File indexing completed on 2024-10-13 13:29:13

0001 <?php
0002 
0003 /**
0004  *  ocs-apiserver
0005  *
0006  *  Copyright 2016 by pling GmbH.
0007  *
0008  *    This file is part of ocs-apiserver.
0009  *
0010  *    This program is free software: you can redistribute it and/or modify
0011  *    it under the terms of the GNU Affero General Public License as
0012  *    published by the Free Software Foundation, either version 3 of the
0013  *    License, or (at your option) any later version.
0014  *
0015  *    This program is distributed in the hope that it will be useful,
0016  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
0017  *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0018  *    GNU Affero General Public License for more details.
0019  *
0020  *    You should have received a copy of the GNU Affero General Public License
0021  *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
0022  *
0023  * Created: 21.06.2017
0024  */
0025 class Application_Model_HtmlPurify
0026 {
0027 
0028     const ALLOW_NOTHING = 1;
0029     const ALLOW_HTML = 2;
0030     const ALLOW_VIDEO = 3;
0031     const ALLOW_URL = 4;
0032 
0033     /**
0034      * @param string $dirty_html
0035      * @param int    $schema
0036      *
0037      * @return string
0038      *
0039      */
0040     public static function purify($dirty_html, $schema = self::ALLOW_NOTHING)
0041     {
0042         return self::getPurifier($schema)->purify($dirty_html);
0043     }
0044 
0045     /**
0046      * @param int $schema
0047      *
0048      * @return false|HTMLPurifier
0049      *
0050      */
0051     public static function getPurifier($schema = self::ALLOW_NOTHING)
0052     {
0053         include_once APPLICATION_LIB . '/HTMLPurifier.safe-includes.php';
0054         $config = HTMLPurifier_Config::createDefault();
0055 
0056         switch ($schema) {
0057             case self::ALLOW_HTML:
0058                 $config->set('HTML.Allowed',
0059                     'em,strong,br,p,b,a[href],img[src|alt],i,li,ol,ul,small,abbr[title],acronym,blockquote,caption,cite,code,del,dl, dt, sub, sup,tt,var');
0060                 break;
0061 
0062             case self::ALLOW_VIDEO:
0063                 $config->set('HTML.SafeIframe', true);
0064                 $config->set('URI.SafeIframeRegexp',
0065                     '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo
0066                 break;
0067 
0068             case self::ALLOW_URL:
0069                 $config->set('HTML.Allowed', ''); // Allow Nothing
0070                 $config->set('URI.AllowedSchemes', array('http' => true, 'https' => true));
0071                 $config->set('URI.MakeAbsolute', true);
0072                 break;
0073 
0074             default:
0075                 $config->set('HTML.Allowed', ''); // Allow Nothing
0076         }
0077 
0078         $config->set('Cache.SerializerPath', APPLICATION_CACHE);
0079         //$config->set('AutoFormat.AutoParagraph', true);
0080         $purifier = new HTMLPurifier($config);
0081 
0082         return $purifier;
0083     }
0084 
0085 }