summaryrefslogtreecommitdiff
path: root/plugins/format.tikihtml.php
blob: 8b579600ed68b9e1af1646d105d4a97bb275b80b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
/**
 * @version  $Revision: 1.4 $
 * @package  liberty
 * @subpackage plugins_format
 */
global $gLibertySystem;

/**
 * definitions
 */
define( 'PLUGIN_GUID_BITHTML', 'bithtml' );

$pluginParams = array ( 'store_function' => 'bithtml_save_data',
						'load_function' => 'bithtml_parse_data',
						'verify_function' => 'bithtml_verify_data',
						'description' => 'HTML Syntax Format Parser',
						'edit_label' => 'HTML',
						'edit_field' => '<input type="radio" name="format_guid" value="'.PLUGIN_GUID_BITHTML.'"',
						'plugin_type' => FORMAT_PLUGIN
					  );

$gLibertySystem->registerPlugin( PLUGIN_GUID_BITHTML, $pluginParams );

function bithtml_verify_data( &$pParamHash ) {
	$errorMsg = NULL;
	$pParamHash['content_store']['data'] = purge_html( $pParamHash['edit'] );
	return $errorMsg;
}

// This function is a menagerie of the techniques of the comments listed at
// http://www.php.net/manual/en/function.strip-tags.php - spiderr
function purge_html( $pText ) {
	global $gBitSystem, $gBitUser;

	// convert all HTML entites to catch people trying to sneak stuff by with things like &#123; etc..
	if( function_exists( 'html_entity_decode' ) ) {
		$text = html_entity_decode( $pText );
	} else {
		$trans_tbl = get_html_translation_table(HTML_ENTITIES);
		$trans_tbl = array_flip($trans_tbl);
		$text = strtr($pText, $trans_tbl);
	}

	// strip_tags() appears to become nauseated at the site of a <!DOCTYPE> declaration
	$text = str_replace( '<!DOCTYPE', '<DOCTYPE', $text );

	// Yank style - both tag and inline attributes
	// strip_tags has doesn't recognize that css within the style tags are not document text. To fix this do something similar to the following:
	if( !$gBitUser->hasPermission( 'bit_p_edit_html_style' ) ) {
		$text = preg_replace( "/<style[^>]*>.*<\/style>/siU", '', $text );
	}
	$text = stripslashes($text);
	if( !$gBitUser->hasPermission( 'bit_p_edit_html_style' ) ) {
		$text = preg_replace( "/ (style|class)=[\"]?([^\"]*)[\"]?/i", '', $text);
	}

	// Strip all evil tags that remain
	// this comes out of gBitSystem->getPreference() set in Liberty Admin
	$acceptableTags = $gBitSystem->getPreference( 'approved_html_tags', DEFAULT_ACCEPTABLE_TAGS );

	// Destroy all script code "manually" - strip_tags will leave code inline as plain text
	if( !preg_match( '/\<script\>/', $acceptableTags ) ) {
		$text = preg_replace( "/(\<script)(.*?)(script\>)/si", '', $text );
	}

	$text = strip_tags( $text, $acceptableTags );
	$text = str_replace("<!--", "&lt;!--", $text);
	$text = preg_replace("/(\<)(.*?)(--\>)/mi", "".nl2br("\\2")."", $text);

	return( $text );
}

function bithtml_save_data( &$pParamHash ) {
	static $parser;
	if( empty( $parser ) ) {
		$parser = new TikiWikiParser();
	}
	if( $pParamHash['edit'] ) {
		$parser->storeLinks( $pParamHash );
	}
}

function bithtml_parse_data( &$pData, &$pCommonObject ) {
	global $gLibertySystem;
	// eventually we should strip tags, maybe tikilink, or other things.
	parse_data_plugins( $pData, $foo, $bar, $empty );
	// this function is called manually, since it processes the HTML code
	if( preg_match( "/\{maketoc.*?\}/i", $pData ) && @$gLibertySystem->mPlugins['datamaketoc']['is_active'] == 'y' ) {
		$pData = data_maketoc( $pData );
	}
	return $pData;
}

?>