diff options
| author | Christian Fowler <spider@viovio.com> | 2010-04-02 19:22:02 +0000 |
|---|---|---|
| committer | Christian Fowler <spider@viovio.com> | 2010-04-02 19:22:02 +0000 |
| commit | a9859161e0e36095dced556d737131887e1e7ded (patch) | |
| tree | d8a0acc2f8382a360166db2037466614a9d9e9ca | |
| parent | e41ffdae03b2ee5a3eb22eb197ce9819244fba03 (diff) | |
| download | liberty-a9859161e0e36095dced556d737131887e1e7ded.tar.gz liberty-a9859161e0e36095dced556d737131887e1e7ded.tar.bz2 liberty-a9859161e0e36095dced556d737131887e1e7ded.zip | |
check to see if last editor has ability to admin content, if so, ease up on the purification restraints
| -rw-r--r-- | plugins/filter.htmlpurifier.php | 141 |
1 files changed, 82 insertions, 59 deletions
diff --git a/plugins/filter.htmlpurifier.php b/plugins/filter.htmlpurifier.php index 0f6de00..9b33df9 100644 --- a/plugins/filter.htmlpurifier.php +++ b/plugins/filter.htmlpurifier.php @@ -1,6 +1,6 @@ <?php /** - * @version $Header: /cvsroot/bitweaver/_bit_liberty/plugins/filter.htmlpurifier.php,v 1.28 2010/02/12 17:42:45 wjames5 Exp $ + * @version $Header: /cvsroot/bitweaver/_bit_liberty/plugins/filter.htmlpurifier.php,v 1.29 2010/04/02 19:22:02 spiderr Exp $ * @package liberty * @subpackage plugins_filter */ @@ -38,7 +38,7 @@ $pluginParams = array ( ); $gLibertySystem->registerPlugin( PLUGIN_GUID_FILTERHTMLPURIFIER, $pluginParams ); -function htmlpure_filter( &$pString, &$pFilterHash ) { +function htmlpure_filter( &$pString, &$pFilterHash, $pObject ) { global $gHtmlPurifier, $gBitSystem; if (!isset($gHtmlPurifier)) { @@ -56,7 +56,7 @@ function htmlpure_filter( &$pString, &$pFilterHash ) { $htmlp_version = 3.1; } - $config = htmlpure_getDefaultConfig( $htmlp_version ); + $config = htmlpure_getDefaultConfig( $htmlp_version, $pObject ); // As suggested here: http://www.bitweaver.org/forums/index.php?t=8554 @@ -82,7 +82,7 @@ function htmlpure_filter( &$pString, &$pFilterHash ) { $pString = $gHtmlPurifier->purify( $pString ); }else{ $htmlp_version = $gHtmlPurifier->version; - $config = htmlpure_getDefaultConfig( $htmlp_version ); + $config = htmlpure_getDefaultConfig( $htmlp_version, $pObject ); /* if we've received custom configurations for the particular parse then we deal with them for now were expecting config data that htmlpurfier doesn't really handle in a nice way @@ -128,7 +128,7 @@ function htmlpure_filter( &$pString, &$pFilterHash ) { return $pString; } -function htmlpure_getDefaultConfig( &$htmlp_version ){ +function htmlpure_getDefaultConfig( &$htmlp_version, $pObject=NULL ){ global $gBitSystem; $config = HTMLPurifier_Config::createDefault(); @@ -140,18 +140,6 @@ function htmlpure_getDefaultConfig( &$htmlp_version ){ $config->set('Core.EscapeInvalidTags', true); $config->set('Core.EscapeInvalidChildren', true); } - if ($gBitSystem->getConfig('htmlpure_disable_extern') == 'y') { - $config->set('URI.DisableExternal', true); - } - if ($gBitSystem->getConfig('htmlpure_disable_extern_res', 'y') == 'y') { - $config->set('URI.DisableExternalResources', true); - } - if ($gBitSystem->getConfig('htmlpure_disable_res') == 'y') { - $config->set('URI.DisableResources', true); - } - if ($gBitSystem->getConfig('htmlpure_disable_uri') == 'y') { - $config->set('URI.Disable', true); - } if ($gBitSystem->getConfig('htmlpure_use_redirect') == 'y') { $config->set('URI.Munge', LIBERTY_PKG_URL.'redirect.php?q=%s'); } @@ -162,60 +150,95 @@ function htmlpure_getDefaultConfig( &$htmlp_version ){ $config->set('HTML.XHTML', true); } - // Set that we are using a div to wrap things. - $config->set('HTML.BlockWrapper', 'div'); - - // set plugins - // TODO: devise a way to parse plugins dir - // and check for the right property here - // so new plugins are just drop in place. - if ( $htmlp_version >= 3.1 ){ - $custom_filters = array(); + $hasAdmin = FALSE; + if( is_a( $pObject, 'LibertyContent' ) ) { + // check to see if last editor has ability to admin content, if so, ease up on the purification restraints + $query = "SELECT ugp.`group_id` + FROM `".BIT_DB_PREFIX."users_groups_map` ugm + INNER JOIN `".BIT_DB_PREFIX."users_group_permissions` ugp ON (ugp.`group_id`=ugm.`group_id`) + WHERE ugm.`user_id`=? AND (ugp.`perm_name`=? OR ugp.`perm_name`='p_admin')"; + $hasAdmin = $pObject->mDb->getOne( $query, array( $pObject->getField( 'modifier_user_id' ), $pObject->mAdminContentPerm ) ); + } - // Disable included YouTube filter, we have our own - $config->set('Filter.YouTube', false); + if( $hasAdmin ) { + // Last person to edit this file has admin permission for this entire class of content, let freedom ring + $config->set( 'CSS.AllowTricky', true ); - if ($gBitSystem->isFeatureActive('htmlpure_allow_youtube')) { - require_once(UTIL_PKG_PATH.'htmlpure/Filter/YouTube.php'); - $custom_filters[] = new HTMLPurifier_Filter_YouTube(); + $css =& $config->getCSSDefinition(); + $css->info['position'] = new HTMLPurifier_AttrDef_CSS_Composite(array( new HTMLPurifier_AttrDef_Enum(array('absolute', 'fixed', 'relative', 'static', 'inherit')) ) ); + $css->info['top'] = new HTMLPurifier_AttrDef_CSS_Composite(array( new HTMLPurifier_AttrDef_CSS_Length())); + $css->info['left'] = new HTMLPurifier_AttrDef_CSS_Composite(array( new HTMLPurifier_AttrDef_CSS_Length())); + $css->info['bottom'] = new HTMLPurifier_AttrDef_CSS_Composite(array( new HTMLPurifier_AttrDef_CSS_Length())); + $css->info['right'] = new HTMLPurifier_AttrDef_CSS_Composite(array( new HTMLPurifier_AttrDef_CSS_Length())); + } else { + if ($gBitSystem->getConfig('htmlpure_disable_extern') == 'y') { + $config->set('URI.DisableExternal', true); + } + if ($gBitSystem->getConfig('htmlpure_disable_extern_res', 'y') == 'y') { + $config->set('URI.DisableExternalResources', true); } - if ($gBitSystem->isFeatureActive('htmlpure_allow_cnbc')) { - require_once(UTIL_PKG_PATH.'htmlpure/Filter/CNBC.php'); - $custom_filters[] = new HTMLPurifier_Filter_CNBC(); + if ($gBitSystem->getConfig('htmlpure_disable_res') == 'y') { + $config->set('URI.DisableResources', true); } + if ($gBitSystem->getConfig('htmlpure_disable_uri') == 'y') { + $config->set('URI.Disable', true); + } + + // Set that we are using a div to wrap things. + $config->set('HTML.BlockWrapper', 'div'); - if( !empty( $custom_filters ) ){ - $config->set('Filter.Custom', $custom_filters ); + // set plugins + // TODO: devise a way to parse plugins dir + // and check for the right property here + // so new plugins are just drop in place. + if ( $htmlp_version >= 3.1 ){ + $custom_filters = array(); + + // Disable included YouTube filter, we have our own + $config->set('Filter.YouTube', false); + + if ($gBitSystem->isFeatureActive('htmlpure_allow_youtube')) { + require_once(UTIL_PKG_PATH.'htmlpure/Filter/YouTube.php'); + $custom_filters[] = new HTMLPurifier_Filter_YouTube(); + } + if ($gBitSystem->isFeatureActive('htmlpure_allow_cnbc')) { + require_once(UTIL_PKG_PATH.'htmlpure/Filter/CNBC.php'); + $custom_filters[] = new HTMLPurifier_Filter_CNBC(); + } + + if( !empty( $custom_filters ) ){ + $config->set('Filter.Custom', $custom_filters ); + } } - } - $blacklistedTags = $gBitSystem-> - getConfig('blacklisted_html_tags', ''); + $blacklistedTags = $gBitSystem-> + getConfig('blacklisted_html_tags', ''); - $def =& $config->getHTMLDefinition(); - // HTMLPurifier doesn't have a blacklist feature. Duh guys! - // Note that this has to come last since the other configs - // may tweak the def. - foreach (explode(',',$blacklistedTags) as $tag) { - unset($def->info[$tag]); - } + $def =& $config->getHTMLDefinition(); + // HTMLPurifier doesn't have a blacklist feature. Duh guys! + // Note that this has to come last since the other configs + // may tweak the def. + foreach (explode(',',$blacklistedTags) as $tag) { + unset($def->info[$tag]); + } - if ($gBitSystem->getConfig('htmlpure_force_nofollow', 'y') == 'y') { - if( !class_exists("HTMLPurifier_AttrTransform_ForceValue") ){ - class HTMLPurifier_AttrTransform_ForceValue extends HTMLPurifier_AttrTransform - { - var $name, $value; - function HTMLPurifier_AttrTransform_ForceValue($name, $value) { - $this->name = $name; - $this->value = $value; - } - function transform($attr, $config, $context) { - $attr[$this->name] = $this->value; - return $attr; + if ($gBitSystem->getConfig('htmlpure_force_nofollow', 'y') == 'y') { + if( !class_exists("HTMLPurifier_AttrTransform_ForceValue") ){ + class HTMLPurifier_AttrTransform_ForceValue extends HTMLPurifier_AttrTransform + { + var $name, $value; + function HTMLPurifier_AttrTransform_ForceValue($name, $value) { + $this->name = $name; + $this->value = $value; + } + function transform($attr, $config, $context) { + $attr[$this->name] = $this->value; + return $attr; + } } } + $def->info['a']->attr_transform_post['rel'] = new HTMLPurifier_AttrTransform_ForceValue('rel', 'nofollow'); } - $def->info['a']->attr_transform_post['rel'] = new HTMLPurifier_AttrTransform_ForceValue('rel', 'nofollow'); } return $config; |
