From e71f73d81f6e7701ce0ef29a367fa794cebc9921 Mon Sep 17 00:00:00 2001 From: Baoshuo Date: Sun, 9 Oct 2022 21:33:13 +0800 Subject: [PATCH] refactor(web): add HTML::purifier_inline() function --- web/app/controllers/add_contest.php | 2 +- web/app/controllers/contest_manage.php | 2 +- .../subdomain/blog/self_reviews.php | 2 +- web/app/controllers/user_info.php | 2 +- web/app/libs/uoj-contest-lib.php | 2 +- web/app/libs/uoj-html-lib.php | 4 +- web/app/models/HTML.php | 38 ++++++++++++++++++- web/app/models/UOJBlogEditor.php | 2 +- web/app/views/page-header.php | 2 +- web/app/views/sidebar.php | 2 +- web/app/views/user-info.php | 2 +- 11 files changed, 47 insertions(+), 13 deletions(-) diff --git a/web/app/controllers/add_contest.php b/web/app/controllers/add_contest.php index 169ce0e..934cb52 100644 --- a/web/app/controllers/add_contest.php +++ b/web/app/controllers/add_contest.php @@ -46,7 +46,7 @@ $time_form->handle = function(&$vdata) { $start_time_str = $vdata['start_time']->format('Y-m-d H:i:s'); - $purifier = HTML::pruifier(); + $purifier = HTML::purifier_inline(); $esc_name = $_POST['name']; $esc_name = $purifier->purify($esc_name); diff --git a/web/app/controllers/contest_manage.php b/web/app/controllers/contest_manage.php index 920a6c7..3a0c36f 100644 --- a/web/app/controllers/contest_manage.php +++ b/web/app/controllers/contest_manage.php @@ -45,7 +45,7 @@ global $contest; $start_time_str = $vdata['start_time']->format('Y-m-d H:i:s'); - $purifier = HTML::pruifier(); + $purifier = HTML::purifier_inline(); $esc_name = $_POST['name']; $esc_name = $purifier->purify($esc_name); diff --git a/web/app/controllers/subdomain/blog/self_reviews.php b/web/app/controllers/subdomain/blog/self_reviews.php index e0074e4..cc9c736 100644 --- a/web/app/controllers/subdomain/blog/self_reviews.php +++ b/web/app/controllers/subdomain/blog/self_reviews.php @@ -50,7 +50,7 @@ $col_names = array('contest_id'); $n_contest_problems = count($contest_problems); $result = ''; - $purifier = HTML::pruifier(); + $purifier = HTML::purifier_inline(); for ($i = 0; $i < $n_contest_problems; $i++) { $problem_id = $contest_problems[$i]['problem_id']; diff --git a/web/app/controllers/user_info.php b/web/app/controllers/user_info.php index 379db11..d9b55c3 100644 --- a/web/app/controllers/user_info.php +++ b/web/app/controllers/user_info.php @@ -59,7 +59,7 @@

-
purify($user['motto']) ?>
+
purify($user['motto']) ?>
diff --git a/web/app/libs/uoj-contest-lib.php b/web/app/libs/uoj-contest-lib.php index 429fd0e..b1e03a6 100644 --- a/web/app/libs/uoj-contest-lib.php +++ b/web/app/libs/uoj-contest-lib.php @@ -112,7 +112,7 @@ function calcStandings($contest, $contest_data, &$score, &$standings, $update_co } if ($show_reviews) { - $purifier = HTML::pruifier(); + $purifier = HTML::purifier_inline(); foreach ($contest_data['people'] as $person) { foreach ($contest_data['problems'] as $key => $problem) { $review_result = DB::selectFirst("select content from contests_reviews where contest_id = {$contest['id']} and problem_id = {$problem} and poster = '{$person[0]}'"); diff --git a/web/app/libs/uoj-html-lib.php b/web/app/libs/uoj-html-lib.php index 9c335c5..207fafd 100644 --- a/web/app/libs/uoj-html-lib.php +++ b/web/app/libs/uoj-html-lib.php @@ -1,7 +1,5 @@ '.UOJLocale::get('solved').''; $header_row .= ''; - $purifier = HTML::pruifier(); + $purifier = HTML::purifier_inline(); $users = array(); $print_row = function($user, $now_cnt) use (&$users, $config, $purifier) { if (!$users) { diff --git a/web/app/models/HTML.php b/web/app/models/HTML.php index 7da6b03..b9b127f 100644 --- a/web/app/models/HTML.php +++ b/web/app/models/HTML.php @@ -142,7 +142,7 @@ class HTML { return implode("&", $r); } - public static function pruifier() { + public static function purifier() { include_once $_SERVER['DOCUMENT_ROOT'] . '/app/vendor/htmlpurifier/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); //$config->set('HTML.Doctype', 'HTML 4.01 Transitional'); @@ -158,4 +158,40 @@ class HTML { return new HTMLPurifier($config); } + + public static function purifier_inline() { + include_once $_SERVER['DOCUMENT_ROOT'] . '/app/vendor/htmlpurifier/HTMLPurifier.auto.php'; + + $allowed_html = [ + 'a' => ['href' => 'URI'], + 'b' => [], + 'i' => [], + 'u' => [], + 's' => [], + 'em' => [], + 'strong' => [], + 'sub' => [], + 'sup' => [], + 'small' => [], + 'del' => [], + 'br' => [], + ]; + + $config = HTMLPurifier_Config::createDefault(); + + $allowed_elements = []; + $allowed_attributes = []; + + foreach ($allowed_html as $element => $attributes) { + $allowed_elements[$element] = true; + foreach ($attributes as $attribute => $x) { + $allowed_attributes["$element.$attribute"] = true; + } + } + + $config->set('HTML.AllowedElements', $allowed_elements); + $config->set('HTML.AllowedAttributes', $allowed_attributes); + + return new HTMLPurifier($config); + } } diff --git a/web/app/models/UOJBlogEditor.php b/web/app/models/UOJBlogEditor.php index b48ddd2..a406225 100644 --- a/web/app/models/UOJBlogEditor.php +++ b/web/app/models/UOJBlogEditor.php @@ -101,7 +101,7 @@ class UOJBlogEditor { $this->post_data['is_hidden'] = isset($_POST["{$this->name}_is_hidden"]) ? 1 : 0; - $purifier = HTML::pruifier(); + $purifier = HTML::purifier(); $this->post_data['title'] = HTML::escape($this->post_data['title']); diff --git a/web/app/views/page-header.php b/web/app/views/page-header.php index e79023e..981e2ed 100644 --- a/web/app/views/page-header.php +++ b/web/app/views/page-header.php @@ -312,7 +312,7 @@ -
purify($group_announcement) ?>
+
purify($group_announcement) ?>
(暂无公告)
diff --git a/web/app/views/sidebar.php b/web/app/views/sidebar.php index c5175ce..c748b73 100644 --- a/web/app/views/sidebar.php +++ b/web/app/views/sidebar.php @@ -18,7 +18,7 @@
- purify($group_announcement) ?> + purify($group_announcement) ?>
(暂无公告)
diff --git a/web/app/views/user-info.php b/web/app/views/user-info.php index 5064159..688934c 100644 --- a/web/app/views/user-info.php +++ b/web/app/views/user-info.php @@ -82,7 +82,7 @@ function fTime($time, $gran = -1) {
- purify($user['motto']) ?> + purify($user['motto']) ?>