Skip to content

Commit 7967e5b

Browse files
committed
#146 - Uses HTML purifier and htmlspecialchars in search app
1 parent 0af5b88 commit 7967e5b

File tree

375 files changed

+31724
-23
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

375 files changed

+31724
-23
lines changed

Diff for: .gitignore

+3
Original file line numberDiff line numberDiff line change
@@ -9,3 +9,6 @@ upload/[^.]*/
99

1010
# macOS
1111
.DS_Store
12+
13+
# HTML Purifier
14+
helpers/htmlpurifier/HTMLPurifier/DefinitionCache/Serializer/*/

Diff for: apps/search/front/templates/form.html

+2-2
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
<div class="wity-app wity-app-search wity-action-form">
2-
<h1>{lang Research} {if !empty({$query})}<strong>"{$query}"</strong>{/if}</h1>
2+
<h1>{lang Research} {if !empty({$query})}<strong>"{!$query!}"</strong>{/if}</h1>
33

44
<form class="search-form" action="/search" method="get">
55
<p class="input-group research">
6-
<input class="form-control" type="text" name="query" placeholder="{lang Search}" value="{if !empty({$query})}{$query}{/if}" />
6+
<input class="form-control" type="text" name="query" placeholder="{lang Search}" value="{if !empty({$query})}{!$query!}{/if}" />
77
<span class="input-group-btn">
88
<button class="btn btn-default" type="submit"><span class="glyphicon glyphicon-search"></span></button>
99
</span>

Diff for: helpers/htmlpurifier/HTMLPurifier.auto.php

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<?php
2+
3+
/**
4+
* This is a stub include that automatically configures the include path.
5+
*/
6+
7+
set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
8+
require_once 'HTMLPurifier/Bootstrap.php';
9+
require_once 'HTMLPurifier.autoload.php';
10+
11+
// vim: et sw=4 sts=4

Diff for: helpers/htmlpurifier/HTMLPurifier.autoload.php

+27
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
<?php
2+
3+
/**
4+
* @file
5+
* Convenience file that registers autoload handler for HTML Purifier.
6+
* It also does some sanity checks.
7+
*/
8+
9+
if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) {
10+
// We need unregister for our pre-registering functionality
11+
HTMLPurifier_Bootstrap::registerAutoload();
12+
if (function_exists('__autoload')) {
13+
// Be polite and ensure that userland autoload gets retained
14+
spl_autoload_register('__autoload');
15+
}
16+
} elseif (!function_exists('__autoload')) {
17+
function __autoload($class)
18+
{
19+
return HTMLPurifier_Bootstrap::autoload($class);
20+
}
21+
}
22+
23+
if (ini_get('zend.ze1_compatibility_mode')) {
24+
trigger_error("HTML Purifier is not compatible with zend.ze1_compatibility_mode; please turn it off", E_USER_ERROR);
25+
}
26+
27+
// vim: et sw=4 sts=4

Diff for: helpers/htmlpurifier/HTMLPurifier.composer.php

+4
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
<?php
2+
if (!defined('HTMLPURIFIER_PREFIX')) {
3+
define('HTMLPURIFIER_PREFIX', dirname(__FILE__));
4+
}

Diff for: helpers/htmlpurifier/HTMLPurifier.func.php

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
<?php
2+
3+
/**
4+
* @file
5+
* Defines a function wrapper for HTML Purifier for quick use.
6+
* @note ''HTMLPurifier()'' is NOT the same as ''new HTMLPurifier()''
7+
*/
8+
9+
/**
10+
* Purify HTML.
11+
* @param string $html String HTML to purify
12+
* @param mixed $config Configuration to use, can be any value accepted by
13+
* HTMLPurifier_Config::create()
14+
* @return string
15+
*/
16+
function HTMLPurifier($html, $config = null)
17+
{
18+
static $purifier = false;
19+
if (!$purifier) {
20+
$purifier = new HTMLPurifier();
21+
}
22+
return $purifier->purify($html, $config);
23+
}
24+
25+
// vim: et sw=4 sts=4

Diff for: helpers/htmlpurifier/HTMLPurifier.includes.php

+232
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,232 @@
1+
<?php
2+
3+
/**
4+
* @file
5+
* This file was auto-generated by generate-includes.php and includes all of
6+
* the core files required by HTML Purifier. Use this if performance is a
7+
* primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
8+
* FILE, changes will be overwritten the next time the script is run.
9+
*
10+
* @version 4.8.0
11+
*
12+
* @warning
13+
* You must *not* include any other HTML Purifier files before this file,
14+
* because 'require' not 'require_once' is used.
15+
*
16+
* @warning
17+
* This file requires that the include path contains the HTML Purifier
18+
* library directory; this is not auto-set.
19+
*/
20+
21+
require 'HTMLPurifier.php';
22+
require 'HTMLPurifier/Arborize.php';
23+
require 'HTMLPurifier/AttrCollections.php';
24+
require 'HTMLPurifier/AttrDef.php';
25+
require 'HTMLPurifier/AttrTransform.php';
26+
require 'HTMLPurifier/AttrTypes.php';
27+
require 'HTMLPurifier/AttrValidator.php';
28+
require 'HTMLPurifier/Bootstrap.php';
29+
require 'HTMLPurifier/Definition.php';
30+
require 'HTMLPurifier/CSSDefinition.php';
31+
require 'HTMLPurifier/ChildDef.php';
32+
require 'HTMLPurifier/Config.php';
33+
require 'HTMLPurifier/ConfigSchema.php';
34+
require 'HTMLPurifier/ContentSets.php';
35+
require 'HTMLPurifier/Context.php';
36+
require 'HTMLPurifier/DefinitionCache.php';
37+
require 'HTMLPurifier/DefinitionCacheFactory.php';
38+
require 'HTMLPurifier/Doctype.php';
39+
require 'HTMLPurifier/DoctypeRegistry.php';
40+
require 'HTMLPurifier/ElementDef.php';
41+
require 'HTMLPurifier/Encoder.php';
42+
require 'HTMLPurifier/EntityLookup.php';
43+
require 'HTMLPurifier/EntityParser.php';
44+
require 'HTMLPurifier/ErrorCollector.php';
45+
require 'HTMLPurifier/ErrorStruct.php';
46+
require 'HTMLPurifier/Exception.php';
47+
require 'HTMLPurifier/Filter.php';
48+
require 'HTMLPurifier/Generator.php';
49+
require 'HTMLPurifier/HTMLDefinition.php';
50+
require 'HTMLPurifier/HTMLModule.php';
51+
require 'HTMLPurifier/HTMLModuleManager.php';
52+
require 'HTMLPurifier/IDAccumulator.php';
53+
require 'HTMLPurifier/Injector.php';
54+
require 'HTMLPurifier/Language.php';
55+
require 'HTMLPurifier/LanguageFactory.php';
56+
require 'HTMLPurifier/Length.php';
57+
require 'HTMLPurifier/Lexer.php';
58+
require 'HTMLPurifier/Node.php';
59+
require 'HTMLPurifier/PercentEncoder.php';
60+
require 'HTMLPurifier/PropertyList.php';
61+
require 'HTMLPurifier/PropertyListIterator.php';
62+
require 'HTMLPurifier/Queue.php';
63+
require 'HTMLPurifier/Strategy.php';
64+
require 'HTMLPurifier/StringHash.php';
65+
require 'HTMLPurifier/StringHashParser.php';
66+
require 'HTMLPurifier/TagTransform.php';
67+
require 'HTMLPurifier/Token.php';
68+
require 'HTMLPurifier/TokenFactory.php';
69+
require 'HTMLPurifier/URI.php';
70+
require 'HTMLPurifier/URIDefinition.php';
71+
require 'HTMLPurifier/URIFilter.php';
72+
require 'HTMLPurifier/URIParser.php';
73+
require 'HTMLPurifier/URIScheme.php';
74+
require 'HTMLPurifier/URISchemeRegistry.php';
75+
require 'HTMLPurifier/UnitConverter.php';
76+
require 'HTMLPurifier/VarParser.php';
77+
require 'HTMLPurifier/VarParserException.php';
78+
require 'HTMLPurifier/Zipper.php';
79+
require 'HTMLPurifier/AttrDef/CSS.php';
80+
require 'HTMLPurifier/AttrDef/Clone.php';
81+
require 'HTMLPurifier/AttrDef/Enum.php';
82+
require 'HTMLPurifier/AttrDef/Integer.php';
83+
require 'HTMLPurifier/AttrDef/Lang.php';
84+
require 'HTMLPurifier/AttrDef/Switch.php';
85+
require 'HTMLPurifier/AttrDef/Text.php';
86+
require 'HTMLPurifier/AttrDef/URI.php';
87+
require 'HTMLPurifier/AttrDef/CSS/Number.php';
88+
require 'HTMLPurifier/AttrDef/CSS/AlphaValue.php';
89+
require 'HTMLPurifier/AttrDef/CSS/Background.php';
90+
require 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
91+
require 'HTMLPurifier/AttrDef/CSS/Border.php';
92+
require 'HTMLPurifier/AttrDef/CSS/Color.php';
93+
require 'HTMLPurifier/AttrDef/CSS/Composite.php';
94+
require 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
95+
require 'HTMLPurifier/AttrDef/CSS/Filter.php';
96+
require 'HTMLPurifier/AttrDef/CSS/Font.php';
97+
require 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
98+
require 'HTMLPurifier/AttrDef/CSS/Ident.php';
99+
require 'HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
100+
require 'HTMLPurifier/AttrDef/CSS/Length.php';
101+
require 'HTMLPurifier/AttrDef/CSS/ListStyle.php';
102+
require 'HTMLPurifier/AttrDef/CSS/Multiple.php';
103+
require 'HTMLPurifier/AttrDef/CSS/Percentage.php';
104+
require 'HTMLPurifier/AttrDef/CSS/TextDecoration.php';
105+
require 'HTMLPurifier/AttrDef/CSS/URI.php';
106+
require 'HTMLPurifier/AttrDef/HTML/Bool.php';
107+
require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
108+
require 'HTMLPurifier/AttrDef/HTML/Class.php';
109+
require 'HTMLPurifier/AttrDef/HTML/Color.php';
110+
require 'HTMLPurifier/AttrDef/HTML/FrameTarget.php';
111+
require 'HTMLPurifier/AttrDef/HTML/ID.php';
112+
require 'HTMLPurifier/AttrDef/HTML/Pixels.php';
113+
require 'HTMLPurifier/AttrDef/HTML/Length.php';
114+
require 'HTMLPurifier/AttrDef/HTML/LinkTypes.php';
115+
require 'HTMLPurifier/AttrDef/HTML/MultiLength.php';
116+
require 'HTMLPurifier/AttrDef/URI/Email.php';
117+
require 'HTMLPurifier/AttrDef/URI/Host.php';
118+
require 'HTMLPurifier/AttrDef/URI/IPv4.php';
119+
require 'HTMLPurifier/AttrDef/URI/IPv6.php';
120+
require 'HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
121+
require 'HTMLPurifier/AttrTransform/Background.php';
122+
require 'HTMLPurifier/AttrTransform/BdoDir.php';
123+
require 'HTMLPurifier/AttrTransform/BgColor.php';
124+
require 'HTMLPurifier/AttrTransform/BoolToCSS.php';
125+
require 'HTMLPurifier/AttrTransform/Border.php';
126+
require 'HTMLPurifier/AttrTransform/EnumToCSS.php';
127+
require 'HTMLPurifier/AttrTransform/ImgRequired.php';
128+
require 'HTMLPurifier/AttrTransform/ImgSpace.php';
129+
require 'HTMLPurifier/AttrTransform/Input.php';
130+
require 'HTMLPurifier/AttrTransform/Lang.php';
131+
require 'HTMLPurifier/AttrTransform/Length.php';
132+
require 'HTMLPurifier/AttrTransform/Name.php';
133+
require 'HTMLPurifier/AttrTransform/NameSync.php';
134+
require 'HTMLPurifier/AttrTransform/Nofollow.php';
135+
require 'HTMLPurifier/AttrTransform/SafeEmbed.php';
136+
require 'HTMLPurifier/AttrTransform/SafeObject.php';
137+
require 'HTMLPurifier/AttrTransform/SafeParam.php';
138+
require 'HTMLPurifier/AttrTransform/ScriptRequired.php';
139+
require 'HTMLPurifier/AttrTransform/TargetBlank.php';
140+
require 'HTMLPurifier/AttrTransform/TargetNoreferrer.php';
141+
require 'HTMLPurifier/AttrTransform/Textarea.php';
142+
require 'HTMLPurifier/ChildDef/Chameleon.php';
143+
require 'HTMLPurifier/ChildDef/Custom.php';
144+
require 'HTMLPurifier/ChildDef/Empty.php';
145+
require 'HTMLPurifier/ChildDef/List.php';
146+
require 'HTMLPurifier/ChildDef/Required.php';
147+
require 'HTMLPurifier/ChildDef/Optional.php';
148+
require 'HTMLPurifier/ChildDef/StrictBlockquote.php';
149+
require 'HTMLPurifier/ChildDef/Table.php';
150+
require 'HTMLPurifier/DefinitionCache/Decorator.php';
151+
require 'HTMLPurifier/DefinitionCache/Null.php';
152+
require 'HTMLPurifier/DefinitionCache/Serializer.php';
153+
require 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
154+
require 'HTMLPurifier/DefinitionCache/Decorator/Memory.php';
155+
require 'HTMLPurifier/HTMLModule/Bdo.php';
156+
require 'HTMLPurifier/HTMLModule/CommonAttributes.php';
157+
require 'HTMLPurifier/HTMLModule/Edit.php';
158+
require 'HTMLPurifier/HTMLModule/Forms.php';
159+
require 'HTMLPurifier/HTMLModule/Hypertext.php';
160+
require 'HTMLPurifier/HTMLModule/Iframe.php';
161+
require 'HTMLPurifier/HTMLModule/Image.php';
162+
require 'HTMLPurifier/HTMLModule/Legacy.php';
163+
require 'HTMLPurifier/HTMLModule/List.php';
164+
require 'HTMLPurifier/HTMLModule/Name.php';
165+
require 'HTMLPurifier/HTMLModule/Nofollow.php';
166+
require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
167+
require 'HTMLPurifier/HTMLModule/Object.php';
168+
require 'HTMLPurifier/HTMLModule/Presentation.php';
169+
require 'HTMLPurifier/HTMLModule/Proprietary.php';
170+
require 'HTMLPurifier/HTMLModule/Ruby.php';
171+
require 'HTMLPurifier/HTMLModule/SafeEmbed.php';
172+
require 'HTMLPurifier/HTMLModule/SafeObject.php';
173+
require 'HTMLPurifier/HTMLModule/SafeScripting.php';
174+
require 'HTMLPurifier/HTMLModule/Scripting.php';
175+
require 'HTMLPurifier/HTMLModule/StyleAttribute.php';
176+
require 'HTMLPurifier/HTMLModule/Tables.php';
177+
require 'HTMLPurifier/HTMLModule/Target.php';
178+
require 'HTMLPurifier/HTMLModule/TargetBlank.php';
179+
require 'HTMLPurifier/HTMLModule/TargetNoreferrer.php';
180+
require 'HTMLPurifier/HTMLModule/Text.php';
181+
require 'HTMLPurifier/HTMLModule/Tidy.php';
182+
require 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
183+
require 'HTMLPurifier/HTMLModule/Tidy/Name.php';
184+
require 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
185+
require 'HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
186+
require 'HTMLPurifier/HTMLModule/Tidy/Strict.php';
187+
require 'HTMLPurifier/HTMLModule/Tidy/Transitional.php';
188+
require 'HTMLPurifier/HTMLModule/Tidy/XHTML.php';
189+
require 'HTMLPurifier/Injector/AutoParagraph.php';
190+
require 'HTMLPurifier/Injector/DisplayLinkURI.php';
191+
require 'HTMLPurifier/Injector/Linkify.php';
192+
require 'HTMLPurifier/Injector/PurifierLinkify.php';
193+
require 'HTMLPurifier/Injector/RemoveEmpty.php';
194+
require 'HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
195+
require 'HTMLPurifier/Injector/SafeObject.php';
196+
require 'HTMLPurifier/Lexer/DOMLex.php';
197+
require 'HTMLPurifier/Lexer/DirectLex.php';
198+
require 'HTMLPurifier/Node/Comment.php';
199+
require 'HTMLPurifier/Node/Element.php';
200+
require 'HTMLPurifier/Node/Text.php';
201+
require 'HTMLPurifier/Strategy/Composite.php';
202+
require 'HTMLPurifier/Strategy/Core.php';
203+
require 'HTMLPurifier/Strategy/FixNesting.php';
204+
require 'HTMLPurifier/Strategy/MakeWellFormed.php';
205+
require 'HTMLPurifier/Strategy/RemoveForeignElements.php';
206+
require 'HTMLPurifier/Strategy/ValidateAttributes.php';
207+
require 'HTMLPurifier/TagTransform/Font.php';
208+
require 'HTMLPurifier/TagTransform/Simple.php';
209+
require 'HTMLPurifier/Token/Comment.php';
210+
require 'HTMLPurifier/Token/Tag.php';
211+
require 'HTMLPurifier/Token/Empty.php';
212+
require 'HTMLPurifier/Token/End.php';
213+
require 'HTMLPurifier/Token/Start.php';
214+
require 'HTMLPurifier/Token/Text.php';
215+
require 'HTMLPurifier/URIFilter/DisableExternal.php';
216+
require 'HTMLPurifier/URIFilter/DisableExternalResources.php';
217+
require 'HTMLPurifier/URIFilter/DisableResources.php';
218+
require 'HTMLPurifier/URIFilter/HostBlacklist.php';
219+
require 'HTMLPurifier/URIFilter/MakeAbsolute.php';
220+
require 'HTMLPurifier/URIFilter/Munge.php';
221+
require 'HTMLPurifier/URIFilter/SafeIframe.php';
222+
require 'HTMLPurifier/URIScheme/data.php';
223+
require 'HTMLPurifier/URIScheme/file.php';
224+
require 'HTMLPurifier/URIScheme/ftp.php';
225+
require 'HTMLPurifier/URIScheme/http.php';
226+
require 'HTMLPurifier/URIScheme/https.php';
227+
require 'HTMLPurifier/URIScheme/mailto.php';
228+
require 'HTMLPurifier/URIScheme/news.php';
229+
require 'HTMLPurifier/URIScheme/nntp.php';
230+
require 'HTMLPurifier/URIScheme/tel.php';
231+
require 'HTMLPurifier/VarParser/Flexible.php';
232+
require 'HTMLPurifier/VarParser/Native.php';

Diff for: helpers/htmlpurifier/HTMLPurifier.kses.php

+30
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
<?php
2+
3+
/**
4+
* @file
5+
* Emulation layer for code that used kses(), substituting in HTML Purifier.
6+
*/
7+
8+
require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
9+
10+
function kses($string, $allowed_html, $allowed_protocols = null)
11+
{
12+
$config = HTMLPurifier_Config::createDefault();
13+
$allowed_elements = array();
14+
$allowed_attributes = array();
15+
foreach ($allowed_html as $element => $attributes) {
16+
$allowed_elements[$element] = true;
17+
foreach ($attributes as $attribute => $x) {
18+
$allowed_attributes["$element.$attribute"] = true;
19+
}
20+
}
21+
$config->set('HTML.AllowedElements', $allowed_elements);
22+
$config->set('HTML.AllowedAttributes', $allowed_attributes);
23+
if ($allowed_protocols !== null) {
24+
$config->set('URI.AllowedSchemes', $allowed_protocols);
25+
}
26+
$purifier = new HTMLPurifier($config);
27+
return $purifier->purify($string);
28+
}
29+
30+
// vim: et sw=4 sts=4

Diff for: helpers/htmlpurifier/HTMLPurifier.path.php

+11
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<?php
2+
3+
/**
4+
* @file
5+
* Convenience stub file that adds HTML Purifier's library file to the path
6+
* without any other side-effects.
7+
*/
8+
9+
set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
10+
11+
// vim: et sw=4 sts=4

0 commit comments

Comments
 (0)