Skip to content

Commit

Permalink
Closes Elgg#833: Kses now built as module
Browse files Browse the repository at this point in the history 
git-svn-id: https://code.elgg.org/elgg/trunk@3222 36083f99-b078-4883-b0ff-0f9b5a30f544
  • Loading branch information
marcus committed Apr 17, 2009
1 parent 566de88 commit 07155a0
Show file tree
Hide file tree
Showing 23 changed files with 318 additions and 285 deletions.
3 changes: 2 additions & 1 deletion actions/systemsettings/install.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,8 @@
enable_plugin('updateclient', $site->getGUID());
enable_plugin('logbrowser', $site->getGUID());
enable_plugin('diagnostics', $site->getGUID());
enable_plugin('uservalidationbyemail', $site->getGUID());
enable_plugin('uservalidationbyemail', $site->getGUID());
enable_plugin('kses', $site->getGUID());
}

// Now ping home
Expand Down
284 changes: 1 addition & 283 deletions engine/lib/input.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,39 +67,6 @@ function set_input($variable, $value) {
else
$CONFIG->input[trim($variable)] = trim($value);

}

/**
* Kses filtering of tags, called on a plugin hook
*
* @param mixed $var Variable to filter
* @return mixed
*/
function kses_filter_tags($hook, $entity_type, $returnvalue, $params)
{
$return = $returnvalue;
$var = $returnvalue;

if (@include_once(dirname(dirname(dirname(__FILE__)))) . "/vendors/kses/kses.php") {

global $CONFIG;

$allowedtags = $CONFIG->allowedtags;
$allowedprotocols = $CONFIG->allowedprotocols;

if (!is_array($var)) {
$return = "";
$return = kses($var, $allowedtags, $allowedprotocols);
} else {
$return = array();

foreach($var as $key => $el) {
$return[$key] = kses($el, $allowedtags, $allowedprotocols);
}
}
}

return $return;
}

/**
Expand Down Expand Up @@ -247,257 +214,8 @@ function stripslashes_deep($value) {
$_SERVER['PATH_TRANSLATED'] = stripslashes($_SERVER['PATH_TRANSLATED']);
}

}


global $CONFIG;
$CONFIG->allowedtags = array(
'address' => array(),
'a' => array(
'class' => array (),
'href' => array (),
'id' => array (),
'title' => array (),
'rel' => array (),
'rev' => array (),
'name' => array (),
'target' => array()),
'abbr' => array(
'class' => array (),
'title' => array ()),
'acronym' => array(
'title' => array ()),
'b' => array(),
'big' => array(),
'blockquote' => array(
'id' => array (),
'cite' => array (),
'class' => array(),
'lang' => array(),
'xml:lang' => array()),
'br' => array (
'class' => array ()),
'button' => array(
'disabled' => array (),
'name' => array (),
'type' => array (),
'value' => array ()),
'caption' => array(
'align' => array (),
'class' => array ()),
'cite' => array (
'class' => array(),
'dir' => array(),
'lang' => array(),
'title' => array ()),
'code' => array (),
// 'style' => array()),
// 'col' => array(
// 'align' => array (),
// 'char' => array (),
// 'charoff' => array (),
// 'span' => array (),
// 'dir' => array(),
// 'style' => array (),
// 'valign' => array (),
// 'width' => array ()),
'del' => array(
'datetime' => array ()),
'dd' => array(),
'div' => array(
'align' => array (),
'class' => array (),
'dir' => array (),
'lang' => array(),
// 'style' => array (),
'xml:lang' => array()),
'dl' => array(),
'dt' => array(),
'em' => array(),
// 'fieldset' => array(),
'font' => array(
'color' => array (),
'face' => array (),
'size' => array ()),
// 'form' => array(
// 'action' => array (),
// 'accept' => array (),
// 'accept-charset' => array (),
// 'enctype' => array (),
// 'method' => array (),
// 'name' => array (),
// 'target' => array ()),
'h1' => array(
'align' => array (),
'class' => array ()),
'h2' => array(
'align' => array (),
'class' => array ()),
'h3' => array(
'align' => array (),
'class' => array ()),
'h4' => array(
'align' => array (),
'class' => array ()),
'h5' => array(
'align' => array (),
'class' => array ()),
'h6' => array(
'align' => array (),
'class' => array ()),
'hr' => array(
'align' => array (),
'class' => array (),
'noshade' => array (),
'size' => array (),
'width' => array ()),
'i' => array(),
'img' => array(
'alt' => array (),
'align' => array (),
'border' => array (),
'class' => array (),
'height' => array (),
'hspace' => array (),
'longdesc' => array (),
'vspace' => array (),
'src' => array (),
// 'style' => array (),
'width' => array ()),
'ins' => array(
'datetime' => array (),
'cite' => array ()),
'kbd' => array(),
'label' => array(
'for' => array ()),
'legend' => array(
'align' => array ()),
'li' => array (
'align' => array (),
'class' => array ()),
'p' => array(
'class' => array (),
'align' => array (),
'dir' => array(),
'lang' => array(),
// 'style' => array (),
'xml:lang' => array()),
'pre' => array(
// 'style' => array(),
'width' => array ()),
'q' => array(
'cite' => array ()),
's' => array(),
'span' => array (
'class' => array (),
'dir' => array (),
'align' => array (),
'lang' => array (),
// 'style' => array (),
'title' => array (),
'xml:lang' => array()),
'strike' => array(),
'strong' => array(),
'sub' => array(),
'sup' => array(),
// 'table' => array(
// 'align' => array (),
// 'bgcolor' => array (),
// 'border' => array (),
// 'cellpadding' => array (),
// 'cellspacing' => array (),
// 'class' => array (),
// 'dir' => array(),
// 'id' => array(),
// 'rules' => array (),
// 'style' => array (),
// 'summary' => array (),
// 'width' => array ()),
// 'tbody' => array(
// 'align' => array (),
// 'char' => array (),
// 'charoff' => array (),
// 'valign' => array ()),
// 'td' => array(
// 'abbr' => array (),
// 'align' => array (),
// 'axis' => array (),
// 'bgcolor' => array (),
// 'char' => array (),
// 'charoff' => array (),
// 'class' => array (),
// 'colspan' => array (),
// 'dir' => array(),
// 'headers' => array (),
// 'height' => array (),
// 'nowrap' => array (),
// 'rowspan' => array (),
// 'scope' => array (),
// 'style' => array (),
// 'valign' => array (),
// 'width' => array ()),
// 'textarea' => array(
// 'cols' => array (),
// 'rows' => array (),
// 'disabled' => array (),
// 'name' => array (),
// 'readonly' => array ()),
// 'tfoot' => array(
// 'align' => array (),
// 'char' => array (),
// 'class' => array (),
// 'charoff' => array (),
// 'valign' => array ()),
// 'th' => array(
// 'abbr' => array (),
// 'align' => array (),
// 'axis' => array (),
// 'bgcolor' => array (),
// 'char' => array (),
// 'charoff' => array (),
// 'class' => array (),
// 'colspan' => array (),
// 'headers' => array (),
// 'height' => array (),
// 'nowrap' => array (),
// 'rowspan' => array (),
// 'scope' => array (),
// 'valign' => array (),
// 'width' => array ()),
// 'thead' => array(
// 'align' => array (),
// 'char' => array (),
// 'charoff' => array (),
// 'class' => array (),
// 'valign' => array ()),
'title' => array(),
// 'tr' => array(
// 'align' => array (),
// 'bgcolor' => array (),
// 'char' => array (),
// 'charoff' => array (),
// 'class' => array (),
// 'style' => array (),
// 'valign' => array ()),
'tt' => array(),
'u' => array(),
'ul' => array (
'class' => array (),
// 'style' => array (),
'type' => array ()),
'ol' => array (
'class' => array (),
'start' => array (),
// 'style' => array (),
'type' => array ()),
'var' => array ());
}

$CONFIG->allowedprotocols = array('http', 'https', 'ftp', 'news', 'mailto', 'rtsp', 'teamspeak', 'gopher', 'mms',
'color', 'callto', 'cursor', 'text-align', 'font-size', 'font-weight', 'font-style',
'border', 'margin', 'padding', 'float');

// For now, register the kses for processing
register_plugin_hook('validate', 'input', 'kses_filter_tags', 1);
}

register_elgg_event_handler('init','system','input_init');
Expand Down
10 changes: 10 additions & 0 deletions engine/lib/upgrades/2009041701.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<?php

global $CONFIG;

/// Activate kses
/**
* Elgg now has kses tag filtering built as a plugin. This needs to be enabled.
*/
enable_plugin('kses', $CONFIG->site->guid);
?>
Loading

0 comments on commit 07155a0

Please sign in to comment.