[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.263,1.264

dhaun at geeklog.net dhaun at geeklog.net
Sat Oct 11 07:21:48 EDT 2003 

Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv2856/public_html

Modified Files:
	lib-common.php 
Log Message:
Changes to make use of the kses class to filter allowable HTML.


Index: lib-common.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.263
retrieving revision 1.264
diff -C2 -d -r1.263 -r1.264
*** lib-common.php	3 Oct 2003 13:00:24 -0000	1.263
--- lib-common.php	11 Oct 2003 11:21:46 -0000	1.264
***************
*** 176,179 ****
--- 176,185 ----
  
  /**
+ * Ulf Harnhammar's kses class
+ *
+ */
+ require_once( $_CONF['path_system'] . 'classes/kses.class.php' );
+ 
+ /**
  * If needed, add our PEAR path to the list of include paths
  *
***************
*** 2922,2935 ****
      $str = preg_replace( '/<!--.+?-->/', '', $str );
  
!     if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['adminhtml'] ))
      {
!         $str = strip_tags( $str, $_CONF['allowablehtml'] );
      }
      else
      {
!         $str = strip_tags( $str, $_CONF['adminhtml'] );
      }
  
!     return COM_killJS( $str );
  }
  
--- 2928,2949 ----
      $str = preg_replace( '/<!--.+?-->/', '', $str );
  
!     $filter = new kses;
!     $filter->Protocols( array( "http:", "https:", "ftp:" ));
! 
!     if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['admin_html'] ))       
      {
!         $html = $_CONF['user_html'];
      }
      else
      {
!         $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
      }
  
!     foreach( $html as $tag => $attr )
!     {
!         $filter->AddHTML( $tag, $attr );
!     }
! 
!     return $filter->Parse( $str );
  }
  
***************
*** 3557,3562 ****
  *
  * Returns what HTML tags the system allows to be used inside content.
! * You can modify this by changing $_CONF['allowablehtml'] in config.php
! * (for admins, see also $_CONF['adminhtml']).
  *
  * @return   string  HTML <span> enclosed string
--- 3571,3576 ----
  *
  * Returns what HTML tags the system allows to be used inside content.
! * You can modify this by changing $_CONF['user_html'] in config.php
! * (for admins, see also $_CONF['admin_html']).
  *
  * @return   string  HTML <span> enclosed string
***************
*** 3571,3582 ****
      if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['adminhtml'] ))
      {
!         $retval .= htmlspecialchars( $_CONF['allowablehtml'] );
      }
      else
      {
!         $retval .= htmlspecialchars( $_CONF['adminhtml'] );
      }
  
!     $retval .= ',[code]';
      $retval .= '</span>';
  
--- 3585,3601 ----
      if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['adminhtml'] ))
      {
!         $html = $_CONF['user_html'];
      }
      else
      {
!         $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
      }
  
!     foreach( $html as $tag => $attr )
!     {
!         $retval .= '<' . $tag . '>,';
!     }
! 
!     $retval .= '[code]';
      $retval .= '</span>';

More information about the geeklog-cvs mailing list