More updates for ver 3.0.0

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1502 48356398-32a2-884e-a903-53898d9a118a
2025-01-03 05:11:52 +00:00 · 2008-01-13 05:28:39 +00:00 · 2008-01-13 05:28:39 +00:00 · aca282104f
commit aca282104f
parent a8f7cddd49
8 changed files with 97 additions and 41 deletions
--- a/plugins/phorum/Changelog
+++ b/plugins/phorum/Changelog
@ -0,0 +1,19 @@
+Changelog                                         HTMLPurifier : Phorum Mod
+|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
+
+= KEY ====================
+    # Breaks back-compat
+    ! Feature
+    - Bugfix
+      + Sub-comment
+    . Internal change
+==========================
+
+Version 3.0.0 for Phorum 5.2, released January 12, 2008
+# WYSIWYG and suppress_message options are now configurable via web
+  interface.
+- Module now compatible with Phorum 5.2, primary bugs were in migration
+  code as well as signature and edit message handling. This module is NOT
+  compatible with Phorum 5.1.
+- Buggy WYSIWYG mode refined
+. AutoFormatParam added to list of default configuration namespaces
--- a/plugins/phorum/install.txt
+++ b/plugins/phorum/install.txt
@ -13,15 +13,31 @@ BBCode formatting, simply move migrate.bbcode.php to that place; for
 other markup languages, consult said file for instructions on how
 to adapt it to your needs.

+    -- NOTE -------------------------------------------------
+    You can also run this module in parallel with another
+    formatting module; this module attempts to place itself
+    at the end of the filtering chain. However, if any
+    previous modules produce insecure HTML (for instance,
+    a JavaScript email obfuscator) they will get cleaned.
+
 This module will not work if 'migrate.php' is not created, and an improperly
 made migration file may *CORRUPT* Phorum, so please take your time to
 do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
-before attempting anything here.
+before attempting anything here. If no migration is necessary, you can
+simply create a blank migrate.php file. HTML Purifier is smart and will
+not re-migrate already processed messages. However, the original code
+is irretrievably lost (we may change this in the future.)

 This module will not automatically migrate user signatures, because this
 process may take a long time. After installing the HTML Purifier module and
 then configuring 'migrate.php', navigate to Settings and click 'Migrate
-Signatures' to migrate all user signatures.
+Signatures' to migrate all user signatures to HTML.

-Visit HTML Purifier at <http://htmlpurifier.org/>. May the force
-be with you.
+All of HTML Purifier's usual functions are configurable via the mod settings
+page. If you require custom configuration, create config.php file in
+the mod directory that edits a $config variable. Be sure, also, to
+set $PHORUM['mod_htmlpurifier']['wysiwyg'] to TRUE if you are using a
+WYSIWYG editor (you can do this through a common hook or the web
+configuration form).
+
+Visit HTML Purifier at <http://htmlpurifier.org/>.
--- a/plugins/phorum/htmlpurifier.php
+++ b/plugins/phorum/htmlpurifier.php
@ -17,8 +17,7 @@
 * administrators who need to edit other people's comments may be at
 * risk for some nasty attacks.
 * 
- * Tested with Phorum 5.1.22. This module will almost definitely need
- * to be upgraded when Phorum 6 rolls around.
+ * Tested with Phorum 5.2.6.
 */

 // Note: Cache data is base64 encoded because Phorum insists on flinging
@ -121,8 +120,8 @@ function phorum_htmlpurifier_format($data)
 }

 // -----------------------------------------------------------------------
-// This is fragile code, copied from read.php:596 (Phorum 5.2.6). It will break if
-// that is changed
+// This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
+// keep this code in-sync with Phorum

 /**
 * Generates a signature based on a message array
@ -162,11 +161,11 @@ function phorum_htmlpurifier_generate_editmessage($row) {
 * @param $row Message passed by reference
 */
 function phorum_htmlpurifier_remove_sig_and_editmessage(&$row) {
-    // attempt to remove the Phorum's pre-processing:
-    // we must not process the signature or editmessage
    $signature = phorum_htmlpurifier_generate_sig($row);
    $editmessage = phorum_htmlpurifier_generate_editmessage($row);
    $replacements = array();
+    // we need to remove add <phorum break> as that is the form these
+    // extra bits are in.
    if ($signature) $replacements[str_replace("\n", "<phorum break>\n", $signature)] = '';
    if ($editmessage) $replacements[str_replace("\n", "<phorum break>\n", $editmessage)] = '';
    $row['body'] = strtr($row['body'], $replacements);
@ -176,7 +175,7 @@ function phorum_htmlpurifier_remove_sig_and_editmessage(&$row) {
 /**
 * Indicate that data is fully HTML and not from migration, invalidate
 * previous caches
- * @note This function used to generate the actual cache entries, but
+ * @note This function could generate the actual cache entries, but
 *       since there's data missing that must be deferred to the first read
 */
 function phorum_htmlpurifier_posting($message) {
@ -222,24 +221,6 @@ function phorum_htmlpurifier_common() {
        exit;
    }
    
-    // see if our hooks need to be bubbled to the end
-    phorum_htmlpurifier_bubble_hook('format');
-    
-}
-
-function phorum_htmlpurifier_bubble_hook($hook) {
-    global $PHORUM;
-    $our_idx = null;
-    $last_idx = null;
-    if (!isset($PHORUM['hooks'][$hook]['mods'])) return;
-    foreach ($PHORUM['hooks'][$hook]['mods'] as $idx => $mod) {
-        if ($mod == 'htmlpurifier') $our_idx = $idx;
-        $last_idx = $idx;
-    }
-    list($mod) = array_splice($PHORUM['hooks'][$hook]['mods'], $our_idx, 1);
-    $PHORUM['hooks'][$hook]['mods'][] = $mod;
-    list($func) = array_splice($PHORUM['hooks'][$hook]['funcs'], $our_idx, 1);
-    $PHORUM['hooks'][$hook]['funcs'][] = $func;
 }

 /**
@ -253,9 +234,10 @@ function phorum_htmlpurifier_before_editor($message) {
            // de-entity-ize contents
            $body = str_replace(array('&lt;','&gt;','&amp;'), array('<','>','&'), $body);
            $purifier =& HTMLPurifier::getInstance();
-            $body = $purifier->purify($message['body']);
+            $body = $purifier->purify($body);
            // re-entity-ize contents
            $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
+            $message['body'] = $body;
        }
    }
    return $message;
@ -264,7 +246,22 @@ function phorum_htmlpurifier_before_editor($message) {
 function phorum_htmlpurifier_editor_after_subject() {
    // don't show this message if it's a WYSIWYG editor, since it will
    // then be handled automatically
-    if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) return;
+    if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
+        $i = $GLOBALS['PHORUM']['DATA']['MODE'];
+        if ($i == 'quote' || $i == 'edit' || $i == 'moderation') {
+          ?>
+          <div>
+            <p>
+              <strong>Notice:</strong> HTML has been scrubbed for your safety.
+              If you would like to see the original, turn off WYSIWYG mode
+              (consult your administrator for details.)
+            </p>
+          </div>
+          <?php
+        }
+        return;
+    }
+    if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message'])) return;
    ?><div class="htmlpurifier-help">
    <p>
        <strong>HTML input</strong> is enabled. Make sure you escape all HTML and
--- a/plugins/phorum/info.txt
+++ b/plugins/phorum/info.txt
@ -1,8 +1,16 @@
+title:   HTML Purifier Phorum Mod
+desc:    This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
+author:  Edward Z. Yang
+url:     http://htmlpurifier.org/
+version: 3.0.0
+
 hook:  format|phorum_htmlpurifier_format
 hook:  quote|phorum_htmlpurifier_quote
 hook:  posting_custom_action|phorum_htmlpurifier_posting
 hook:  common|phorum_htmlpurifier_common
 hook:  before_editor|phorum_htmlpurifier_before_editor
 hook:  tpl_editor_after_subject|phorum_htmlpurifier_editor_after_subject
-title: HTML Purifier Phorum Mod
-desc:  This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
+
+# This module is meant to be a drop-in for bbcode, so make it run last.
+priority: run module after *
+priority: run hook format after *
--- a/plugins/phorum/migrate.bbcode.php
+++ b/plugins/phorum/migrate.bbcode.php
@ -11,7 +11,8 @@
 * If you do NOT want to have any migration performed (for instance, you
 * are installing the module on a new forum with no posts), simply remove
 * phorum_htmlpurifier_migrate() function. You still need migrate.php
- * present, otherwise the module won't work.
+ * present, otherwise the module won't work. This ensures that the user
+ * explicitly says, "No, I do not need to migrate."
 */

 if(!defined("PHORUM")) exit;
--- a/plugins/phorum/settings.php
+++ b/plugins/phorum/settings.php
@ -38,7 +38,7 @@ $PHORUM['mod_htmlpurifier']['directives'] = array(
    'HTML.Allowed',
    'AutoFormat',
    '-AutoFormat.Custom',
-    '-AutoFormat.PurifierLinkify',
+    'AutoFormatParam',
    'Output.TidyFormat',
 );

--- a/plugins/phorum/settings/form.php
+++ b/plugins/phorum/settings/form.php
@ -20,6 +20,17 @@ function phorum_htmlpurifier_show_form() {
    
    $frm->addbreak("Edit settings for the HTML Purifier module");
    
+    $frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'wysiwyg\']</code>.
+    When checked, contents sent for edit are now purified and the
+    informative message is disabled. If your WYSIWYG editor is disabled for
+    admin edits, you can safely keep this unchecked.</p>');
+    $frm->addRow('Use WYSIWYG?', $frm->checkbox('wysiwyg', '1', '', $PHORUM['mod_htmlpurifier']['wysiwyg']));
+    
+    $frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'suppress_message\']</code>,
+    which removes the big how-to use
+    HTML Purifier message.</p>');
+    $frm->addRow('Suppress information?', $frm->checkbox('suppress_message', '1', '', $PHORUM['mod_htmlpurifier']['suppress_message']));
+    
    $frm->addMessage('<p>Click on directive links to read what each option does
    (links do not open in new windows).</p>
    <p>For more flexibility (for instance, you want to edit the full
@ -63,6 +74,8 @@ function phorum_htmlpurifier_show_config_info() {
          A <tt>config.php</tt> file exists in your <tt>mods/htmlpurifier/</tt>
          directory. This file contains your custom configuration: in order to
          change it, please navigate to that file and edit it accordingly.
+          You can also set <code>$GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg']</code>
+          or <code>$GLOBALS['PHORUM']['mod_htmlpurifier']['suppress_message']</code>
        </p>
        <p>
          To use the web interface, delete <tt>config.php</tt> (or rename it to
--- a/plugins/phorum/settings/save.php
+++ b/plugins/phorum/settings/save.php
@ -9,11 +9,13 @@ function phorum_htmlpurifier_save_settings() {
        $config = phorum_htmlpurifier_get_config();
        if (!isset($_POST['reset'])) $config->mergeArrayFromForm($_POST, 'config', $PHORUM['mod_htmlpurifier']['directives']);
        $PHORUM['mod_htmlpurifier']['config'] = $config->getAll();
-        if(!phorum_htmlpurifier_commit_settings()){
-            $error="Database error while updating settings.";
-        } else {
-            echo "Settings Updated<br />";
-        }
+    }
+    $PHORUM['mod_htmlpurifier']['wysiwyg'] = !empty($_POST['wysiwyg']);
+    $PHORUM['mod_htmlpurifier']['suppress_message'] = !empty($_POST['suppress_message']);
+    if(!phorum_htmlpurifier_commit_settings()){
+        $error="Database error while updating settings.";
+    } else {
+        echo "Settings Updated<br />";
    }
 }