mirror of
https://github.com/ezyang/htmlpurifier.git
synced 2024-11-09 15:28:40 +00:00
[Phorum] Double-reverse control.php's double-escaping
- Implement signature migration git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1297 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
parent
f6de73d7e7
commit
88d014706b
@ -92,6 +92,10 @@ function phorum_htmlpurifier_format($data)
|
||||
// order is important
|
||||
$body = str_replace("<phorum break>\n", "\n", $body);
|
||||
$body = str_replace(array('<','>','&'), array('<','>','&'), $body);
|
||||
if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
|
||||
// we're in control.php, so it was double-escaped
|
||||
$body = str_replace(array('<','>','&', '"'), array('<','>','&','"'), $body);
|
||||
}
|
||||
}
|
||||
|
||||
$body = $purifier->purify($body);
|
||||
|
@ -18,6 +18,11 @@ made migration file may *CORRUPT* Phorum, so please take your time to
|
||||
do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
|
||||
before attempting anything here.
|
||||
|
||||
This module will not automatically migrate user signatures, because this
|
||||
process may take a long time. After installing the HTML Purifier module and
|
||||
then configuring 'migrate.php', navigate to Settings and click 'Migrate
|
||||
Signatures' to migrate all user signatures.
|
||||
|
||||
The version of HTML Purifier bundled with is a custom modified 2.0.1.
|
||||
Do not attempt to replace it with a version equal to or less than
|
||||
downloaded from the HTML Purifier website: the module will combust
|
||||
|
@ -49,8 +49,83 @@ if ($config_exists || !isset($PHORUM['mod_htmlpurifier']['config'])) {
|
||||
$config = HTMLPurifier_Config::create($PHORUM['mod_htmlpurifier']['config']);
|
||||
}
|
||||
|
||||
// save settings
|
||||
if(!empty($_POST)){
|
||||
$offset = 0;
|
||||
if (!empty($_POST['migrate-sigs'])) {
|
||||
if (!isset($_POST['confirmation']) || strtolower($_POST['confirmation']) !== 'yes') {
|
||||
echo 'Invalid confirmation code.';
|
||||
exit;
|
||||
}
|
||||
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = true;
|
||||
phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
|
||||
$offset = 1;
|
||||
} elseif (!empty($_GET['migrate-sigs']) && $PHORUM['mod_htmlpurifier']['migrate-sigs']) {
|
||||
$offset = (int) $_GET['migrate-sigs'];
|
||||
}
|
||||
|
||||
// lower this setting if you're getting time outs/out of memory
|
||||
$increment = 100;
|
||||
|
||||
if ($offset) do {
|
||||
require_once 'migrate.php';
|
||||
// migrate signatures
|
||||
// do this in batches so we don't run out of time/space
|
||||
$end = $offset + $increment;
|
||||
$user_ids = array();
|
||||
for ($i = $offset; $i < $end; $i++) {
|
||||
$user_ids[] = $i;
|
||||
}
|
||||
$userinfos = phorum_db_user_get_fields($user_ids, 'signature');
|
||||
foreach ($userinfos as $i => $user) {
|
||||
if (empty($user['signature'])) continue;
|
||||
$sig = $user['signature'];
|
||||
// perform standard Phorum processing on the sig
|
||||
$sig = str_replace(array("&","<",">"), array("&","<",">"), $sig);
|
||||
$sig = preg_replace("/<((http|https|ftp):\/\/[a-z0-9;\/\?:@=\&\$\-_\.\+!*'\(\),~%]+?)>/i", "$1", $sig);
|
||||
// prepare fake data to pass to migration function
|
||||
$fake_data = array(array("author"=>"", "email"=>"", "subject"=>"", 'body' => $sig));
|
||||
list($fake_message) = phorum_htmlpurifier_migrate($fake_data);
|
||||
$user['signature'] = $fake_message['body'];
|
||||
if (!phorum_user_save($user)) {
|
||||
exit('Error while saving user data');
|
||||
}
|
||||
}
|
||||
unset($userinfos); // free up memory
|
||||
|
||||
// query for highest ID in database
|
||||
$type = $PHORUM['DBCONFIG']['type'];
|
||||
if ($type == 'mysql') {
|
||||
$conn = phorum_db_mysql_connect();
|
||||
$sql = "select MAX(user_id) from {$PHORUM['user_table']}";
|
||||
$res = mysql_query($sql, $conn);
|
||||
$row = mysql_fetch_row($res);
|
||||
$top_id = (int) $row[0];
|
||||
} elseif ($type == 'mysqli') {
|
||||
$conn = phorum_db_mysqli_connect();
|
||||
$sql = "select MAX(user_id) from {$PHORUM['user_table']}";
|
||||
$res = mysqli_query($conn, $sql);
|
||||
$row = mysqli_fetch_row($res);
|
||||
$top_id = (int) $row[0];
|
||||
} else {
|
||||
exit('Unrecognized database!');
|
||||
}
|
||||
|
||||
$offset += $increment;
|
||||
if ($offset > $top_id) { // test for end condition
|
||||
echo 'Migration finished';
|
||||
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = false;
|
||||
phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
|
||||
continue;
|
||||
}
|
||||
$host = $_SERVER['HTTP_HOST'];
|
||||
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
|
||||
$extra = 'admin.php?module=modsettings&mod=htmlpurifier&migrate-sigs=' . $offset;
|
||||
// relies on output buffering to work
|
||||
header("Location: http://$host$uri/$extra");
|
||||
exit;
|
||||
} while (0);
|
||||
|
||||
if(!empty($_POST) && !$offset){
|
||||
// save settings
|
||||
if ($config_exists) {
|
||||
echo "Cannot update settings, <code>mods/htmlpurifier/config.php</code> already exists. To change
|
||||
settings, edit that file. To use the web form, delete that file.<br />";
|
||||
@ -96,6 +171,24 @@ if ($config_exists) {
|
||||
// output form
|
||||
require_once './include/admin/PhorumInputForm.php';
|
||||
|
||||
$frm_migrate = new PhorumInputForm ('', "post", "Migrate");
|
||||
$frm_migrate->hidden("module", "modsettings");
|
||||
$frm_migrate->hidden("mod", "htmlpurifier");
|
||||
$frm_migrate->hidden("migrate-sigs", "1");
|
||||
$frm_migrate->addbreak("Migrate user signatures to HTML");
|
||||
$frm_migrate->addMessage('This operation will migrate your users signatures
|
||||
to HTML. This process is irreversible and must only be performed once.
|
||||
Type in yes in the confirmation field to migrate.');
|
||||
if (!file_exists(dirname(__FILE__) . '/migrate.php')) {
|
||||
$frm_migrate->addMessage('Migration file does not exist, cannot migrate signatures.
|
||||
Please check <tt>migrate.bbcode.php</tt> on how to create an appropriate file.');
|
||||
} else {
|
||||
$frm_migrate->addrow('Confirm:', $frm_migrate->text_box("confirmation", ""));
|
||||
}
|
||||
$frm_migrate->show();
|
||||
|
||||
echo '<br />';
|
||||
|
||||
$frm = new PhorumInputForm ("", "post", "Save");
|
||||
$frm->hidden("module", "modsettings");
|
||||
$frm->hidden("mod", "htmlpurifier"); // this is the directory name that the Settings file lives in
|
||||
@ -131,4 +224,5 @@ if ($config_exists) {
|
||||
echo '<script type="text/javascript">'."<!--\n$js\n//-->".'</script>';
|
||||
|
||||
$frm->show();
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user