Feature #3909 HTMLPurifier wiki filter

14 years ago · 283bec0f2e
parent 2c7132469c
commit 283bec0f2e
3 changed files with 22 additions and 5 deletions
--- a/main/install/db_main.sql
+++ b/main/install/db_main.sql
@ -825,7 +825,8 @@ VALUES
 ('filter_terms',NULL,'textarea','Security','','FilterTermsTitle','FilterTermsComment',NULL,NULL, 0),
 ('header_extra_content', NULL, 'textarea', 'Tracking', '', 'HeaderExtraContentTitle', 'HeaderExtraContentComment', NULL, NULL, 1),
 ('show_documents_preview', NULL, 'radio', 'Tools', 'false', 'ShowDocumentPreviewTitle', 'ShowDocumentPreviewComment', NULL, NULL, 1),
-('chamilo_database_version',NULL,'textfield',NULL, '1.9.0.15650','DokeosDatabaseVersion','', NULL, NULL, 0);
+('htmlpurifier_wiki', NULL, 'radio', 'Editor', 'true', 'HtmlPurifierWikiTitle', 'HtmlPurifierWikiComment', NULL, NULL, 0),
+('chamilo_database_version',NULL,'textfield',NULL, '1.9.0.15651','DokeosDatabaseVersion','', NULL, NULL, 0);

 UNLOCK TABLES;
 /*!40000 ALTER TABLE settings_current ENABLE KEYS */;
@ -1093,7 +1094,9 @@ VALUES
 ('enable_nanogong','true','Yes'),
 ('enable_nanogong','false','No'),
 ('show_documents_preview', 'true', 'Yes'),
-('show_documents_preview', 'false', 'No');
+('show_documents_preview', 'false', 'No'),
+('enabled_htmlpurifier', 'true', 'Yes'),
+('enabled_htmlpurifier', 'false', 'No');

 UNLOCK TABLES;

--- a/main/install/migrate-db-1.8.8-1.9.0-pre.sql
+++ b/main/install/migrate-db-1.8.8-1.9.0-pre.sql
@ -26,6 +26,11 @@ INSERT INTO settings_current (variable, subkey, type, category, selected_value,
 INSERT INTO settings_options (variable, value, display_text) VALUES ('show_documents_preview', 'true', 'Yes');
 INSERT INTO settings_options (variable, value, display_text) VALUES ('show_documents_preview', 'false', 'No');

+INSERT INTO settings_current (variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url_changeable) VALUES ('htmlpurifier_wiki',NULL,'radio','Editor','false','HtmlPurifierWikiTitle','HtmlPurifierWikiComment',NULL,NULL, 0);
+
+INSERT INTO settings_options (variable, value, display_text) VALUES ('htmlpurifier_wiki', 'true', 'Yes');
+INSERT INTO settings_options (variable, value, display_text) VALUES ('htmlpurifier_wiki', 'false', 'No');
+

 -- xxSTATSxx
 ALTER TABLE track_e_exercices ADD COLUMN questions_to_check TEXT  NOT NULL DEFAULT '';
--- a/main/wiki/wiki.inc.php
+++ b/main/wiki/wiki.inc.php
@ -262,6 +262,10 @@ function save_wiki() {
    $_clean['reflink']		= Database::escape_string(trim($_POST['reflink'])); 
    $_clean['title']		= Database::escape_string(trim($_POST['title']));
    $_clean['content']		= Database::escape_string($_POST['content']);
+	if (api_get_setting('htmlpurifier_wiki') == 'true'){
+		$purifier = new HTMLPurifier();
+		$_clean['content'] = $purifier->purify($_clean['content']);
+	}
    $_clean['user_id']		= api_get_user_id();
    $_clean['assignment']	= Database::escape_string($_POST['assignment']);
    $_clean['comment']		= Database::escape_string($_POST['comment']);
@ -431,9 +435,14 @@ function save_new_wiki() {
    } else {
         $page = str_replace(' ','_',$_POST['title']);
    }
-    $_clean['reflink']=Database::escape_string(strip_tags(api_htmlentities($page)));
-    $_clean['title']=Database::escape_string(strip_tags(trim($_POST['title'])));
-    $_clean['content']= Database::escape_string($_POST['content']);
+    $_clean['reflink'] = Database::escape_string(strip_tags(api_htmlentities($page)));
+    $_clean['title']   = Database::escape_string(strip_tags(trim($_POST['title'])));
+    $_clean['content'] = Database::escape_string($_POST['content']);
+	
+	if (api_get_setting('htmlpurifier_wiki') == 'true'){
+		$purifier = new HTMLPurifier();
+		$_clean['content'] = $purifier->purify($_clean['content']);
+	}
 	
 	//re-check after strip_tags if the title is empty
 	if(empty($_clean['title']) || empty($_clean['reflink'])){