File indexing completed on 2024-10-13 13:29:13
0001 <?php 0002 0003 /** 0004 * ocs-apiserver 0005 * 0006 * Copyright 2016 by pling GmbH. 0007 * 0008 * This file is part of ocs-apiserver. 0009 * 0010 * This program is free software: you can redistribute it and/or modify 0011 * it under the terms of the GNU Affero General Public License as 0012 * published by the Free Software Foundation, either version 3 of the 0013 * License, or (at your option) any later version. 0014 * 0015 * This program is distributed in the hope that it will be useful, 0016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0018 * GNU Affero General Public License for more details. 0019 * 0020 * You should have received a copy of the GNU Affero General Public License 0021 * along with this program. If not, see <http://www.gnu.org/licenses/>. 0022 * 0023 * Created: 21.06.2017 0024 */ 0025 class Application_Model_HtmlPurify 0026 { 0027 0028 const ALLOW_NOTHING = 1; 0029 const ALLOW_HTML = 2; 0030 const ALLOW_VIDEO = 3; 0031 const ALLOW_URL = 4; 0032 0033 /** 0034 * @param string $dirty_html 0035 * @param int $schema 0036 * 0037 * @return string 0038 * 0039 */ 0040 public static function purify($dirty_html, $schema = self::ALLOW_NOTHING) 0041 { 0042 return self::getPurifier($schema)->purify($dirty_html); 0043 } 0044 0045 /** 0046 * @param int $schema 0047 * 0048 * @return false|HTMLPurifier 0049 * 0050 */ 0051 public static function getPurifier($schema = self::ALLOW_NOTHING) 0052 { 0053 include_once APPLICATION_LIB . '/HTMLPurifier.safe-includes.php'; 0054 $config = HTMLPurifier_Config::createDefault(); 0055 0056 switch ($schema) { 0057 case self::ALLOW_HTML: 0058 $config->set('HTML.Allowed', 0059 'em,strong,br,p,b,a[href],img[src|alt],i,li,ol,ul,small,abbr[title],acronym,blockquote,caption,cite,code,del,dl, dt, sub, sup,tt,var'); 0060 break; 0061 0062 case self::ALLOW_VIDEO: 0063 $config->set('HTML.SafeIframe', true); 0064 $config->set('URI.SafeIframeRegexp', 0065 '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo 0066 break; 0067 0068 case self::ALLOW_URL: 0069 $config->set('HTML.Allowed', ''); // Allow Nothing 0070 $config->set('URI.AllowedSchemes', array('http' => true, 'https' => true)); 0071 $config->set('URI.MakeAbsolute', true); 0072 break; 0073 0074 default: 0075 $config->set('HTML.Allowed', ''); // Allow Nothing 0076 } 0077 0078 $config->set('Cache.SerializerPath', APPLICATION_CACHE); 0079 //$config->set('AutoFormat.AutoParagraph', true); 0080 $purifier = new HTMLPurifier($config); 0081 0082 return $purifier; 0083 } 0084 0085 }