From 95554d1d2ddd8f507459333a92a480344afac1a1 Mon Sep 17 00:00:00 2001 From: Kevin Chabowski Date: Thu, 17 Nov 2011 21:42:19 +0100 Subject: Moved comment html-isation to models.php. --- ratatoeskr/frontend.php | 48 +-------------------------------------- ratatoeskr/sys/models.php | 58 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+), 47 deletions(-) (limited to 'ratatoeskr') diff --git a/ratatoeskr/frontend.php b/ratatoeskr/frontend.php index f8cc3d1..349fe80 100644 --- a/ratatoeskr/frontend.php +++ b/ratatoeskr/frontend.php @@ -109,52 +109,6 @@ function article_transform_ste($article, $lang) ); } -function comment_filter($html) -{ - return kses($html, array( - "a" => array("href" => 1, "hreflang" => 1, "title" => 1, "rel" => 1, "rev" => 1), - "b" => array(), - "i" => array(), - "u" => array(), - "strong" => array(), - "em" => array(), - "p" => array("align" => 1), - "br" => array(), - "abbr" => array(), - "acronym" => array(), - "code" => array(), - "pre" => array(), - "blockquote" => array("cite" => 1), - "h1" => array(), "h2" => array(), "h3" => array(), "h4" => array(), "h5" => array(), "h6" => array(), - "img" => array("src" => 1, "alt" => 1, "width" => 1, "height" => 1), - "s" => array(), - "q" => array("cite" => 1), - "samp" => array(), - "ul" => array(), - "ol" => array(), - "li" => array(), - "del" => array(), - "ins" => array(), - "dl" => array(), - "dd" => array(), - "dt" => array(), - "dfn" => array(), - "div" => array(), - "dir" => array(), - "kbd" => array("prompt" => 1), - "strike" => array(), - "sub" => array(), - "sup" => array(), - "table" => array("style" => 1), - "tbody" => array(), "thead" => array(), "tfoot" => array(), - "tr" => array(), - "td" => array("colspan" => 1, "rowspan" => 1), - "th" => array("colspan" => 1, "rowspan" => 1), - "tt" => array(), - "var" => array() - )); -} - /* * Function: comment_transform_ste * Transforms an object to an array, so it can be accessed via a STE template. @@ -175,7 +129,7 @@ function comment_transform_ste($comment) return array( "id" => $comment->get_id(), - "text" => comment_filter(textprocessor_apply($comment->text, $ratatoeskr_settings["comment_textprocessor"])), + "text" => $comment->create_html(), "author" => htmlesc($comment->author_name), "timestamp" => $comment->get_timestamp() ); diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index 9cfd80c..78ef270 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -11,6 +11,8 @@ require_once(dirname(__FILE__) . "/db.php"); require_once(dirname(__FILE__) . "/utils.php"); +require_once(dirname(__FILE__) . "/../libs/kses.php"); +require_once(dirname(__FILE__) . "/textprocessors.php"); db_connect(); @@ -926,6 +928,62 @@ class Comment return $rv; } + /* + * Function: create_html + * Creates the comments HTML representation. It applys the page's comment textprocessor on it + * and filters some potentially harmful tags using kses. + * + * Returns: + * The HTML representation. + */ + public function create_html() + { + global $ratatoeskr_settings; + + return kses(textprocessor_apply($this->text, $ratatoeskr_settings["comment_textprocessor"]), array( + "a" => array("href" => 1, "hreflang" => 1, "title" => 1, "rel" => 1, "rev" => 1), + "b" => array(), + "i" => array(), + "u" => array(), + "strong" => array(), + "em" => array(), + "p" => array("align" => 1), + "br" => array(), + "abbr" => array(), + "acronym" => array(), + "code" => array(), + "pre" => array(), + "blockquote" => array("cite" => 1), + "h1" => array(), "h2" => array(), "h3" => array(), "h4" => array(), "h5" => array(), "h6" => array(), + "img" => array("src" => 1, "alt" => 1, "width" => 1, "height" => 1), + "s" => array(), + "q" => array("cite" => 1), + "samp" => array(), + "ul" => array(), + "ol" => array(), + "li" => array(), + "del" => array(), + "ins" => array(), + "dl" => array(), + "dd" => array(), + "dt" => array(), + "dfn" => array(), + "div" => array(), + "dir" => array(), + "kbd" => array("prompt" => 1), + "strike" => array(), + "sub" => array(), + "sup" => array(), + "table" => array("style" => 1), + "tbody" => array(), "thead" => array(), "tfoot" => array(), + "tr" => array(), + "td" => array("colspan" => 1, "rowspan" => 1), + "th" => array("colspan" => 1, "rowspan" => 1), + "tt" => array(), + "var" => array() + )); + } + /* * Function: save * Save changes to database. -- cgit v1.2.3-54-g00ecf