aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--INSTALL.md19
-rwxr-xr-xbuild.sh10
-rw-r--r--composer.json3
-rw-r--r--composer.lock52
-rw-r--r--ratatoeskr/frontend.php1
-rw-r--r--ratatoeskr/libs/INFO7
-rw-r--r--ratatoeskr/sys/models.php8
-rw-r--r--setup.php1
9 files changed, 63 insertions, 40 deletions
diff --git a/.gitignore b/.gitignore
index 076eff0..d62a07f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,8 +5,6 @@ images/*
ratatoeskr/templates/src/plugintemplates/*
ratatoeskr/templates/src/usertemplates/*
ratatoeskr/templates/transc/*
-ratatoeskr/libs/ste
-ratatoeskr/libs/kses.php
ratatoeskr/config.php
.php_cs.cache
ratatoeskr/vendor/
diff --git a/INSTALL.md b/INSTALL.md
index 06162fe..ac9feba 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -11,27 +11,18 @@ Step 0: Requirements
Step 1: Get required packages using composer
--------------------------------------------
+*(If you donloaded a pre-built package, you can skip this step)*
+
Some required packages are managed by [composer](https://www.getcomposer.org). If you don't have it installed, go and install it.
After that, run `composer install` in the root directory of this package.
-Step 2: Get additional libraries
---------------------------------
-
-You need these libraries to run Ratatöskr (it is probably already bundled with these):
-
-1. kses
-
- Place "kses.php" from the archive directly into this directory.
-
- kses can be found at <http://sourceforge.net/projects/kses/>
-
-Step 3: Copy files to your Webspace
+Step 2: Copy files to your Webspace
-----------------------------------
Copy Ratatöskr to your webspace (usually using FTP or SFTP).
-Step 4: Use the setup wizard
+Step 3: Use the setup wizard
----------------------------
1. Open your favourite Web browser and surf to `setup.php` of your Ratatöskr installation.
@@ -47,7 +38,7 @@ Step 4: Use the setup wizard
5. Copy the text from the textbox and replace the contents of `/ratatoeskr/config.php` with it.
-Step 5: Delete the setup wizard
+Step 4: Delete the setup wizard
-------------------------------
Delete the file `setup.php`.
diff --git a/build.sh b/build.sh
index 8efe267..91a1874 100755
--- a/build.sh
+++ b/build.sh
@@ -15,16 +15,6 @@ setup_directories() {
install_dependencies() {
composer install
-
- cd ratatoeskr/libs
-
- wget -O kses.zip http://sourceforge.net/projects/kses/files/kses/0.2.2/kses-0.2.2.zip/download?use_mirror=optimate
- unzip kses.zip
- mv kses-*/kses.php .
- rm -rf kses-*
- rm kses.zip
-
- cd ../..
}
setup_dev_environment() {
diff --git a/composer.json b/composer.json
index 0e22b52..ac07552 100644
--- a/composer.json
+++ b/composer.json
@@ -18,7 +18,8 @@
"php": ">=7.3",
"r7r/ste": "^2.0.1",
"michelf/php-markdown": "^1.9",
- "components/jquery": "^3.5"
+ "components/jquery": "^3.5",
+ "ezyang/htmlpurifier": "^4.13"
},
"config": {
"vendor-dir": "ratatoeskr/vendor"
diff --git a/composer.lock b/composer.lock
index ca731cc..7a0e178 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "9cb5c30495a0e70e4fc6c1368f601408",
+ "content-hash": "8e7c51894df523adf15ac1b9cb7a31c4",
"packages": [
{
"name": "components/jquery",
@@ -49,6 +49,56 @@
"time": "2020-05-05T13:21:02+00:00"
},
{
+ "name": "ezyang/htmlpurifier",
+ "version": "v4.13.0",
+ "source": {
+ "type": "git",
+ "url": "https://github.com/ezyang/htmlpurifier.git",
+ "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75"
+ },
+ "dist": {
+ "type": "zip",
+ "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/08e27c97e4c6ed02f37c5b2b20488046c8d90d75",
+ "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75",
+ "shasum": ""
+ },
+ "require": {
+ "php": ">=5.2"
+ },
+ "require-dev": {
+ "simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd"
+ },
+ "type": "library",
+ "autoload": {
+ "psr-0": {
+ "HTMLPurifier": "library/"
+ },
+ "files": [
+ "library/HTMLPurifier.composer.php"
+ ],
+ "exclude-from-classmap": [
+ "/library/HTMLPurifier/Language/"
+ ]
+ },
+ "notification-url": "https://packagist.org/downloads/",
+ "license": [
+ "LGPL-2.1-or-later"
+ ],
+ "authors": [
+ {
+ "name": "Edward Z. Yang",
+ "email": "admin@htmlpurifier.org",
+ "homepage": "http://ezyang.com"
+ }
+ ],
+ "description": "Standards compliant HTML filter written in PHP",
+ "homepage": "http://htmlpurifier.org/",
+ "keywords": [
+ "html"
+ ],
+ "time": "2020-06-29T00:56:53+00:00"
+ },
+ {
"name": "michelf/php-markdown",
"version": "1.9.0",
"source": {
diff --git a/ratatoeskr/frontend.php b/ratatoeskr/frontend.php
index 6484796..f49e61e 100644
--- a/ratatoeskr/frontend.php
+++ b/ratatoeskr/frontend.php
@@ -17,7 +17,6 @@ require_once(dirname(__FILE__) . "/sys/utils.php");
require_once(dirname(__FILE__) . "/languages.php");
require_once(dirname(__FILE__) . "/sys/models.php");
require_once(dirname(__FILE__) . "/sys/textprocessors.php");
-require_once(dirname(__FILE__) . "/libs/kses.php");
/** @var ste\STECore $ste */
assert(isset($ste));
diff --git a/ratatoeskr/libs/INFO b/ratatoeskr/libs/INFO
deleted file mode 100644
index e821828..0000000
--- a/ratatoeskr/libs/INFO
+++ /dev/null
@@ -1,7 +0,0 @@
-This directory will hold some libraries Ratatöskr needs.
-
-1. kses
-
- Place "kses.php" from the archive directly into this directory.
-
- kses can be found at <http://sourceforge.net/projects/kses/>
diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php
index caf14ad..b820e6f 100644
--- a/ratatoeskr/sys/models.php
+++ b/ratatoeskr/sys/models.php
@@ -14,7 +14,6 @@ use r7r\cms\sys\Env;
require_once(dirname(__FILE__) . "/db.php");
require_once(dirname(__FILE__) . "/utils.php");
-require_once(dirname(__FILE__) . "/../libs/kses.php");
require_once(dirname(__FILE__) . "/textprocessors.php");
require_once(dirname(__FILE__) . "/pluginpackage.php");
@@ -1207,7 +1206,7 @@ class Comment extends BySQLRowEnabled
/**
* Creates the HTML representation of a comment text. It applies the page's comment textprocessor on it
- * and filters some potentially harmful tags using kses.
+ * and filters some potentially harmful tags using HTMLPurifier.
*
* @param string $text Text to HTMLize.
* @return string HTML code.
@@ -1218,7 +1217,10 @@ class Comment extends BySQLRowEnabled
$textprocessors = $textprocessors ?? Env::getGlobal()->textprocessors();
- return kses($textprocessors->mustApply($text, $ratatoeskr_settings["comment_textprocessor"]), [
+ $purifierConfig = HTMLPurifier_Config::createDefault();
+ $purifier = new HTMLPurifier($purifierConfig);
+
+ return $purifier->purify($textprocessors->mustApply($text, $ratatoeskr_settings["comment_textprocessor"]), [
"a" => ["href" => 1, "hreflang" => 1, "title" => 1, "rel" => 1, "rev" => 1],
"b" => [],
"i" => [],
diff --git a/setup.php b/setup.php
index 2f57ce9..f496dfe 100644
--- a/setup.php
+++ b/setup.php
@@ -59,7 +59,6 @@ $files = [
"/ratatoeskr/translations/de.php",
"/ratatoeskr/translations/en.php",
"/ratatoeskr/backend.php",
- "/ratatoeskr/libs/kses.php",
"/ratatoeskr/vendor/autoload.php",
"/ratatoeskr/.htaccess",
"/ratatoeskr/setup/create_tables.php",