filter.module 13.2 KB
Newer Older
1
2
3
<?php
// $Id$

4
5
6
7
8
9
10
define('FILTER_HTML_DONOTHING', 0);
define('FILTER_HTML_STRIP', 1);
define('FILTER_HTML_ESCAPE', 2);

define('FILTER_STYLE_ALLOW', 0);
define('FILTER_STYLE_STRIP', 1);

Dries's avatar
Dries committed
11
12
13
14
/**
 * Implementation of hook_help().
 */
function filter_help($section) {
15
  switch ($section) {
Dries's avatar
   
Dries committed
16
    case 'admin/modules#description':
Dries's avatar
Dries committed
17
      return t('Framework for handling filtering of content.');
Dries's avatar
   
Dries committed
18
    case 'admin/filters':
Dries's avatar
   
Dries committed
19
20
      return t("
<p>Filters fit between the raw text in a node and the HTML output. They allow you to replace text selectively. Uses include automatic conversion of emoticons into graphics and filtering HTML content from users' submissions.</p>
Dries's avatar
   
Dries committed
21
22
<p>If you notice some filters are causing conflicts in the output, you can <a href=\"%url\">rearrange them</a>.</p>", array('%url' => url('admin/filters/order')));
    case 'admin/filters/order':
Dries's avatar
   
Dries committed
23
24
25
      return t("
<p>Because of the flexible filtering system, you might encounter a situation where one filter prevents another from doing its job. For example: a word in an URL gets converted into a glossary term, before the URL can be converted in a clickable link. When this happens, you will need to rearrange the order in which filters get executed.</p>
<p>Filters are executed from top-to-bottom. You can use the weight column to rearrange them: heavier filters 'sink' to the bottom. Standard HTML filtering is always run first.</p>");
Dries's avatar
   
Dries committed
26
27
    case 'filter#long-tip':
    case 'filter#short-tip':
Dries's avatar
Dries committed
28
      switch (variable_get('filter_html', FILTER_HTML_DONOTHING)) {
Dries's avatar
   
Dries committed
29
        case 0:
Dries's avatar
Dries committed
30
          return t('All HTML tags allowed');
Dries's avatar
   
Dries committed
31
32
          break;
        case 1:
Dries's avatar
Dries committed
33
34
          if ($allowed_html = variable_get('allowed_html', '<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>')) {
            return t('Allowed HTML tags') .': '. htmlspecialchars($allowed_html);
Dries's avatar
   
Dries committed
35
          } else {
Dries's avatar
Dries committed
36
            return t('No HTML tags allowed');
Dries's avatar
   
Dries committed
37
38
39
          }
          break;
        case 2:
Dries's avatar
Dries committed
40
          return t('No HTML tags allowed');
Dries's avatar
   
Dries committed
41
42
43
          break;
      }
      break;
44
45
46
  }
}

Dries's avatar
   
Dries committed
47
/**
Dries's avatar
   
Dries committed
48
 * Implementation of hook_menu().
Dries's avatar
   
Dries committed
49
 */
Dries's avatar
   
Dries committed
50
51
52
53
54
55
56
57
58
59
60
61
62
function filter_menu() {
  $items = array();
  $items[] = array('path' => 'admin/filters', 'title' => t('filters'),
    'callback' => 'filter_admin_settings',
    'access' => user_access('administer site configuration'));
  $items[] = array('path' => 'admin/filters/order', 'title' => t('order filters'),
    'callback' => 'filter_admin_order',
    'access' => user_access('administer site configuration'),
    'type' => MENU_LOCAL_TASK);
  $items[] = array('path' => 'filter/tips', 'title' => t('compose tips'),
    'callback' => 'filter_tips_long', 'access' => TRUE,
    'type' => MENU_SUGGESTED_ITEM);
  return $items;
63
64
}

Dries's avatar
Dries committed
65
66
67
/**
 * Menu callback; allows administrators to change the filter ordering.
 */
Dries's avatar
   
Dries committed
68
function filter_admin_order() {
Dries's avatar
Dries committed
69
70
71
  $edit = $_POST['edit'];
  $op = $_POST['op'];
  if ($op == t('Save configuration')) {
Dries's avatar
   
Dries committed
72
    foreach ($edit as $module => $filter) {
Dries's avatar
Dries committed
73
      db_query("UPDATE {filters} SET weight = %d WHERE module = '%s'", $filter['weight'], $module);
Dries's avatar
   
Dries committed
74
75
76
77
78
79
80
    }
  }

  // Get list (with forced refresh)
  filter_refresh();
  $filters = filter_list();

81
  $header = array(t('name'), t('weight'));
Dries's avatar
   
Dries committed
82
83
84
  $rows = array();

  // Standard HTML filters are always run first, we add a dummy row to indicate this
Dries's avatar
Dries committed
85
  $rows[] = array(t('HTML filtering'), array('data' => t('locked')));
Dries's avatar
   
Dries committed
86
87

  foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
88
89
    $name = module_invoke($module, 'filter', 'name');
    $rows[] = array($name, array('data' => form_weight(NULL, $module .'][weight', $filter['weight'])));
Dries's avatar
   
Dries committed
90
91
  }

Dries's avatar
Dries committed
92
93
  $form  = theme('table', $header, $rows);
  $form .= form_submit(t('Save configuration'));
Dries's avatar
   
Dries committed
94
95
  $output = form($form);

Dries's avatar
Dries committed
96
  print theme('page', $output);
Dries's avatar
   
Dries committed
97
98
}

Dries's avatar
Dries committed
99
100
101
/**
 * Menu callback; displays settings defined by filters.
 */
Dries's avatar
   
Dries committed
102
103
104
105
106
107
function filter_admin_settings() {
  system_settings_save();

  filter_refresh();

  $form  = filter_default_settings();
Dries's avatar
Dries committed
108
  $form .= implode("\n", module_invoke_all('filter', 'settings'));
Dries's avatar
   
Dries committed
109
110
  $output = system_settings_form($form);

Dries's avatar
Dries committed
111
  print theme('page', $output);
112
113
}

Dries's avatar
Dries committed
114
115
116
/**
 * Search through all modules for the filters they implement.
 */
Dries's avatar
   
Dries committed
117
118
119
function filter_refresh() {
  $modules = module_list();
  $filters = filter_list();
120

Dries's avatar
   
Dries committed
121
  // Update list in database
Dries's avatar
Dries committed
122
  db_query('DELETE FROM {filters}');
Dries's avatar
   
Dries committed
123
  foreach ($modules as $module) {
Dries's avatar
Dries committed
124
125
    if (module_hook($module, 'filter')) {
      $weight = $filters[$module]['weight'];
126

127
      db_query("INSERT INTO {filters} (module, weight) VALUES ('%s', %d)", $module, $weight);
Dries's avatar
   
Dries committed
128
129
130
131
132
133
    }
  }

  filter_list(1);
}

Dries's avatar
Dries committed
134
135
136
/**
 * Retrieve a list of all filters from the database.
 */
Dries's avatar
   
Dries committed
137
138
139
140
141
function filter_list($force = 0) {
  static $filters;

  if (!is_array($filters) || $force) {
    $filters = array();
Dries's avatar
Dries committed
142
    $result = db_query('SELECT * FROM {filters} ORDER BY weight ASC');
Dries's avatar
   
Dries committed
143
144
    while ($filter = db_fetch_array($result)) {
      // Fail-safe in case a module was deleted/changed without disabling it
Dries's avatar
Dries committed
145
146
      if (module_hook($filter['module'], 'filter')) {
        $filters[$filter['module']] = $filter;
Dries's avatar
   
Dries committed
147
148
149
150
151
      }
    }
  }

  return $filters;
152
153
}

Dries's avatar
Dries committed
154
155
156
/**
 * Run all the enabled filters on a piece of text.
 */
157
158
function check_output($text) {
  if (isset($text)) {
159
160
161
162
163
164

    // Convert all Windows and Mac newlines to a single newline,
    // so filters only need to deal with this one
    $text = str_replace(array("\r\n", "\r"), "\n", $text);

    // Get complete list of filters ordered properly
Dries's avatar
   
Dries committed
165
166
    $filters = filter_list();

Dries's avatar
Dries committed
167
168
169
    // Give filters the chance to escape HTML-like data such as code or formulas.
    // From this point on, the input can be treated as HTML.
    if (variable_get('filter_html', FILTER_HTML_DONOTHING) != FILTER_HTML_ESCAPE) {
170
      foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
171
        $text = module_invoke($module, 'filter', 'prepare', $text);
172
      }
Dries's avatar
   
Dries committed
173
    }
174

Dries's avatar
Dries committed
175
    // HTML handling is done before all regular filtering activities.
176
177
    $text = filter_default($text);

Dries's avatar
Dries committed
178
    // Regular filtering.
Dries's avatar
   
Dries committed
179
    foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
180
      $text = module_invoke($module, 'filter', 'process', $text);
181
182
    }

Dries's avatar
Dries committed
183
184
    // If only inline elements are used and no block level elements, we
    // replace all newlines with HTML line breaks.
Dries's avatar
   
Dries committed
185
    if (strip_tags($text, '<a><br><span><bdo><map><object><img><tt><i><b><u><big><small><em><strong><dfn><code><q><samp><kbd><var><cite><abbr><acronym><sub><sup><input><select><textarea><label><button><ins><del><script>') == $text) {
186
187
188
189
190
191
192
193
194
195
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
}

Dries's avatar
Dries committed
196
197
198
/**
 * Perform the default filters, preventing malicious HTML from being displayed.
 */
199
function filter_default($text) {
200
201
202
203
204
205
206
207
  if (!user_access('bypass html filter')) {
    if (variable_get('filter_html', FILTER_HTML_DONOTHING) == FILTER_HTML_STRIP) {
      // Allow users to enter HTML, but filter it
      $text = strip_tags($text, variable_get('allowed_html', ''));
      if (variable_get('filter_style', FILTER_STYLE_STRIP)) {
        $text = preg_replace('/\Wstyle\s*=[^>]+?>/i', '>', $text);
      }
      $text = preg_replace('/\Won[a-z]+\s*=[^>]+?>/i', '>', $text);
208
209
    }

210
211
212
213
    if (variable_get('filter_html', FILTER_HTML_DONOTHING) == FILTER_HTML_ESCAPE) {
      // Escape HTML
      $text = htmlspecialchars($text);
    }
214
215
216
217
218
  }

  return trim($text);
}

Dries's avatar
Dries committed
219
220
221
/**
 * Settings for the filter system's built-in HTML handling.
 */
Dries's avatar
   
Dries committed
222
function filter_default_settings() {
Dries's avatar
Dries committed
223
224
225
226
  $group = form_radios(t('Filter HTML tags'), 'filter_html', variable_get('filter_html', FILTER_HTML_DONOTHING), array(FILTER_HTML_DONOTHING => t('Do not filter'), FILTER_HTML_STRIP => t('Strip tags'), FILTER_HTML_ESCAPE => t('Escape tags')), t('How to deal with HTML and PHP tags in user-contributed content. If set to "Strip tags", dangerous tags are removed (see below).  If set to "Escape tags", all HTML is escaped and presented as it was typed.'));
  $group .= form_textfield(t('Allowed HTML tags'), 'allowed_html', variable_get('allowed_html', '<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>'), 64, 255, t('If "Strip tags" is selected, optionally specify tags which should not be stripped.  "ON*" attributes are always stripped.'));
  $group .= form_radios(t('HTML style attributes'), 'filter_style', variable_get('filter_style', FILTER_STYLE_STRIP), array(FILTER_STYLE_ALLOW => t('Allowed'), FILTER_STYLE_STRIP => t('Removed')), t('If "Strip tags" is selected, you can choose whether "STYLE" attributes are allowed or removed from input.'));
  $output .= form_group(t('HTML filtering'), $group);
Dries's avatar
   
Dries committed
227
228
229
230

  return $output;
}

Dries's avatar
Dries committed
231
232
233
234
/**
 * Implementation of hook_filter(). Handles URL upgrades from Drupal 4.1.
 */
function filter_filter($op, $text = '') {
Dries's avatar
   
Dries committed
235
  switch ($op) {
Dries's avatar
Dries committed
236
237
238
239
    case 'name':
      return t('Legacy filtering');
    case 'process':
      if (variable_get('rewrite_old_urls', 0)) {
Dries's avatar
   
Dries committed
240
241
242
        $text = filter_old_urls($text);
      }
      return $text;
Dries's avatar
Dries committed
243
244
245
    case 'settings':
      $group   = form_radios(t('Rewrite old URLs'), 'rewrite_old_urls', variable_get('rewrite_old_urls', 0), array(t('Disabled'), t('Enabled')), t('The introduction of "clean URLs" in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before.  If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links.  If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal\'s <code>.htaccess</code> file instead as these will also correct external referrers.'));
      $output .= form_group(t('Legacy filtering'), $group);
Dries's avatar
   
Dries committed
246
247
248
249
250
251
      return $output;
    default:
      return $text;
  }
}

Dries's avatar
Dries committed
252
253
254
255
256
257
258
259
260
/**
 * Rewrite legacy URLs.
 *
 * This is a *temporary* filter to rewrite old-style URLs to new-style
 * URLs (clean URLs).  Currently, URLs are being rewritten dynamically
 * (ie. "on output"), however when these rewrite rules have been tested
 * enough, we will use them to permanently rewrite the links in node
 * and comment bodies.
 */
261
262
263
264
265
function filter_old_urls($text) {
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
Dries committed
266
267
  if (variable_get('clean_url', '0') == '0') {
    // Relative URLs:
268
269
270
271
272
273
274
275
276

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

Dries's avatar
Dries committed
277
    // Absolute URLs:
278
279
280
281
282
283
284
285
286
287

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
  }
  else {
Dries's avatar
Dries committed
288
    // Relative URLs:
289
290
291
292
293
294
295
296
297

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

Dries's avatar
Dries committed
298
    // Absolute URLs:
299
300
301
302
303
304
305
306
307
308
309
310
311

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
  }

  return $text;
}

Dries's avatar
Dries committed
312
313
314
/**
 * Fetch full filter help texts defined by modules.
 */
Dries's avatar
   
Dries committed
315
316
317
318
319
function filter_tips_long() {
  $tiplist = '';
  foreach (module_list() as $name) {
    if ($tip = module_invoke($name, 'help', 'filter#long-tip')) {
      $tiplist .= "<li id=\"filter-$name\">$tip</li>\n";
Dries's avatar
   
Dries committed
320
321
    }
  }
Dries's avatar
   
Dries committed
322
  $output = "<ul class=\"filter-tips-long\">\n$tiplist\n</ul>\n";
Dries's avatar
Dries committed
323
  print theme('page', $output, t('Compose Tips'));
Dries's avatar
   
Dries committed
324
325
}

Dries's avatar
Dries committed
326
327
328
/**
 * Fetch abbreviated filter help texts defined by modules.
 */
Dries's avatar
   
Dries committed
329
function filter_tips_short() {
Dries's avatar
   
Dries committed
330
  $tiplist = '';
Dries's avatar
   
Dries committed
331
332
  foreach (module_list() as $name) {
    if ($tip = module_invoke($name, 'help', 'filter#short-tip')) {
Dries's avatar
   
Dries committed
333
      $tiplist .= "<li>$tip</li>\n";
Dries's avatar
   
Dries committed
334
335
    }
  }
Dries's avatar
   
Dries committed
336
337
  $tiplist .= '<li class="more-tips">' . l(t('More information on formatting options'), 'filter/tips') . '</li>';
  return "<ul class=\"filter-tips-short\">\n$tiplist\n</ul>\n";
Dries's avatar
   
Dries committed
338
339
340
}

?>