$message){ if(isset($message['body'])) { if (isset($message['meta']['htmlpurifier_light'])) { // format hook was called outside of Phorum's normal // functions, do the abridged purification $data[$message_id]['body'] = $purifier->purify($message['body']); continue; } if (isset($_GET['purge'])) { // purge the cache unset($message['meta']['body_cache']); } if ( isset($message['meta']['body_cache']) && isset($message['meta']['body_cache_serial']) && $message['meta']['body_cache_serial'] == $cache_serial ) { // cached version is present, bail out early $data[$message_id]['body'] = base64_decode($message['meta']['body_cache']); continue; } // migration might edit this array, that's why it's defined // so early $updated_message = array(); // create the $body variable if ( !isset($message['meta']['body_cache_serial']) ) { // perform migration $fake_data = array(); $fake_data[$message_id] = $message; $fake_data = phorum_htmlpurifier_migrate($fake_data); $body = $fake_data[$message_id]['body']; $body = str_replace("", '', $body); $updated_message['body'] = $body; // save it in } else { // reverse Phorum's pre-processing $body = $message['body']; // order is important $body = str_replace(array('<','>','&'), array('<','>','&'), $body); $body = str_replace("\n", "\n", $body); } $body = $purifier->purify($body); // dynamically update the cache // this is inefficient on the first read, but the cache // catches will more than make up for it // this should ONLY be called on read, for posting and preview // phorum_htmlpurifier_posting should do the trick $updated_message['meta'] = $message['meta']; $updated_message['meta']['body_cache'] = base64_encode($body); $updated_message['meta']['body_cache_serial'] = $cache_serial; phorum_db_update_message($message_id, $updated_message); // must not get overloaded until after we cache it $data[$message_id]['body'] = $body; } } return $data; } /** * Generate necessary cache and serial entries when a posting action happens */ function phorum_htmlpurifier_posting($message) { $PHORUM = $GLOBALS["PHORUM"]; $fake_data = array($message); // this is a temporary attribute $fake_data[0]['meta']['htmlpurifier_light'] = true; // only purify, please list($changed_message) = phorum_hook('format', $fake_data); $message['meta']['body_cache'] = base64_encode($changed_message['body']); $message['meta']['body_cache_serial'] = $PHORUM['mod_htmlpurifier']['body_cache_serial']; return $message; } /** * Overload quoting mechanism to prevent default, mail-style quote from happening */ function phorum_htmlpurifier_quote($array) { $PHORUM = $GLOBALS["PHORUM"]; $purifier =& HTMLPurifier::getInstance(); $text = $purifier->purify($array[1]); return "
\n$text\n
"; } /** * Ensure that our format hook is processed last. Also, loads the library. * @credits */ function phorum_htmlpurifier_common() { require_once (dirname(__FILE__).'/htmlpurifier/HTMLPurifier.auto.php'); $config_exists = file_exists(dirname(__FILE__) . '/config.php'); if ($config_exists || !isset($PHORUM['mod_htmlpurifier']['config'])) { $config = HTMLPurifier_Config::createDefault(); include(dirname(__FILE__) . '/config.default.php'); if ($config_exists) { include(dirname(__FILE__) . '/config.php'); } } else { // used cached version that was constructed from web interface $config = HTMLPurifier_Config::create($PHORUM['mod_htmlpurifier']['config']); } HTMLPurifier::getInstance($config); // increment revision.txt if you want to invalidate the cache $GLOBALS['PHORUM']['mod_htmlpurifier']['body_cache_serial'] = $config->getSerial(); // load migration if (file_exists(dirname(__FILE__) . '/migrate.php')) { include(dirname(__FILE__) . '/migrate.php'); } else { echo 'Error: No migration path specified for HTML Purifier, please check modes/htmlpurifier/migrate.bbcode.php for instructions on how to migrate from your previous markup language.'; exit; } // see if our hooks need to be bubbled to the end phorum_htmlpurifier_bubble_hook('format'); } function phorum_htmlpurifier_bubble_hook($hook) { global $PHORUM; $our_idx = null; $last_idx = null; if (!isset($PHORUM['hooks'][$hook]['mods'])) return; foreach ($PHORUM['hooks'][$hook]['mods'] as $idx => $mod) { if ($mod == 'htmlpurifier') $our_idx = $idx; $last_idx = $idx; } list($mod) = array_splice($PHORUM['hooks'][$hook]['mods'], $our_idx, 1); $PHORUM['hooks'][$hook]['mods'][] = $mod; list($func) = array_splice($PHORUM['hooks'][$hook]['funcs'], $our_idx, 1); $PHORUM['hooks'][$hook]['funcs'][] = $func; } /** * Pre-emptively performs purification if it looks like a WYSIWYG editor * is being used */ function phorum_htmlpurifier_before_editor($message) { if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) { if (!empty($message['body'])) { $body = $message['body']; // de-entity-ize contents $body = str_replace(array('<','>','&'), array('<','>','&'), $body); $purifier =& HTMLPurifier::getInstance(); $body = $purifier->purify($message['body']); // re-entity-ize contents $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']); } } return $message; } function phorum_htmlpurifier_editor_after_subject() { if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) return; ?> HTML input is on. Make sure you escape all HTML and angled-brackets with &lt; and &gt; (you can also use CDATA tags, simply wrap the suspect text with <![CDATA[text]]>. Paragraphs will only be applied to double-spaces; single-spaces will not generate <br> tags.