From 77d28bad7546de2ed881e9f21989bebe6c14066e Mon Sep 17 00:00:00 2001 From: Klaus Leithoff Date: Thu, 10 Oct 2013 09:23:55 +0000 Subject: [PATCH] allow to set config via json_encoded string for purify wrapper --- phpgwapi/inc/class.html.inc.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/phpgwapi/inc/class.html.inc.php b/phpgwapi/inc/class.html.inc.php index b4b43f55ea..29fa66bf1b 100644 --- a/phpgwapi/inc/class.html.inc.php +++ b/phpgwapi/inc/class.html.inc.php @@ -1363,13 +1363,23 @@ egw_LAB.wait(function() { * Runs HTMLPurifier over supplied html to remove malicious code * * @param string $html - * @param HTMLPurifier_Config $config=null + * @param array/string $config=null - config to influence the behavior of current purifying engine + * @param array/string $spec=null - spec to influence the behavior of current purifying engine + * The $spec argument can be used to disallow an otherwise legal attribute for an element, + * or to restrict the attribute's values + * @param boolean $_force=null - force the config passed to be used without merging to the default */ static function purify($html,$config=null,$spec=array(),$_force=false) { $defaultConfig = array('valid_xhtml'=>1,'safe'=>1); if (empty($html)) return $html; // no need to process further + if (!empty($config) && is_string($config)) + { + error_log(__METHOD__.__LINE__.$config); + $config = json_decode($config,true); + if (is_null($config)) error_log(__METHOD__.__LINE__." decoding of config failed; standard will be applied"); + } // User preferences $font = $GLOBALS['egw_info']['user']['preferences']['common']['rte_font'];