[geeklog-cvs] geeklog-1.3/public_html lib-common.php,1.196,1.196.4.1
dhaun at geeklog.net
dhaun at geeklog.net
Sun Oct 12 08:19:22 EDT 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv23871/public_html
Modified Files:
Tag: geeklog_1_3_7sr2_1
lib-common.php
Log Message:
Changes to make use of the kses class to filter allowable HTML.
Index: lib-common.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/lib-common.php,v
retrieving revision 1.196
retrieving revision 1.196.4.1
diff -C2 -d -r1.196 -r1.196.4.1
*** lib-common.php 9 Jan 2003 09:41:50 -0000 1.196
--- lib-common.php 12 Oct 2003 12:19:19 -0000 1.196.4.1
***************
*** 164,167 ****
--- 164,173 ----
require_once( $_CONF['path_system'] . 'lib-sessions.php' );
+ /**
+ * Ulf Harnhammar's kses class
+ *
+ */
+ require_once( $_CONF['path_system'] . 'classes/kses.class.php' );
+
// Set theme
// Need to modify this code to check if theme was cached in user cookie. That
***************
*** 2725,2738 ****
$str = preg_replace( '/<!--.+?-->/', '', $str );
! if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['adminhtml'] ))
{
! $str = strip_tags( $str, $_CONF['allowablehtml'] );
}
else
{
! $str = strip_tags( $str, $_CONF['adminhtml'] );
}
! return COM_killJS( $str );
}
--- 2731,2752 ----
$str = preg_replace( '/<!--.+?-->/', '', $str );
! $filter = new kses;
! $filter->Protocols( array( "http:", "https:", "ftp:" ));
!
! if( !SEC_hasRights( 'story.edit' ) || empty ( $_CONF['admin_html'] ))
{
! $html = $_CONF['user_html'];
}
else
{
! $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
}
! foreach( $html as $tag => $attr )
! {
! $filter->AddHTML( $tag, $attr );
! }
!
! return $filter->Parse( $str );
}
***************
*** 3236,3246 ****
*
* Returns what HTML tags the system allows to be used inside content
! * you can modify this by changing $_CONF['allowablehtml'] in
! * config.php
*
* @return string HTML <span> enclosed string
*/
! function COM_allowedhtml()
{
global $_CONF, $LANG01;
--- 3250,3260 ----
*
* Returns what HTML tags the system allows to be used inside content
! * you can modify this by changing $_CONF['user_html'] in config.php
! * (for admins, see also $_CONF['admin_html']).
*
* @return string HTML <span> enclosed string
*/
! function COM_allowedHTML()
{
global $_CONF, $LANG01;
***************
*** 3248,3260 ****
$retval = '<span class="warningsmall">' . $LANG01[31];
! if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['adminhtml'] ))
{
! $retval .= htmlspecialchars( $_CONF['allowablehtml'] );
}
else
{
! $retval .= htmlspecialchars( $_CONF['adminhtml'] );
}
$retval .= '</span>';
--- 3262,3287 ----
$retval = '<span class="warningsmall">' . $LANG01[31];
! if( !SEC_hasRights( 'story.edit' ) || empty( $_CONF['admin_html'] ))
{
! $html = $_CONF['user_html'];
}
else
{
! $html = array_merge( $_CONF['user_html'], $_CONF['admin_html'] );
}
+ $br = 0;
+ foreach( $html as $tag => $attr )
+ {
+ $br++;
+ $retval .= '<' . $tag . '>,';
+ if( $br == 10 )
+ {
+ $retval .= ' ';
+ $br = 0;
+ }
+ }
+
+ $retval .= '[code]';
$retval .= '</span>';
More information about the geeklog-cvs
mailing list