0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00

[Phorum] Double-reverse control.php's double-escaping

- Implement signature migration

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1297 48356398-32a2-884e-a903-53898d9a118a
This commit is contained in:
Edward Z. Yang 2007-06-29 20:00:38 +00:00
parent f6de73d7e7
commit 88d014706b
3 changed files with 105 additions and 2 deletions

View File

@ -92,6 +92,10 @@ function phorum_htmlpurifier_format($data)
// order is important
$body = str_replace("<phorum break>\n", "\n", $body);
$body = str_replace(array('&lt;','&gt;','&amp;'), array('<','>','&'), $body);
if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
// we're in control.php, so it was double-escaped
$body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
}
}
$body = $purifier->purify($body);

View File

@ -18,6 +18,11 @@ made migration file may *CORRUPT* Phorum, so please take your time to
do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
before attempting anything here.
This module will not automatically migrate user signatures, because this
process may take a long time. After installing the HTML Purifier module and
then configuring 'migrate.php', navigate to Settings and click 'Migrate
Signatures' to migrate all user signatures.
The version of HTML Purifier bundled with is a custom modified 2.0.1.
Do not attempt to replace it with a version equal to or less than
downloaded from the HTML Purifier website: the module will combust

View File

@ -49,8 +49,83 @@ if ($config_exists || !isset($PHORUM['mod_htmlpurifier']['config'])) {
$config = HTMLPurifier_Config::create($PHORUM['mod_htmlpurifier']['config']);
}
// save settings
if(!empty($_POST)){
$offset = 0;
if (!empty($_POST['migrate-sigs'])) {
if (!isset($_POST['confirmation']) || strtolower($_POST['confirmation']) !== 'yes') {
echo 'Invalid confirmation code.';
exit;
}
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = true;
phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
$offset = 1;
} elseif (!empty($_GET['migrate-sigs']) && $PHORUM['mod_htmlpurifier']['migrate-sigs']) {
$offset = (int) $_GET['migrate-sigs'];
}
// lower this setting if you're getting time outs/out of memory
$increment = 100;
if ($offset) do {
require_once 'migrate.php';
// migrate signatures
// do this in batches so we don't run out of time/space
$end = $offset + $increment;
$user_ids = array();
for ($i = $offset; $i < $end; $i++) {
$user_ids[] = $i;
}
$userinfos = phorum_db_user_get_fields($user_ids, 'signature');
foreach ($userinfos as $i => $user) {
if (empty($user['signature'])) continue;
$sig = $user['signature'];
// perform standard Phorum processing on the sig
$sig = str_replace(array("&","<",">"), array("&amp;","&lt;","&gt;"), $sig);
$sig = preg_replace("/<((http|https|ftp):\/\/[a-z0-9;\/\?:@=\&\$\-_\.\+!*'\(\),~%]+?)>/i", "$1", $sig);
// prepare fake data to pass to migration function
$fake_data = array(array("author"=>"", "email"=>"", "subject"=>"", 'body' => $sig));
list($fake_message) = phorum_htmlpurifier_migrate($fake_data);
$user['signature'] = $fake_message['body'];
if (!phorum_user_save($user)) {
exit('Error while saving user data');
}
}
unset($userinfos); // free up memory
// query for highest ID in database
$type = $PHORUM['DBCONFIG']['type'];
if ($type == 'mysql') {
$conn = phorum_db_mysql_connect();
$sql = "select MAX(user_id) from {$PHORUM['user_table']}";
$res = mysql_query($sql, $conn);
$row = mysql_fetch_row($res);
$top_id = (int) $row[0];
} elseif ($type == 'mysqli') {
$conn = phorum_db_mysqli_connect();
$sql = "select MAX(user_id) from {$PHORUM['user_table']}";
$res = mysqli_query($conn, $sql);
$row = mysqli_fetch_row($res);
$top_id = (int) $row[0];
} else {
exit('Unrecognized database!');
}
$offset += $increment;
if ($offset > $top_id) { // test for end condition
echo 'Migration finished';
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = false;
phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
continue;
}
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'admin.php?module=modsettings&mod=htmlpurifier&migrate-sigs=' . $offset;
// relies on output buffering to work
header("Location: http://$host$uri/$extra");
exit;
} while (0);
if(!empty($_POST) && !$offset){
// save settings
if ($config_exists) {
echo "Cannot update settings, <code>mods/htmlpurifier/config.php</code> already exists. To change
settings, edit that file. To use the web form, delete that file.<br />";
@ -96,6 +171,24 @@ if ($config_exists) {
// output form
require_once './include/admin/PhorumInputForm.php';
$frm_migrate = new PhorumInputForm ('', "post", "Migrate");
$frm_migrate->hidden("module", "modsettings");
$frm_migrate->hidden("mod", "htmlpurifier");
$frm_migrate->hidden("migrate-sigs", "1");
$frm_migrate->addbreak("Migrate user signatures to HTML");
$frm_migrate->addMessage('This operation will migrate your users signatures
to HTML. This process is irreversible and must only be performed once.
Type in yes in the confirmation field to migrate.');
if (!file_exists(dirname(__FILE__) . '/migrate.php')) {
$frm_migrate->addMessage('Migration file does not exist, cannot migrate signatures.
Please check <tt>migrate.bbcode.php</tt> on how to create an appropriate file.');
} else {
$frm_migrate->addrow('Confirm:', $frm_migrate->text_box("confirmation", ""));
}
$frm_migrate->show();
echo '<br />';
$frm = new PhorumInputForm ("", "post", "Save");
$frm->hidden("module", "modsettings");
$frm->hidden("mod", "htmlpurifier"); // this is the directory name that the Settings file lives in
@ -131,4 +224,5 @@ if ($config_exists) {
echo '<script type="text/javascript">'."<!--\n$js\n//-->".'</script>';
$frm->show();
}