refactor(web): add HTML::purifier_inline() function

2024-11-22 13:28:41 +00:00 · 2022-10-09 21:33:13 +08:00 · 2022-10-09 21:33:13 +08:00 · e71f73d81f
commit e71f73d81f
parent 32e840b907
11 changed files with 47 additions and 13 deletions
--- a/web/app/controllers/add_contest.php
+++ b/web/app/controllers/add_contest.php
@ -46,7 +46,7 @@
 	$time_form->handle = function(&$vdata) {
 		$start_time_str = $vdata['start_time']->format('Y-m-d H:i:s');
 				
-		$purifier = HTML::pruifier();
+		$purifier = HTML::purifier_inline();
 		
 		$esc_name = $_POST['name'];
 		$esc_name = $purifier->purify($esc_name);
--- a/web/app/controllers/contest_manage.php
+++ b/web/app/controllers/contest_manage.php
@ -45,7 +45,7 @@
 		global $contest;
 		$start_time_str = $vdata['start_time']->format('Y-m-d H:i:s');
 		
-		$purifier = HTML::pruifier();
+		$purifier = HTML::purifier_inline();
 		
 		$esc_name = $_POST['name'];
 		$esc_name = $purifier->purify($esc_name);
--- a/web/app/controllers/subdomain/blog/self_reviews.php
+++ b/web/app/controllers/subdomain/blog/self_reviews.php
@ -50,7 +50,7 @@ $col_names = array('contest_id');
 		$n_contest_problems = count($contest_problems);

 		$result = '';
-		$purifier = HTML::pruifier();
+		$purifier = HTML::purifier_inline();

 		for ($i = 0; $i < $n_contest_problems; $i++) {
 			$problem_id = $contest_problems[$i]['problem_id'];
--- a/web/app/controllers/user_info.php
+++ b/web/app/controllers/user_info.php
@ -59,7 +59,7 @@
 					</div>
 					<div class="list-group-item">
 						<h4 class="list-group-item-heading"><?= UOJLocale::get('motto') ?></h4>
-						<div class="list-group-item-text"><?= HTML::pruifier()->purify($user['motto']) ?></div>
+						<div class="list-group-item-text"><?= HTML::purifier_inline()->purify($user['motto']) ?></div>
 					</div>
 					
 					<?php if (isSuperUser($myUser)): ?>
--- a/web/app/libs/uoj-contest-lib.php
+++ b/web/app/libs/uoj-contest-lib.php
@ -112,7 +112,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
 	}

 	if ($show_reviews) {
-		$purifier = HTML::pruifier();
+		$purifier = HTML::purifier_inline();
 		foreach ($contest_data['people'] as $person) {
 			foreach ($contest_data['problems'] as $key => $problem) {
 				$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = {$problem} and poster = '{$person[0]}'");
--- a/web/app/libs/uoj-html-lib.php
+++ b/web/app/libs/uoj-html-lib.php
@ -1,7 +1,5 @@
 <?php

-define('DOM_SANITIZE_CONFIG', "{ALLOWED_TAGS: ['a', 'b', 'i', 'u', 'em', 'strong', 'sub', 'sup', 'small', 'del', 'br'], ALLOWED_ATTR: ['href']}");
-
 function uojHandleAtSign($str, $uri) {
 	$referrers = array();
 	$res = preg_replace_callback('/@(@|[a-zA-Z0-9_]{1,20})/', function($matches) use (&$referrers) {
@ -1359,7 +1357,7 @@ function echoRanklist($config = array()) {
 	$header_row .= '<th style="width: 5em;">'.UOJLocale::get('solved').'</th>';
 	$header_row .= '</tr>';

-	$purifier = HTML::pruifier();
+	$purifier = HTML::purifier_inline();
 	$users = array();
 	$print_row = function($user, $now_cnt) use (&$users, $config, $purifier) {
 		if (!$users) {
--- a/web/app/models/HTML.php
+++ b/web/app/models/HTML.php
@ -142,7 +142,7 @@ class HTML {
 		return implode("&", $r);
 	}
 	
-	public static function pruifier() {
+	public static function purifier() {
 		include_once $_SERVER['DOCUMENT_ROOT'] . '/app/vendor/htmlpurifier/HTMLPurifier.auto.php';
 		$config = HTMLPurifier_Config::createDefault();
 		//$config->set('HTML.Doctype', 'HTML 4.01 Transitional');
@ -158,4 +158,40 @@ class HTML {
 		
 		return new HTMLPurifier($config);
 	}
+
+	public static function purifier_inline() {
+		include_once $_SERVER['DOCUMENT_ROOT'] . '/app/vendor/htmlpurifier/HTMLPurifier.auto.php';
+
+		$allowed_html = [
+			'a' => ['href' => 'URI'],
+			'b' => [],
+			'i' => [],
+			'u' => [],
+			's' => [],
+			'em' => [],
+			'strong' => [],
+			'sub' => [],
+			'sup' => [],
+			'small' => [],
+			'del' => [],
+			'br' => [],
+		];
+
+		$config = HTMLPurifier_Config::createDefault();
+		
+		$allowed_elements = [];
+		$allowed_attributes = [];
+
+		foreach ($allowed_html as $element => $attributes) {
+			$allowed_elements[$element] = true;
+			foreach ($attributes as $attribute => $x) {
+				$allowed_attributes["$element.$attribute"] = true;
+			}
+		}
+
+		$config->set('HTML.AllowedElements', $allowed_elements);
+		$config->set('HTML.AllowedAttributes', $allowed_attributes);
+
+		return new HTMLPurifier($config);
+	}
 }
--- a/web/app/models/UOJBlogEditor.php
+++ b/web/app/models/UOJBlogEditor.php
@ -101,7 +101,7 @@ class UOJBlogEditor {
 		
 		$this->post_data['is_hidden'] = isset($_POST["{$this->name}_is_hidden"]) ? 1 : 0;
 		
-		$purifier = HTML::pruifier();
+		$purifier = HTML::purifier();
 		
 		$this->post_data['title'] = HTML::escape($this->post_data['title']);
 		
--- a/web/app/views/page-header.php
+++ b/web/app/views/page-header.php
@ -312,7 +312,7 @@
 								<b><?= $group['title'] ?></b>
 							</a>
 							<?php if ($group_announcement): ?>
-							<div><?= HTML::pruifier()->purify($group_announcement) ?></div>
+							<div><?= HTML::purifier_inline()->purify($group_announcement) ?></div>
 							<?php else: ?>
 							<div>（暂无公告）</div>
 							<?php endif ?>
--- a/web/app/views/sidebar.php
+++ b/web/app/views/sidebar.php
@ -18,7 +18,7 @@
 				</a>
 				<?php if ($group_announcement): ?>
 				<div class="text-break">
-					<?= HTML::pruifier()->purify($group_announcement) ?>
+					<?= HTML::purifier_inline()->purify($group_announcement) ?>
 				</div>
 				<?php else: ?>
 				<div>（暂无公告）</div>
--- a/web/app/views/user-info.php
+++ b/web/app/views/user-info.php
@ -82,7 +82,7 @@ function fTime($time, $gran = -1) {
 					</span>
 				</h3>
 				<div class="card-text">
-					<?= HTML::pruifier()->purify($user['motto']) ?>
+					<?= HTML::purifier_inline()->purify($user['motto']) ?>
 				</div>
 			</div>
 			<ul class="list-group list-group-flush">