diff --git a/web/app/controllers/add_contest.php b/web/app/controllers/add_contest.php
index 169ce0e..934cb52 100644
--- a/web/app/controllers/add_contest.php
+++ b/web/app/controllers/add_contest.php
@@ -46,7 +46,7 @@
$time_form->handle = function(&$vdata) {
$start_time_str = $vdata['start_time']->format('Y-m-d H:i:s');
- $purifier = HTML::pruifier();
+ $purifier = HTML::purifier_inline();
$esc_name = $_POST['name'];
$esc_name = $purifier->purify($esc_name);
diff --git a/web/app/controllers/contest_manage.php b/web/app/controllers/contest_manage.php
index 920a6c7..3a0c36f 100644
--- a/web/app/controllers/contest_manage.php
+++ b/web/app/controllers/contest_manage.php
@@ -45,7 +45,7 @@
global $contest;
$start_time_str = $vdata['start_time']->format('Y-m-d H:i:s');
- $purifier = HTML::pruifier();
+ $purifier = HTML::purifier_inline();
$esc_name = $_POST['name'];
$esc_name = $purifier->purify($esc_name);
diff --git a/web/app/controllers/subdomain/blog/self_reviews.php b/web/app/controllers/subdomain/blog/self_reviews.php
index e0074e4..cc9c736 100644
--- a/web/app/controllers/subdomain/blog/self_reviews.php
+++ b/web/app/controllers/subdomain/blog/self_reviews.php
@@ -50,7 +50,7 @@ $col_names = array('contest_id');
$n_contest_problems = count($contest_problems);
$result = '';
- $purifier = HTML::pruifier();
+ $purifier = HTML::purifier_inline();
for ($i = 0; $i < $n_contest_problems; $i++) {
$problem_id = $contest_problems[$i]['problem_id'];
diff --git a/web/app/controllers/user_info.php b/web/app/controllers/user_info.php
index 379db11..d9b55c3 100644
--- a/web/app/controllers/user_info.php
+++ b/web/app/controllers/user_info.php
@@ -59,7 +59,7 @@
-
purify($user['motto']) ?>
+
purify($user['motto']) ?>
diff --git a/web/app/libs/uoj-contest-lib.php b/web/app/libs/uoj-contest-lib.php
index 429fd0e..b1e03a6 100644
--- a/web/app/libs/uoj-contest-lib.php
+++ b/web/app/libs/uoj-contest-lib.php
@@ -112,7 +112,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co
}
if ($show_reviews) {
- $purifier = HTML::pruifier();
+ $purifier = HTML::purifier_inline();
foreach ($contest_data['people'] as $person) {
foreach ($contest_data['problems'] as $key => $problem) {
$review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = {$problem} and poster = '{$person[0]}'");
diff --git a/web/app/libs/uoj-html-lib.php b/web/app/libs/uoj-html-lib.php
index 9c335c5..207fafd 100644
--- a/web/app/libs/uoj-html-lib.php
+++ b/web/app/libs/uoj-html-lib.php
@@ -1,7 +1,5 @@
'.UOJLocale::get('solved').'';
$header_row .= '';
- $purifier = HTML::pruifier();
+ $purifier = HTML::purifier_inline();
$users = array();
$print_row = function($user, $now_cnt) use (&$users, $config, $purifier) {
if (!$users) {
diff --git a/web/app/models/HTML.php b/web/app/models/HTML.php
index 7da6b03..b9b127f 100644
--- a/web/app/models/HTML.php
+++ b/web/app/models/HTML.php
@@ -142,7 +142,7 @@ class HTML {
return implode("&", $r);
}
- public static function pruifier() {
+ public static function purifier() {
include_once $_SERVER['DOCUMENT_ROOT'] . '/app/vendor/htmlpurifier/HTMLPurifier.auto.php';
$config = HTMLPurifier_Config::createDefault();
//$config->set('HTML.Doctype', 'HTML 4.01 Transitional');
@@ -158,4 +158,40 @@ class HTML {
return new HTMLPurifier($config);
}
+
+ public static function purifier_inline() {
+ include_once $_SERVER['DOCUMENT_ROOT'] . '/app/vendor/htmlpurifier/HTMLPurifier.auto.php';
+
+ $allowed_html = [
+ 'a' => ['href' => 'URI'],
+ 'b' => [],
+ 'i' => [],
+ 'u' => [],
+ 's' => [],
+ 'em' => [],
+ 'strong' => [],
+ 'sub' => [],
+ 'sup' => [],
+ 'small' => [],
+ 'del' => [],
+ 'br' => [],
+ ];
+
+ $config = HTMLPurifier_Config::createDefault();
+
+ $allowed_elements = [];
+ $allowed_attributes = [];
+
+ foreach ($allowed_html as $element => $attributes) {
+ $allowed_elements[$element] = true;
+ foreach ($attributes as $attribute => $x) {
+ $allowed_attributes["$element.$attribute"] = true;
+ }
+ }
+
+ $config->set('HTML.AllowedElements', $allowed_elements);
+ $config->set('HTML.AllowedAttributes', $allowed_attributes);
+
+ return new HTMLPurifier($config);
+ }
}
diff --git a/web/app/models/UOJBlogEditor.php b/web/app/models/UOJBlogEditor.php
index b48ddd2..a406225 100644
--- a/web/app/models/UOJBlogEditor.php
+++ b/web/app/models/UOJBlogEditor.php
@@ -101,7 +101,7 @@ class UOJBlogEditor {
$this->post_data['is_hidden'] = isset($_POST["{$this->name}_is_hidden"]) ? 1 : 0;
- $purifier = HTML::pruifier();
+ $purifier = HTML::purifier();
$this->post_data['title'] = HTML::escape($this->post_data['title']);
diff --git a/web/app/views/page-header.php b/web/app/views/page-header.php
index e79023e..981e2ed 100644
--- a/web/app/views/page-header.php
+++ b/web/app/views/page-header.php
@@ -312,7 +312,7 @@
- purify($group_announcement) ?>
+ purify($group_announcement) ?>
(暂无公告)
diff --git a/web/app/views/sidebar.php b/web/app/views/sidebar.php
index c5175ce..c748b73 100644
--- a/web/app/views/sidebar.php
+++ b/web/app/views/sidebar.php
@@ -18,7 +18,7 @@
- purify($group_announcement) ?>
+ purify($group_announcement) ?>
(暂无公告)
diff --git a/web/app/views/user-info.php b/web/app/views/user-info.php
index 5064159..688934c 100644
--- a/web/app/views/user-info.php
+++ b/web/app/views/user-info.php
@@ -82,7 +82,7 @@ function fTime($time, $gran = -1) {
- purify($user['motto']) ?>
+ purify($user['motto']) ?>