File indexing completed on 2025-05-04 05:29:12
0001 <?php 0002 0003 /** 0004 * ocs-webserver 0005 * 0006 * Copyright 2016 by pling GmbH. 0007 * 0008 * This file is part of ocs-webserver. 0009 * 0010 * This program is free software: you can redistribute it and/or modify 0011 * it under the terms of the GNU Affero General Public License as 0012 * published by the Free Software Foundation, either version 3 of the 0013 * License, or (at your option) any later version. 0014 * 0015 * This program is distributed in the hope that it will be useful, 0016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0018 * GNU Affero General Public License for more details. 0019 * 0020 * You should have received a copy of the GNU Affero General Public License 0021 * along with this program. If not, see <http://www.gnu.org/licenses/>. 0022 * 0023 * Created: 21.06.2017 0024 */ 0025 class Default_Model_HtmlPurify 0026 { 0027 0028 const ALLOW_NOTHING = 1; 0029 const ALLOW_HTML = 2; 0030 const ALLOW_VIDEO = 3; 0031 const ALLOW_URL = 4; 0032 const ALLOW_EMBED = 5; 0033 0034 /** 0035 * @param string $dirty_html 0036 * @param int $schema 0037 * 0038 * @return string 0039 * 0040 */ 0041 public static function purify($dirty_html, $schema = self::ALLOW_NOTHING) 0042 { 0043 return self::getPurifier($schema)->purify($dirty_html); 0044 } 0045 0046 /** 0047 * @param int $schema 0048 * 0049 * @return false|HTMLPurifier 0050 * 0051 */ 0052 public static function getPurifier($schema = self::ALLOW_NOTHING) 0053 { 0054 include_once APPLICATION_LIB . '/HTMLPurifier.safe-includes.php'; 0055 $config = HTMLPurifier_Config::createDefault(); 0056 0057 switch ($schema) { 0058 case self::ALLOW_HTML: 0059 $config->set('HTML.Allowed', 0060 'em,strong,br,p,b,a[href],img[src|alt],i,li,ol,ul,small,abbr[title],acronym,blockquote,caption,cite,code,del,dl, dt, sub, sup,tt,var'); 0061 break; 0062 0063 case self::ALLOW_VIDEO: 0064 $config->set('HTML.SafeIframe', true); 0065 $config->set('URI.SafeIframeRegexp', 0066 '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo 0067 break; 0068 0069 case self::ALLOW_EMBED: 0070 $config->set('HTML.SafeIframe', true); 0071 $config->set('URI.SafeIframeRegexp', 0072 '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|w\.soundcloud\.com/player/)%'); 0073 break; 0074 0075 case self::ALLOW_URL: 0076 $config->set('HTML.Allowed', ''); // Allow Nothing 0077 $config->set('URI.AllowedSchemes', array('http' => true, 'https' => true)); 0078 $config->set('URI.MakeAbsolute', true); 0079 break; 0080 0081 default: 0082 $config->set('HTML.Allowed', ''); // Allow Nothing 0083 } 0084 0085 $config->set('Cache.SerializerPath', APPLICATION_CACHE); 0086 //$config->set('AutoFormat.AutoParagraph', true); 0087 $purifier = new HTMLPurifier($config); 0088 0089 return $purifier; 0090 } 0091 0092 }