[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] [18554] modernise and add support for html datatype
|
From: |
Dave Hall |
|
Subject: |
[Phpgroupware-cvs] [18554] modernise and add support for html datatype |
|
Date: |
Sun, 01 Jun 2008 01:01:04 +0000 |
Revision: 18554
http://svn.sv.gnu.org/viewvc/?view=rev&root=phpgroupware&revision=18554
Author: skwashd
Date: 2008-06-01 01:01:03 +0000 (Sun, 01 Jun 2008)
Log Message:
-----------
modernise and add support for html datatype
Modified Paths:
--------------
trunk/phpgwapi/inc/class.phpgw.inc.php
Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php 2008-06-01 00:58:36 UTC (rev
18553)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php 2008-06-01 01:01:03 UTC (rev
18554)
@@ -1,58 +1,71 @@
<?php
/**
- * Parent class. Has a few functions but is more importantly used as a
parent class for everything else.
+ * Global ugliness class
+ *
+ * @author Dave Hall <address@hidden>
* @author Dan Kuykendall <address@hidden>
* @author Joseph Engo <address@hidden>
- * @copyright Copyright (C) 2000-2004 Free Software Foundation, Inc.
http://www.fsf.org/
+ * @copyright Copyright (C) 2000-2008 Free Software Foundation, Inc.
http://www.fsf.org/
* @license http://www.fsf.org/licenses/lgpl.html GNU Lesser General
Public License
- * @package phpgwapi
- * @subpackage application
+ * @package phpgroupware
+ * @subpackage phpgwapi
* @version $Id$
*/
+ /*
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
/**
- * Parent class. Has a few functions but is more importantly used as a
parent class for everything else.
+ * Global ugliness class
*
- * @package phpgwapi
- * @subpackage application
+ * Here lives all the code which makes the API tick and makes any
serious
+ * refactoring almost impossible
+ *
+ * @package phpgroupware
+ * @subpackage phpgwapi
*/
class phpgw
{
- var $accounts;
- var $adodb;
- var $acl;
- var $auth;
- var $db;
+ public $accounts;
+ public $adodb;
+ public $acl;
+ public $auth;
+ public $db;
/**
* Turn on debug mode. Will output additional data for
debugging purposes.
* @var string $debug
* @access public
*/
- var $debug = 0; // This will turn on debugging
information.
- var $crypto;
- var $categories;
- var $common;
- var $contacts;
- var $datetime;
- var $hooks;
- var $js;
- var $network;
- var $nextmatchs;
- var $preferences;
- var $session;
- var $send;
- var $template;
- //var $translation;
- var $utilities;
- var $vfs;
- var $calendar;
- var $msg;
- var $addressbook;
- var $todo;
- var $xslttpl;
- //var $shm = null;
- var $mapping;
+ public $debug = 0; // This will turn on debugging
information.
+ public $contacts;
+ public $nextmatchs;
+ public $preferences;
+ // FIXME find all instances and change to sessions then we can
drop this
+ public $session;
+ public $send;
+ public $template;
+ public $utilities;
+ public $vfs;
+ public $calendar;
+ public $msg;
+ public $addressbook;
+ public $todo;
+ public $xslttpl;
+ public $mapping;
+
/**
* @var array $instance_vars holds most of the public instance
variable, so they are only instatiated when needed
* @internal removes the need for a lot of if ( !isset($var) ||
!is_object($var)) { $var = createObject("phpgwapi.$var"); } - YAY!
@@ -107,26 +120,49 @@
return isset($this->instance_vars[$var]) &&
is_object($this->instance_vars[$var]);
}
-
-
/**************************************************************************\
- * Core functions
*
-
\**************************************************************************/
-
/**
* Strips out html chars
*
* Used as a shortcut for stripping out html special chars.
*
- * @access public
* @param $s string The string to have its html special chars
stripped out.
* @return string The string with html special characters
removed
*/
- function strip_html($s)
+ public static function strip_html($s)
{
- return htmlspecialchars(stripslashes($s));
+ $s = htmlspecialchars(strip_tags($s), ENT_QUOTES,
'UTF-8');
+ return $s;
}
/**
+ * Clean the inputted HTML to make sure it is free of any
nasties
+ *
+ * @param string $html the HTML to clean
+ * @param string $base_url the base URL for all links -
currently not used
+ *
+ * @return string the cleaned html
+ *
+ * @internal uses HTMLPurifier a whitelist based html sanitiser
and tidier
+ */
+ public static function clean_html($html, $base_url = '')
+ {
+ if ( !$base_url )
+ {
+ $base_url =
$GLOBALS['phpgw_info']['server']['webserver_url'];
+ }
+
+ require_once PHPGW_INCLUDE_ROOT .
'/phpgwapi/inc/htmlpurifier/HTMLPurifier.auto.php';
+
+ $config = HTMLPurifier_Config::createDefault();
+ $config->set('HTML', 'Doctype', 'HTML 4.01
Transitional');
+ $purifier = new HTMLPurifier($config);
+
+ $clean_html = $purifier->purify($html);
+
+ return $clean_html;
+ }
+
+ /**
* Link url generator
*
* Used for backwards compatibility and as a shortcut. If no
url is passed, it
@@ -139,7 +175,7 @@
* @return string The full url after processing
* @see session->link()
*/
- function link($url = '', $extravars = array(), $redirect =
false)
+ public function link($url = '', $extravars = array(), $redirect
= false)
{
return $this->session->link($url, $extravars,
$redirect);
}
@@ -151,9 +187,9 @@
* @param string $extravars Extra params to be passed to
the url
* @return null
*/
- function redirect_link($url = '',$extravars = array())
+ public function redirect_link($url = '', $extravars=array())
{
- $this->redirect($this->session->link($url, $extravars,
true));
+ self::redirect($this->session->link($url, $extravars,
true));
}
/**
@@ -161,13 +197,15 @@
*
* Stop session theft for "GET" based sessions
*
+ * @access public
* @param string $url the target url
- * @return string the processed URL for a safe redirection
+ * @returns string safe redirect url
+ * @author Dave Hall
*/
public static function safe_redirect($url)
{
- $url = urlencode($url);
- return
"{$GLOBALS['phpgw_info']['server']['webserver_url']}/redirect.php?go={$url}";
+ return $GLOBALS['phpgw_info']['server']['webserver_url']
+ . '/redirect.php?go=' . urlencode($url);
}
/**
@@ -181,7 +219,7 @@
* @see session->is_repost()
* @author Dave Hall
*/
- function is_repost($display_error = False)
+ public function is_repost($display_error = False)
{
return $this->session->is_repost($display_error);
}
@@ -194,15 +232,16 @@
* @access public
* @param string The url ro redirect to
*/
- function redirect($url = '')
+ public static function redirect($url = '')
{
$iis = strpos($_SERVER['SERVER_SOFTWARE'], 'IIS', 0)
!== false;
if ( !$url )
{
- $url = $_SERVER['PHP_SELF'];
+ $url = self::get_var('PHP_SELF', 'string',
'SERVER');
}
- if ( $iis )
+
+ if ( $iis || headers_sent() )
{
echo "<html>\n<head>\n<title>Redirecting to
$url</title>";
echo "\n<meta http-equiv=\"refresh\
content=\"0; URL=$url\">";
@@ -213,7 +252,7 @@
}
else
{
- Header('Location: ' . $url);
+ header('Location: ' . $url);
exit;
}
}
@@ -235,7 +274,7 @@
* @param string $m10 substitution string
* @returns string translated phrase
*/
- function
lang($key,$m1='',$m2='',$m3='',$m4='',$m5='',$m6='',$m7='',$m8='',$m9='',$m10='')
+ public function
lang($key,$m1='',$m2='',$m3='',$m4='',$m5='',$m6='',$m7='',$m8='',$m9='',$m10='')
{
if(is_array($m1))
{
@@ -442,10 +481,14 @@
$value = filter_var($value,
FILTER_UNSAFE_RAW);
break;
- case 'html': // this needs its own
handler
+ case 'html':
+ $value =
self::clean_html($value);
+ break;
+
case 'string':
default:
- $value =
htmlspecialchars(filter_var($value, FILTER_SANITIZE_STRING,
FILTER_FLAG_NO_ENCODE_QUOTES));
+ $value = filter_var($value,
FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
+ $value =
htmlspecialchars($value, ENT_COMPAT, 'UTF-8');
}
return $value;
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] [18554] modernise and add support for html datatype,
Dave Hall <=