Skip to content
Permalink
Browse files
Now filter html external references (eg. images to arbitrary urls). T…
…his ensures that arbitrary urls are not fetched from the server during PDF creation.
  • Loading branch information
collectiveaccess committed Sep 25, 2021
1 parent 8362ed4 commit aaf573e2fcaaa5c5b52c61eaaa4d6a5ca3b247d9
Showing with 9 additions and 1 deletion.
  1. +4 −0 app/conf/app.conf
  2. +5 −1 app/lib/BaseModel.php
@@ -2109,6 +2109,10 @@ service_view_path = <ca_app_dir>/service/views
# -----------------------------------
purify_all_text_input = 1

# Allow external URL references (eg. images) in HTML text input?
# Leaving this enabled may be a security risk
purify_allow_external_references = 0

# -----------------------------------
# Paths to other config files
# -----------------------------------
@@ -551,7 +551,11 @@ public function purify($pb_purify=null) {
* @return HTMLPurifier Returns instance
*/
static public function getPurifier() {
if (!BaseModel::$html_purifier) { BaseModel::$html_purifier = new HTMLPurifier(); }
if (!BaseModel::$html_purifier) {
$config = HTMLPurifier_Config::createDefault();
$config->set('URI.DisableExternalResources', !Configuration::load()->get('purify_allow_external_references'));
BaseModel::$html_purifier = new HTMLPurifier($config);
}
return BaseModel::$html_purifier;
}
# --------------------------------------------------------------------------------

0 comments on commit aaf573e

Please sign in to comment.