0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 23:28:42 +00:00
htmlpurifier/plugins/phorum
2024-04-11 20:52:45 -04:00
..
htmlpurifier Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
settings PSR-2 reformatting PHPDoc corrections 2013-08-17 22:27:26 -04:00
.gitignore Ignore runtime files in Phorum plugin directory. 2008-10-11 23:20:12 -04:00
Changelog Release Phorum module 4.0.0. 2009-07-09 21:12:35 -04:00
config.default.php feat: add directive for removing blank nodes (#404) 2024-04-11 20:52:45 -04:00
htmlpurifier.php PSR-2 reformatting PHPDoc corrections 2013-08-17 22:27:26 -04:00
info.txt Release Phorum module 4.0.0. 2009-07-09 21:12:35 -04:00
init-config.php PSR-2 reformatting PHPDoc corrections 2013-08-17 22:27:26 -04:00
INSTALL Release Phorum module 4.0.0. 2009-07-09 21:12:35 -04:00
migrate.bbcode.php PSR-2 reformatting PHPDoc corrections 2013-08-17 22:27:26 -04:00
README Add vim modelines to all files. 2008-12-06 04:24:59 -05:00
settings.php Add vim modelines to all files. 2008-12-06 04:24:59 -05:00

HTML Purifier Phorum Mod - Filter your HTML the Standards-Compliant Way!

This Phorum mod enables HTML posting on Phorum.  Under normal circumstances,
this would cause a huge security risk, but because we are running
HTML through HTML Purifier, output is guaranteed to be XSS free and
standards-compliant.

This mod requires HTML input, and previous markup languages need to be
converted accordingly.  Thus, it is vital that you create a 'migrate.php'
file that works with your installation. If you're using the built-in
BBCode formatting, simply move migrate.bbcode.php to that place; for
other markup languages, consult said file for instructions on how
to adapt it to your needs.

    -- NOTE -------------------------------------------------
    You can also run this module in parallel with another
    formatting module; this module attempts to place itself
    at the end of the filtering chain. However, if any
    previous modules produce insecure HTML (for instance,
    a JavaScript email obfuscator) they will get cleaned.

This module will not work if 'migrate.php' is not created, and an improperly
made migration file may *CORRUPT* Phorum, so please take your time to
do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
before attempting anything here. If no migration is necessary, you can
simply create a blank migrate.php file. HTML Purifier is smart and will
not re-migrate already processed messages. However, the original code
is irretrievably lost (we may change this in the future.)

This module will not automatically migrate user signatures, because this
process may take a long time. After installing the HTML Purifier module and
then configuring 'migrate.php', navigate to Settings and click 'Migrate
Signatures' to migrate all user signatures to HTML.

All of HTML Purifier's usual functions are configurable via the mod settings
page. If you require custom configuration, create config.php file in
the mod directory that edits a $config variable. Be sure, also, to
set $PHORUM['mod_htmlpurifier']['wysiwyg'] to TRUE if you are using a
WYSIWYG editor (you can do this through a common hook or the web
configuration form).

Visit HTML Purifier at <http://htmlpurifier.org/>.

    vim: et sw=4 sts=4