor = new FCKeditor($_name) ;
@ -969,7 +974,7 @@ class html
{ {
$url = "/index.php?menuaction=$url"; $url = "/index.php?menuaction=$url";
} }
if ($url{0} == '/') // link relative to eGW if ($url[0] == '/') // link relative to eGW
{ {
$url = self::link($url,$vars); $url = self::link($url,$vars);
} }
@ -1185,7 +1190,7 @@ class html
} }
} }
// evtl. remove leading delimiter // evtl. remove leading delimiter
if ($_selected{0} == $delimiter) $_selected = substr($_selected,1); if ($_selected[0] == $delimiter) $_selected = substr($_selected,1);
foreach($_folders as $path => $data) foreach($_folders as $path => $data)
{ {
if (!is_array($data)) if (!is_array($data))
@ -1198,7 +1203,7 @@ class html
$image1 = $image2 = $image3 = "'".$data['image']."'"; $image1 = $image2 = $image3 = "'".$data['image']."'";
} }
// evtl. remove leading delimiter // evtl. remove leading delimiter
if ($path{0} == $delimiter) $path = substr($path,1); if ($path[0] == $delimiter) $path = substr($path,1);
$folderParts = explode($delimiter,$path); $folderParts = explode($delimiter,$path);
//get rightmost folderpart //get rightmost folderpart
@ -1255,6 +1260,8 @@ class html
{ {
static $purifier; static $purifier;
if (empty($html)) return $html; // no need to process further
if (is_null($purifier) || !is_null($config)) if (is_null($purifier) || !is_null($config))
{ {
// add htmlpurifiers library to include_path // add htmlpurifiers library to include_path