From 3de03d4f83817e59c1be4bc361fee8eca781789b Mon Sep 17 00:00:00 2001 From: Laria Carolin Chabowski Date: Fri, 25 Sep 2020 22:19:37 +0200 Subject: Replace kses with HTMLPurifier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This gets rid of our last non-compüoser dependency! :) --- ratatoeskr/frontend.php | 1 - ratatoeskr/libs/INFO | 7 ------- ratatoeskr/sys/models.php | 8 +++++--- 3 files changed, 5 insertions(+), 11 deletions(-) delete mode 100644 ratatoeskr/libs/INFO (limited to 'ratatoeskr') diff --git a/ratatoeskr/frontend.php b/ratatoeskr/frontend.php index 6484796..f49e61e 100644 --- a/ratatoeskr/frontend.php +++ b/ratatoeskr/frontend.php @@ -17,7 +17,6 @@ require_once(dirname(__FILE__) . "/sys/utils.php"); require_once(dirname(__FILE__) . "/languages.php"); require_once(dirname(__FILE__) . "/sys/models.php"); require_once(dirname(__FILE__) . "/sys/textprocessors.php"); -require_once(dirname(__FILE__) . "/libs/kses.php"); /** @var ste\STECore $ste */ assert(isset($ste)); diff --git a/ratatoeskr/libs/INFO b/ratatoeskr/libs/INFO deleted file mode 100644 index e821828..0000000 --- a/ratatoeskr/libs/INFO +++ /dev/null @@ -1,7 +0,0 @@ -This directory will hold some libraries Ratatöskr needs. - -1. kses - - Place "kses.php" from the archive directly into this directory. - - kses can be found at diff --git a/ratatoeskr/sys/models.php b/ratatoeskr/sys/models.php index caf14ad..b820e6f 100644 --- a/ratatoeskr/sys/models.php +++ b/ratatoeskr/sys/models.php @@ -14,7 +14,6 @@ use r7r\cms\sys\Env; require_once(dirname(__FILE__) . "/db.php"); require_once(dirname(__FILE__) . "/utils.php"); -require_once(dirname(__FILE__) . "/../libs/kses.php"); require_once(dirname(__FILE__) . "/textprocessors.php"); require_once(dirname(__FILE__) . "/pluginpackage.php"); @@ -1207,7 +1206,7 @@ class Comment extends BySQLRowEnabled /** * Creates the HTML representation of a comment text. It applies the page's comment textprocessor on it - * and filters some potentially harmful tags using kses. + * and filters some potentially harmful tags using HTMLPurifier. * * @param string $text Text to HTMLize. * @return string HTML code. @@ -1218,7 +1217,10 @@ class Comment extends BySQLRowEnabled $textprocessors = $textprocessors ?? Env::getGlobal()->textprocessors(); - return kses($textprocessors->mustApply($text, $ratatoeskr_settings["comment_textprocessor"]), [ + $purifierConfig = HTMLPurifier_Config::createDefault(); + $purifier = new HTMLPurifier($purifierConfig); + + return $purifier->purify($textprocessors->mustApply($text, $ratatoeskr_settings["comment_textprocessor"]), [ "a" => ["href" => 1, "hreflang" => 1, "title" => 1, "rel" => 1, "rev" => 1], "b" => [], "i" => [], -- cgit v1.2.3-70-g09d2