summaryrefslogtreecommitdiff
path: root/plugins/filter.htmlpurifier.php
blob: 6a8b38c94077b67a1b6a76de024c0a17b7d670e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<?php
/**
 * @version  $Header: /cvsroot/bitweaver/_bit_liberty/plugins/filter.htmlpurifier.php,v 1.8 2007/06/13 07:34:45 lsces Exp $
 * @package  liberty
 * @subpackage plugins_filter
 */

/**
 * definitions ( guid character limit is 16 chars )
 */
define( 'PLUGIN_GUID_FILTERHTMLPURIFIER', 'filterhtmlpure' );

global $gLibertySystem;

$pluginParams = array (
	// plugin title
	'title'                    => 'HTMLPurifier',
	// help page on bitweaver org that explains this plugin
	'help_page'                => 'HTMLPurifier',
	// brief description of the plugin
	'description'              => 'Uses <a href="http://htmlpurifier.org">HTMLPurifier</a> to cleanup the HTML submitted to your site and ensure that it is standards compliant and does not contain anything malicious. It is also used to ensure that the various places that input is split for previews does not cause bad markup to break the page. This filter is <strong>highly</strong> recommended if you are allowing HTML but is still good for sites that are not using thse formats for the ability to cleanup markup which has been split for preview properly though this may disable certain plugins that insert non standards compliant code.',
	// should this plugin be active or not when loaded for the first time
	'auto_activate'            => FALSE,
	// absolute path to this plugin
	'path'                     => LIBERTY_PKG_PATH.'plugins/filter.htmlpurifier.php',
	// type of plugin
	'plugin_type'              => FILTER_PLUGIN,
	// url to page with options for this plugin
	'plugin_settings_url'      => LIBERTY_PKG_URL.'admin/filter_htmlpurifier.php',

	// various filter functions and when they are called
	// called before the data is parsed
	//	'prefilter_function'       => 'htmlpure_filter',
	// called after the data has been parsed
	'prefilter_function'      => 'htmlpure_filter',
	// called before the data is parsed if there is a split
	//	'presplitfilter_function'  => 'htmlpure_filter',
	// called after the data has been parsed if there is a split
	'postsplitfilter_function' => 'htmlpure_filter',
);
$gLibertySystem->registerPlugin( PLUGIN_GUID_FILTERHTMLPURIFIER, $pluginParams );

function htmlpure_filter( $pData, $pFilterHash ) {
	global $gHtmlPurifier, $gBitSystem;
	
	if (!isset($gHtmlPurifier)) {
		$blacklistedTags = $gBitSystem->
			getConfig('blacklisted_html_tags', '');

		require_once(UTIL_PKG_PATH . 'htmlpurifier/HTMLPurifier.auto.php');
		$config = HTMLPurifier_Config::createDefault();
		
		if ($gBitSystem->getConfig('htmlpure_escape_bad', 'y') == 'y') {
			$config->set('Core', 'EscapeInvalidTags', true);
			$config->set('Core', 'EscapeInvalidChildren', true);
		}
		if ($gBitSystem->getConfig('htmlpure_disable_extern') == 'y') {
			$config->set('URI', 'DisableExternal', true);
		}
		if ($gBitSystem->getConfig('htmlpure_disable_extern_res', 'y') == 'y') {
			$config->set('URI', 'DisableExternalResources', true);
		}
		if ($gBitSystem->getConfig('htmlpure_disable_res') == 'y') {
			$config->set('URI', 'DisableResources', true);
		}
		if ($gBitSystem->getConfig('htmlpure_disable_uri') == 'y') {
			$config->set('URI', 'Disable', true);
		}
		if ($gBitSystem->getConfig('htmlpure_use_redirect') == 'y') {
			$config->set('URI', 'Munge', LIBERTY_PKG_URL.'redirect.php?q=%s');
		}
		if ($gBitSystem->getConfig('htmlpure_strict_html', 'y') == 'y') {
			$config->set('HTML', 'Strict', true);
		}
		if ($gBitSystem->getConfig('htmlpure_xhtml', 'n') == 'n') {
			$config->set('Core', 'XHTML', true);
		}
		
		$def =& $config->getHTMLDefinition();
		// HTMLPurifier doesn't have a blacklist feature. Duh guys!
		// Note that this has to come last since the other configs
		// may tweak the def.
		foreach (explode(',',$blacklistedTags) as $tag) {
			unset($def->info[$tag]);
		}
		
		$gHtmlPurifier = new HTMLPurifier($config);
		
		// TODO: devise a way to parse plugins dir
		// and check for the right property here
		// so new plugins are just drop in place.
		if ($gBitSystem->isFeatureActive('liberty_html_pure_allow_youtube')) {
			require_once UTIL_PKG_PATH.'htmlpurifier/HTMLPurifier/Filter/YouTube.php';
			$gHtmlPurifier->addFilter(new HTMLPurifier_Filter_YouTube());
		}
	}
	
	/* Clean up the paragraphs a bit */
	//	$start = $pData;
	$pString = htmlpure_cleanupPeeTags($pData);		
	//	$pee = $pString;
	$pString = $gHtmlPurifier->purify($pString);
	
	/*
	echo "<br/><hr/><br/>".$start;
	include_once( 'Text/Diff.php' );    
	include_once( 'Text/Diff/Renderer/inline.php' );
	$diff = &new Text_Diff(explode("\n", $start), explode("\n",$pee));
	$renderer = &new Text_Diff_Renderer_inline();
	echo "<br/><hr/><br/>". $renderer->render($diff);
	
	echo "<br/><hr/><br/>".$pString;
	include_once( 'Text/Diff.php' );    
	include_once( 'Text/Diff/Renderer/inline.php' );
	$diff = &new Text_Diff(explode("\n", $pee), explode("\n",$pString));
	$renderer = &new Text_Diff_Renderer_inline();
	echo "<br/><hr/><br/>". $renderer->render($diff);
	*/
}

function htmlpure_cleanupPeeTags( $pee ) {
	
	// Convert us some form feeds for better cross platform support
	$pee = str_replace(array("\r\n", "\r"), "\n", $pee);
	
	// Strip out lots of duplicate newlines now
	$pee = preg_replace("#\n\n+#", "\n\n", $pee);
	
	// Pee in block quotes
	$pee = preg_replace('#<blockquote(.*?(?:[^>]*))>(.*?)</blockquote>#s', '<blockquote$1><p>$2</p></blockquote>', $pee);
	
	// Strip empty pee
	$pee = preg_replace('#<p>\s*</p>#', '', $pee);
		
	// Unpee pre blocks
	$pee = preg_replace('#(<pre.*?>)(.*?)</pre>#se', 
						" '$1' . preg_replace('#<br.*?/>#', '"."\n"."', " .
						"preg_replace('#<p.*?>#', '"."\n"."', " .
						"preg_replace('#</p>#', '', '$2'))) . '</pre>' ", $pee);

	// Fixup align divs so we can keep them.
	$pee = preg_replace('#<div(.*?)align="(.*?)"(.*?)>#', '<div$1style="text-align:$2;"$3>', $pee);
	
	return $pee;
}

?>