summaryrefslogtreecommitdiff
path: root/plugins/TinyMCE/TinyMCEPlugin.php
diff options
context:
space:
mode:
authorBrion Vibber <brion@status.net>2010-08-10 16:55:03 -0700
committerBrion Vibber <brion@status.net>2010-08-10 16:55:03 -0700
commit3a85318bd09e867f5ff764d6408e428e9b2ce19a (patch)
treea15d009b077623aa14691033c597bb3e41d9ac1c /plugins/TinyMCE/TinyMCEPlugin.php
parente54d441af044689cc37b1b58104e1b404f55b9db (diff)
First stab redoing argument loading for TinyMCE (to avoid hacking checks for all notice saves everywhere)
Diffstat (limited to 'plugins/TinyMCE/TinyMCEPlugin.php')
-rw-r--r--plugins/TinyMCE/TinyMCEPlugin.php62
1 files changed, 32 insertions, 30 deletions
diff --git a/plugins/TinyMCE/TinyMCEPlugin.php b/plugins/TinyMCE/TinyMCEPlugin.php
index 3a7656d32..8dc1d8a58 100644
--- a/plugins/TinyMCE/TinyMCEPlugin.php
+++ b/plugins/TinyMCE/TinyMCEPlugin.php
@@ -78,36 +78,48 @@ class TinyMCEPlugin extends Plugin
return true;
}
- function onArgsInitialize(&$args)
+ /**
+ * Sanitize HTML input and strip out potentially dangerous bits.
+ *
+ * @param string $raw HTML
+ * @return string HTML
+ */
+ private function sanitizeHtml($raw)
{
- if (!array_key_exists('action', $args) ||
- $args['action'] != 'newnotice') {
- return true;
- }
-
- $raw = $this->_scrub($args['status_textarea']);
-
require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
$config = array('safe' => 1,
'deny_attribute' => 'id,style,on*');
- $this->html = htmLawed($raw, $config);
-
- $text = html_entity_decode(strip_tags($this->html));
-
- $args['status_textarea'] = $text;
-
- return true;
+ return htmLawed($raw, $config);
}
- function onStartNoticeSave($notice)
+ /**
+ * Strip HTML to plaintext string
+ *
+ * @param string $html HTML
+ * @return string plaintext, single line
+ */
+ private function stripHtml($html)
{
- if (!empty($this->html)) {
- // Stomp on any rendering
- $notice->rendered = $this->html;
- }
+ return str_replace("\n", " ", html_entity_decode(strip_tags($html)));
+ }
+ /**
+ * Hook for new-notice form processing to take our HTML goodies;
+ * won't affect API posting etc.
+ *
+ * @param NewNoticeAction $action
+ * @param User $user
+ * @param string $content
+ * @param array $options
+ * @return boolean hook return
+ */
+ function onSaveNewNoticeWeb($action, $user, &$content, &$options)
+ {
+ $html = $this->sanitizeHtml($action->arg('status_textarea'));
+ $options['rendered'] = $html;
+ $content = $this->stripHtml($html);
return true;
}
@@ -135,15 +147,5 @@ END_OF_SCRIPT;
return $scr;
}
-
- function _scrub($txt)
- {
- $strip = get_magic_quotes_gpc();
- if ($strip) {
- return stripslashes($txt);
- } else {
- return $txt;
- }
- }
}