[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.263,1.264
dhaun at geeklog.net
dhaun at geeklog.net
Sat Oct 11 07:21:48 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv2856/public_html
Modified Files:
lib-common.php
Log Message:
Changes to make use of the kses class to filter allowable HTML.
Index: lib-common.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.263
retrieving revision 1.264
diff -C2 -d -r1.263 -r1.264
*** lib-common.php 3 Oct 2003 13:00:24 -0000 1.263
--- lib-common.php 11 Oct 2003 11:21:46 -0000 1.264
***************
*** 176,179 ****
--- 176,185 ----
/**
+ * Ulf Harnhammar's kses class
+ *
+ */
+ require_once( $_CONF['path_system'] . 'classes/kses.class.php' );
+
+ /**
* If needed, add our PEAR path to the list of include paths
*
***************
*** 2922,2935 ****
$str = preg_replace( '/<!--.+?-->/', '', $str );
! if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['adminhtml'] ))
{
! $str = strip_tags( $str, $_CONF['allowablehtml'] );
}
else
{
! $str = strip_tags( $str, $_CONF['adminhtml'] );
}
! return COM_killJS( $str );
}
--- 2928,2949 ----
$str = preg_replace( '/<!--.+?-->/', '', $str );
! $filter = new kses;
! $filter->Protocols( array( "http:", "https:", "ftp:" ));
!
! if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['admin_html'] ))
{
! $html = $_CONF['user_html'];
}
else
{
! $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
}
! foreach( $html as $tag => $attr )
! {
! $filter->AddHTML( $tag, $attr );
! }
!
! return $filter->Parse( $str );
}
***************
*** 3557,3562 ****
*
* Returns what HTML tags the system allows to be used inside content.
! * You can modify this by changing $_CONF['allowablehtml'] in config.php
! * (for admins, see also $_CONF['adminhtml']).
*
* @return string HTML <span> enclosed string
--- 3571,3576 ----
*
* Returns what HTML tags the system allows to be used inside content.
! * You can modify this by changing $_CONF['user_html'] in config.php
! * (for admins, see also $_CONF['admin_html']).
*
* @return string HTML <span> enclosed string
***************
*** 3571,3582 ****
if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['adminhtml'] ))
{
! $retval .= htmlspecialchars( $_CONF['allowablehtml'] );
}
else
{
! $retval .= htmlspecialchars( $_CONF['adminhtml'] );
}
! $retval .= ',[code]';
$retval .= '</span>';
--- 3585,3601 ----
if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['adminhtml'] ))
{
! $html = $_CONF['user_html'];
}
else
{
! $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
}
! foreach( $html as $tag => $attr )
! {
! $retval .= '<' . $tag . '>,';
! }
!
! $retval .= '[code]';
$retval .= '</span>';
More information about the geeklog-cvs
mailing list