File indexing completed on 2025-05-04 05:29:12 

0001 <?php
0002 
0003 /**
0004  *  ocs-webserver
0005  *
0006  *  Copyright 2016 by pling GmbH.
0007  *
0008  *    This file is part of ocs-webserver.
0009  *
0010  *    This program is free software: you can redistribute it and/or modify
0011  *    it under the terms of the GNU Affero General Public License as
0012  *    published by the Free Software Foundation, either version 3 of the
0013  *    License, or (at your option) any later version.
0014  *
0015  *    This program is distributed in the hope that it will be useful,
0016  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
0017  *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0018  *    GNU Affero General Public License for more details.
0019  *
0020  *    You should have received a copy of the GNU Affero General Public License
0021  *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
0022  *
0023  * Created: 21.06.2017
0024  */
0025 class Default_Model_HtmlPurify
0026 {
0027 
0028     const ALLOW_NOTHING = 1;
0029     const ALLOW_HTML = 2;
0030     const ALLOW_VIDEO = 3;
0031     const ALLOW_URL = 4;
0032     const ALLOW_EMBED = 5;
0033 
0034     /**
0035      * @param string $dirty_html
0036      * @param int    $schema
0037      *
0038      * @return string
0039      *
0040      */
0041     public static function purify($dirty_html, $schema = self::ALLOW_NOTHING)
0042     {
0043         return self::getPurifier($schema)->purify($dirty_html);
0044     }
0045 
0046     /**
0047      * @param int $schema
0048      *
0049      * @return false|HTMLPurifier
0050      *
0051      */
0052     public static function getPurifier($schema = self::ALLOW_NOTHING)
0053     {
0054         include_once APPLICATION_LIB . '/HTMLPurifier.safe-includes.php';
0055         $config = HTMLPurifier_Config::createDefault();
0056 
0057         switch ($schema) {
0058             case self::ALLOW_HTML:
0059                 $config->set('HTML.Allowed',
0060                     'em,strong,br,p,b,a[href],img[src|alt],i,li,ol,ul,small,abbr[title],acronym,blockquote,caption,cite,code,del,dl, dt, sub, sup,tt,var');
0061                 break;
0062 
0063             case self::ALLOW_VIDEO:
0064                 $config->set('HTML.SafeIframe', true);
0065                 $config->set('URI.SafeIframeRegexp',
0066                     '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo
0067                 break;
0068 
0069             case self::ALLOW_EMBED:
0070                  $config->set('HTML.SafeIframe', true);
0071                  $config->set('URI.SafeIframeRegexp',
0072                     '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|w\.soundcloud\.com/player/)%'); 
0073                 break;
0074 
0075             case self::ALLOW_URL:
0076                 $config->set('HTML.Allowed', ''); // Allow Nothing
0077                 $config->set('URI.AllowedSchemes', array('http' => true, 'https' => true));
0078                 $config->set('URI.MakeAbsolute', true);
0079                 break;
0080 
0081             default:
0082                 $config->set('HTML.Allowed', ''); // Allow Nothing
0083         }
0084 
0085         $config->set('Cache.SerializerPath', APPLICATION_CACHE);
0086         //$config->set('AutoFormat.AutoParagraph', true);
0087         $purifier = new HTMLPurifier($config);
0088 
0089         return $purifier;
0090     }
0091 
0092 }