[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.243,1.243.2.1
dhaun at geeklog.net
dhaun at geeklog.net
Sun Oct 12 04:32:56 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv13728/public_html
Modified Files:
Tag: geeklog_1_3_8_1_1
lib-common.php
Log Message:
Changes to make use of the kses class to filter allowable HTML.
Index: lib-common.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.243
retrieving revision 1.243.2.1
diff -C2 -d -r1.243 -r1.243.2.1
*** lib-common.php 5 Aug 2003 19:03:50 -0000 1.243
--- lib-common.php 12 Oct 2003 08:32:54 -0000 1.243.2.1
***************
*** 168,171 ****
--- 168,177 ----
require_once( $_CONF['path_system'] . 'lib-sessions.php' );
+ /**
+ * Ulf Harnhammar's kses class
+ *
+ */
+ require_once( $_CONF['path_system'] . 'classes/kses.class.php' );
+
// Set theme
// Need to modify this code to check if theme was cached in user cookie. That
***************
*** 3097,3110 ****
$str = preg_replace( '/<!--.+?-->/', '', $str );
! if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['adminhtml'] ))
{
! $str = strip_tags( $str, $_CONF['allowablehtml'] );
}
else
{
! $str = strip_tags( $str, $_CONF['adminhtml'] );
}
! return COM_killJS( $str );
}
--- 3103,3124 ----
$str = preg_replace( '/<!--.+?-->/', '', $str );
! $filter = new kses;
! $filter->Protocols( array( "http:", "https:", "ftp:" ));
!
! if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['admin_html'] ))
{
! $html = $_CONF['user_html'];
}
else
{
! $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
}
! foreach( $html as $tag => $attr )
! {
! $filter->AddHTML( $tag, $attr );
! }
!
! return $filter->Parse( $str );
}
***************
*** 3625,3635 ****
*
* Returns what HTML tags the system allows to be used inside content
! * you can modify this by changing $_CONF['allowablehtml'] in
! * config.php
*
* @return string HTML <span> enclosed string
*/
! function COM_allowedhtml()
{
global $_CONF, $LANG01;
--- 3639,3649 ----
*
* Returns what HTML tags the system allows to be used inside content
! * you can modify this by changing $_CONF['user_html'] in config.php
! * (for admins, see also $_CONF['admin_html']).
*
* @return string HTML <span> enclosed string
*/
! function COM_COM_allowedHTML()
{
global $_CONF, $LANG01;
***************
*** 3639,3649 ****
if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['adminhtml'] ))
{
! $retval .= htmlspecialchars( $_CONF['allowablehtml'] );
}
else
{
! $retval .= htmlspecialchars( $_CONF['adminhtml'] );
}
$retval .= '</span>';
--- 3653,3676 ----
if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['adminhtml'] ))
{
! $html = $_CONF['user_html'];
}
else
{
! $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
! }
!
! $br = 0;
! foreach( $html as $tag => $attr )
! {
! $br++;
! $retval .= '<' . $tag . '>,';
! if( $br == 10 )
! {
! $retval .= ' ';
! $br = 0;
! }
}
+ $retval .= '[code]';
$retval .= '</span>';
More information about the geeklog-cvs
mailing list