#2278 게시물 내에 링크 삽입 시 rel=nofollow 적용

- 관리자 제외
xpressengine · Sep 10, 2018 · 01f3e22 · 01f3e22
1 parent bf80d8e
commit 01f3e22
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/classes/security/Purifier.class.php b/classes/security/Purifier.class.php
@@ -35,6 +35,7 @@ private function _setConfig()
 		//$allowdClasses = array('emoticon');
 
 		$this->_config = HTMLPurifier_Config::createDefault();
+		$this->_config->autoFinalize = false;
 		$this->_config->set('HTML.TidyLevel', 'light');
 		$this->_config->set('Output.FlashCompat', TRUE);
 		$this->_config->set('HTML.SafeObject', TRUE);
@@ -51,6 +52,13 @@ private function _setConfig()
 		$this->_def->addAttribute('iframe', 'allowfullscreen', 'Text');
 	}
 
+	public function setConfig($name, $value)
+	{
+		if($this->_config->isFinalized()) return;
+
+		$this->_config->set($name, $value);
+	}
+
 	private function _setDefinition(&$content)
 	{
 		// add attribute for edit component

diff --git a/config/func.inc.php b/config/func.inc.php
@@ -1097,6 +1097,13 @@ function purifierHtml(&$content)
 {
 	require_once(_XE_PATH_ . 'classes/security/Purifier.class.php');
 	$oPurifier = Purifier::getInstance();
+
+	// @see https://github.com/xpressengine/xe-core/issues/2278
+	$logged_info = Context::get('logged_info');
+	if($logged_info->is_admin !== 'Y') {
+		$oPurifier->setConfig('HTML.Nofollow', true);
+	}
+
 	$oPurifier->purify($content);
 }