From 3de03d4f83817e59c1be4bc361fee8eca781789b Mon Sep 17 00:00:00 2001 From: Laria Carolin Chabowski Date: Fri, 25 Sep 2020 22:19:37 +0200 Subject: Replace kses with HTMLPurifier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This gets rid of our last non-compüoser dependency! :) --- .gitignore | 2 -- INSTALL.md | 19 +++++------------ build.sh | 10 --------- composer.json | 3 ++- composer.lock | 52 ++++++++++++++++++++++++++++++++++++++++++++++- ratatoeskr/frontend.php | 1 - ratatoeskr/libs/INFO | 7 ------- ratatoeskr/sys/models.php | 8 +++++--- setup.php | 1 - 9 files changed, 63 insertions(+), 40 deletions(-) delete mode 100644 ratatoeskr/libs/INFO diff --git a/.gitignore b/.gitignore index 076eff0..d62a07f 100644 --- a/.gitignore +++ b/.gitignore @@ -5,8 +5,6 @@ images/* ratatoeskr/templates/src/plugintemplates/* ratatoeskr/templates/src/usertemplates/* ratatoeskr/templates/transc/* -ratatoeskr/libs/ste -ratatoeskr/libs/kses.php ratatoeskr/config.php .php_cs.cache ratatoeskr/vendor/ diff --git a/INSTALL.md b/INSTALL.md index 06162fe..ac9feba 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -11,27 +11,18 @@ Step 0: Requirements Step 1: Get required packages using composer -------------------------------------------- +*(If you donloaded a pre-built package, you can skip this step)* + Some required packages are managed by [composer](https://www.getcomposer.org). If you don't have it installed, go and install it. After that, run `composer install` in the root directory of this package. -Step 2: Get additional libraries --------------------------------- - -You need these libraries to run Ratatöskr (it is probably already bundled with these): - -1. kses - - Place "kses.php" from the archive directly into this directory. - - kses can be found at - -Step 3: Copy files to your Webspace +Step 2: Copy files to your Webspace ----------------------------------- Copy Ratatöskr to your webspace (usually using FTP or SFTP). -Step 4: Use the setup wizard +Step 3: Use the setup wizard ---------------------------- 1. Open your favourite Web browser and surf to `setup.php` of your Ratatöskr installation. @@ -47,7 +38,7 @@ Step 4: Use the setup wizard 5. Copy the text from the textbox and replace the contents of `/ratatoeskr/config.php` with it. -Step 5: Delete the setup wizard +Step 4: Delete the setup wizard ------------------------------- Delete the file `setup.php`. diff --git a/build.sh b/build.sh index 8efe267..91a1874 100755 --- a/build.sh +++ b/build.sh @@ -15,16 +15,6 @@ setup_directories() { install_dependencies() { composer install - - cd ratatoeskr/libs - - wget -O kses.zip http://sourceforge.net/projects/kses/files/kses/0.2.2/kses-0.2.2.zip/download?use_mirror=optimate - unzip kses.zip - mv kses-*/kses.php . - rm -rf kses-* - rm kses.zip - - cd ../.. } setup_dev_environment() { diff --git a/composer.json b/composer.json index 0e22b52..ac07552 100644 --- a/composer.json +++ b/composer.json @@ -18,7 +18,8 @@ "php": ">=7.3", "r7r/ste": "^2.0.1", "michelf/php-markdown": "^1.9", - "components/jquery": "^3.5" + "components/jquery": "^3.5", + "ezyang/htmlpurifier": "^4.13" }, "config": { "vendor-dir": "ratatoeskr/vendor" diff --git a/composer.lock b/composer.lock index ca731cc..7a0e178 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "9cb5c30495a0e70e4fc6c1368f601408", + "content-hash": "8e7c51894df523adf15ac1b9cb7a31c4", "packages": [ { "name": "components/jquery", @@ -48,6 +48,56 @@ "homepage": "http://jquery.com", "time": "2020-05-05T13:21:02+00:00" }, + { + "name": "ezyang/htmlpurifier", + "version": "v4.13.0", + "source": { + "type": "git", + "url": "https://github.com/ezyang/htmlpurifier.git", + "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/08e27c97e4c6ed02f37c5b2b20488046c8d90d75", + "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75", + "shasum": "" + }, + "require": { + "php": ">=5.2" + }, + "require-dev": { + "simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd" + }, + "type": "library", + "autoload": { + "psr-0": { + "HTMLPurifier": "library/" + }, + "files": [ + "library/HTMLPurifier.composer.php" + ], + "exclude-from-classmap": [ + "/library/HTMLPurifier/Language/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-or-later" + ], + "authors": [ + { + "name": "Edward Z. Yang", + "email": "admin@htmlpurifier.org", + "homepage": "http://ezyang.com" + } + ], + "description": "Standards compliant HTML filter written in PHP", + "homepage": "http://htmlpurifier.org/", + "keywords": [ + "html" + ], + "time": "2020-06-29T00:56:53+00:00" + }, { "name": "michelf/php-markdown", "version": "1.9.0", diff --git a/ratatoeskr/frontend.php b/ratatoeskr/frontend.php index 6484796..f49e61e 100644 --- a/ratatoeskr/frontend.php +++ b/ratatoeskr/frontend.php @@ -17,7 +17,6 @@ require_once(dirname(__FILE__) . "/sys/utils.php"); require_once(dirname(__FILE__) . "/languages.php"); require_once(dirname(__FILE__) . "/sys/models.php"); require_once(dirname(__FILE__) . "/sys/textprocessors.php"); -require_once(dirname(__FILE__) . "/libs/kses.php"); /** @var ste\STECore $ste */ assert(isset($ste)); diff --git a/ratatoeskr/libs/INFO b/ratatoeskr/libs/INFO deleted file mode 100644 index e821828..0000000 --- a/ratatoeskr/libs/INFO +++ /dev/null @@ -1,7 +0,0 @@ -This directory will hold some libraries Ratatöskr needs. - -1. kses - - Place "kses.php" from the archive directly into this directory. - - kses can be found at diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index caf14ad..b820e6f 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -14,7 +14,6 @@ use r7r\cms\sys\Env; require_once(dirname(__FILE__) . "/db.php"); require_once(dirname(__FILE__) . "/utils.php"); -require_once(dirname(__FILE__) . "/../libs/kses.php"); require_once(dirname(__FILE__) . "/textprocessors.php"); require_once(dirname(__FILE__) . "/pluginpackage.php"); @@ -1207,7 +1206,7 @@ class Comment extends BySQLRowEnabled /** * Creates the HTML representation of a comment text. It applies the page's comment textprocessor on it - * and filters some potentially harmful tags using kses. + * and filters some potentially harmful tags using HTMLPurifier. * * @param string $text Text to HTMLize. * @return string HTML code. @@ -1218,7 +1217,10 @@ class Comment extends BySQLRowEnabled $textprocessors = $textprocessors ?? Env::getGlobal()->textprocessors(); - return kses($textprocessors->mustApply($text, $ratatoeskr_settings["comment_textprocessor"]), [ + $purifierConfig = HTMLPurifier_Config::createDefault(); + $purifier = new HTMLPurifier($purifierConfig); + + return $purifier->purify($textprocessors->mustApply($text, $ratatoeskr_settings["comment_textprocessor"]), [ "a" => ["href" => 1, "hreflang" => 1, "title" => 1, "rel" => 1, "rev" => 1], "b" => [], "i" => [], diff --git a/setup.php b/setup.php index 2f57ce9..f496dfe 100644 --- a/setup.php +++ b/setup.php @@ -59,7 +59,6 @@ $files = [ "/ratatoeskr/translations/de.php", "/ratatoeskr/translations/en.php", "/ratatoeskr/backend.php", - "/ratatoeskr/libs/kses.php", "/ratatoeskr/vendor/autoload.php", "/ratatoeskr/.htaccess", "/ratatoeskr/setup/create_tables.php", -- cgit v1.2.3-54-g00ecf