107 lines
4.4 KiB
PHP
107 lines
4.4 KiB
PHP
<?php
|
|
|
|
// php-htmlpurfier-html5 : https://github.com/kennberg/php-htmlpurfier-html5
|
|
function load_htmlpurifier($allowed) {
|
|
global $g;
|
|
$config = HTMLPurifier_Config::createDefault();
|
|
$config->set('HTML.Doctype', 'HTML 4.01 Transitional');
|
|
$config->set('CSS.AllowTricky', true);
|
|
$config->set('Cache.SerializerPath', $g['path_tmp'].'cache/HTMLPurifier');
|
|
// Allow iframes from:
|
|
// o YouTube.com
|
|
// o Vimeo.com
|
|
$config->set('HTML.SafeIframe', true);
|
|
$config->set('URI.SafeIframeRegexp', '%^(http:|https:)?//(www.youtube(?:-nocookie)?.com/embed/|player.vimeo.com/video/)%');
|
|
$config->set('HTML.Allowed', implode(',', $allowed));
|
|
// Set some HTML5 properties
|
|
$config->set('HTML.DefinitionID', 'html5-definitions'); // unqiue id
|
|
$config->set('HTML.DefinitionRev', 1);
|
|
if ($def = $config->maybeGetRawHTMLDefinition()) {
|
|
// http://developers.whatwg.org/sections.html
|
|
$def->addElement('section', 'Block', 'Flow', 'Common');
|
|
$def->addElement('nav', 'Block', 'Flow', 'Common');
|
|
$def->addElement('article', 'Block', 'Flow', 'Common');
|
|
$def->addElement('aside', 'Block', 'Flow', 'Common');
|
|
$def->addElement('header', 'Block', 'Flow', 'Common');
|
|
$def->addElement('footer', 'Block', 'Flow', 'Common');
|
|
$def->addElement('blockquote', 'Block', 'Flow', 'Common');
|
|
|
|
// Content model actually excludes several tags, not modelled here
|
|
$def->addElement('address', 'Block', 'Flow', 'Common');
|
|
$def->addElement('hgroup', 'Block', 'Required: h1 | h2 | h3 | h4 | h5 | h6', 'Common');
|
|
// http://developers.whatwg.org/grouping-content.html
|
|
$def->addElement('figure', 'Block', 'Optional: (figcaption, Flow) | (Flow, figcaption) | Flow', 'Common');
|
|
$def->addElement('figcaption', 'Inline', 'Flow', 'Common');
|
|
|
|
// http://developers.whatwg.org/the-video-element.html#the-video-element
|
|
$def->addElement('video', 'Block', 'Optional: (source, Flow) | (Flow, source) | Flow', 'Common', array(
|
|
'src' => 'URI',
|
|
'type' => 'Text',
|
|
'width' => 'Length',
|
|
'height' => 'Length',
|
|
'poster' => 'URI',
|
|
'preload' => 'Enum#auto,metadata,none',
|
|
'controls' => 'Bool',
|
|
));
|
|
$def->addElement('oembed', 'Block', 'Flow', 'Common', array(
|
|
'url' => 'URI'
|
|
));
|
|
$def->addElement('source', 'Block', 'Flow', 'Common', array(
|
|
'src' => 'URI',
|
|
'type' => 'Text',
|
|
));
|
|
// http://developers.whatwg.org/text-level-semantics.html
|
|
$def->addElement('s', 'Inline', 'Inline', 'Common');
|
|
$def->addElement('var', 'Inline', 'Inline', 'Common');
|
|
$def->addElement('sub', 'Inline', 'Inline', 'Common');
|
|
$def->addElement('sup', 'Inline', 'Inline', 'Common');
|
|
$def->addElement('mark', 'Inline', 'Inline', 'Common');
|
|
$def->addElement('wbr', 'Inline', 'Empty', 'Core');
|
|
// http://developers.whatwg.org/edits.html
|
|
$def->addElement('ins', 'Block', 'Flow', 'Common', array('cite' => 'URI', 'datetime' => 'CDATA'));
|
|
$def->addElement('del', 'Block', 'Flow', 'Common', array('cite' => 'URI', 'datetime' => 'CDATA'));
|
|
// TinyMCE
|
|
$def->addAttribute('img', 'data-mce-src', 'Text');
|
|
$def->addAttribute('img', 'data-mce-json', 'Text');
|
|
// Others
|
|
$def->addAttribute('iframe', 'allowfullscreen', 'Bool');
|
|
$def->addAttribute('table', 'height', 'Text');
|
|
$def->addAttribute('td', 'border', 'Text');
|
|
$def->addAttribute('th', 'border', 'Text');
|
|
$def->addAttribute('tr', 'width', 'Text');
|
|
$def->addAttribute('tr', 'height', 'Text');
|
|
$def->addAttribute('tr', 'border', 'Text');
|
|
}
|
|
return new HTMLPurifier($config);
|
|
}
|
|
|
|
function LIB_getContents($str,$html) {
|
|
global $d,$g;
|
|
if ($html == 'HTML') {
|
|
|
|
$_atkParam = $pattern = explode(',',$d['admin']['secu_param']);
|
|
foreach($_atkParam as $_prm) $str = str_replace($_prm,'',$str);
|
|
|
|
// HTMLPurifier
|
|
require_once $g['path_core'].'opensrc/HTMLPurifier/4.10.0/HTMLPurifier.safe-includes.php';
|
|
$allowed = explode(',',$d['admin']['secu_tags']);
|
|
$purifier = load_htmlpurifier($allowed);
|
|
$str = $purifier->purify($str);
|
|
|
|
}
|
|
else {
|
|
$str = str_replace('<','<',$str);
|
|
$str = str_replace('>','>',$str);
|
|
$str = str_replace(' ','&nbsp;',$str);
|
|
$str = str_replace("\t",' ',$str);
|
|
$str = nl2br($str);
|
|
}
|
|
return $str;
|
|
}
|
|
|
|
function getIframes($str) {
|
|
preg_match_all("/<iframe[^>]*?>/si", $str, $mat);
|
|
return $mat[0];
|
|
}
|
|
?>
|