filter.module 13.2 KB
Newer Older
1 2 3
<?php
// $Id$

4 5 6 7 8 9 10
define('FILTER_HTML_DONOTHING', 0);
define('FILTER_HTML_STRIP', 1);
define('FILTER_HTML_ESCAPE', 2);

define('FILTER_STYLE_ALLOW', 0);
define('FILTER_STYLE_STRIP', 1);

Dries's avatar
Dries committed
11 12 13 14
/**
 * Implementation of hook_help().
 */
function filter_help($section) {
15
  switch ($section) {
Dries's avatar
 
Dries committed
16
    case 'admin/modules#description':
Dries's avatar
Dries committed
17
      return t('Framework for handling filtering of content.');
Dries's avatar
 
Dries committed
18
    case 'admin/filters':
Dries's avatar
 
Dries committed
19
      return t("
Dries's avatar
 
Dries committed
20
<p>Filters fit between the raw text in posts and comments, and the HTML output. They allow you to replace text selectively. Uses include automatic conversion of emoticons into graphics and filtering HTML content from users' submissions.</p>
Dries's avatar
 
Dries committed
21 22
<p>If you notice some filters are causing conflicts in the output, you can <a href=\"%url\">rearrange them</a>.</p>", array('%url' => url('admin/filters/order')));
    case 'admin/filters/order':
Dries's avatar
 
Dries committed
23 24 25
      return t("
<p>Because of the flexible filtering system, you might encounter a situation where one filter prevents another from doing its job. For example: a word in an URL gets converted into a glossary term, before the URL can be converted in a clickable link. When this happens, you will need to rearrange the order in which filters get executed.</p>
<p>Filters are executed from top-to-bottom. You can use the weight column to rearrange them: heavier filters 'sink' to the bottom. Standard HTML filtering is always run first.</p>");
Dries's avatar
 
Dries committed
26 27
    case 'filter#long-tip':
    case 'filter#short-tip':
Dries's avatar
Dries committed
28
      switch (variable_get('filter_html', FILTER_HTML_DONOTHING)) {
Dries's avatar
 
Dries committed
29
        case 0:
Dries's avatar
Dries committed
30
          return t('All HTML tags allowed');
Dries's avatar
 
Dries committed
31 32
          break;
        case 1:
Dries's avatar
Dries committed
33 34
          if ($allowed_html = variable_get('allowed_html', '<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>')) {
            return t('Allowed HTML tags') .': '. htmlspecialchars($allowed_html);
Dries's avatar
 
Dries committed
35
          } else {
Dries's avatar
Dries committed
36
            return t('No HTML tags allowed');
Dries's avatar
 
Dries committed
37 38 39
          }
          break;
        case 2:
Dries's avatar
Dries committed
40
          return t('No HTML tags allowed');
Dries's avatar
 
Dries committed
41 42 43
          break;
      }
      break;
44 45 46
  }
}

Dries's avatar
 
Dries committed
47
/**
Dries's avatar
 
Dries committed
48
 * Implementation of hook_menu().
Dries's avatar
 
Dries committed
49
 */
Dries's avatar
 
Dries committed
50 51 52 53 54
function filter_menu() {
  $items = array();
  $items[] = array('path' => 'admin/filters', 'title' => t('filters'),
    'callback' => 'filter_admin_settings',
    'access' => user_access('administer site configuration'));
Dries's avatar
 
Dries committed
55 56 57
  $items[] = array('path' => 'admin/filters/configure', 'title' => t('configure'),
    'type' => MENU_DEFAULT_LOCAL_TASK, 'weight' => -10);
  $items[] = array('path' => 'admin/filters/order', 'title' => t('rearrange'),
Dries's avatar
 
Dries committed
58 59 60 61 62 63 64
    'callback' => 'filter_admin_order',
    'access' => user_access('administer site configuration'),
    'type' => MENU_LOCAL_TASK);
  $items[] = array('path' => 'filter/tips', 'title' => t('compose tips'),
    'callback' => 'filter_tips_long', 'access' => TRUE,
    'type' => MENU_SUGGESTED_ITEM);
  return $items;
65 66
}

Dries's avatar
Dries committed
67 68 69
/**
 * Menu callback; allows administrators to change the filter ordering.
 */
Dries's avatar
 
Dries committed
70
function filter_admin_order() {
Dries's avatar
Dries committed
71 72 73
  $edit = $_POST['edit'];
  $op = $_POST['op'];
  if ($op == t('Save configuration')) {
Dries's avatar
 
Dries committed
74
    foreach ($edit as $module => $filter) {
Dries's avatar
Dries committed
75
      db_query("UPDATE {filters} SET weight = %d WHERE module = '%s'", $filter['weight'], $module);
Dries's avatar
 
Dries committed
76 77 78 79 80 81 82
    }
  }

  // Get list (with forced refresh)
  filter_refresh();
  $filters = filter_list();

83
  $header = array(t('name'), t('weight'));
Dries's avatar
 
Dries committed
84 85 86
  $rows = array();

  // Standard HTML filters are always run first, we add a dummy row to indicate this
Dries's avatar
Dries committed
87
  $rows[] = array(t('HTML filtering'), array('data' => t('locked')));
Dries's avatar
 
Dries committed
88 89

  foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
90 91
    $name = module_invoke($module, 'filter', 'name');
    $rows[] = array($name, array('data' => form_weight(NULL, $module .'][weight', $filter['weight'])));
Dries's avatar
 
Dries committed
92 93
  }

Dries's avatar
Dries committed
94 95
  $form  = theme('table', $header, $rows);
  $form .= form_submit(t('Save configuration'));
Dries's avatar
 
Dries committed
96 97
  $output = form($form);

Dries's avatar
Dries committed
98
  print theme('page', $output);
Dries's avatar
 
Dries committed
99 100
}

Dries's avatar
Dries committed
101 102 103
/**
 * Menu callback; displays settings defined by filters.
 */
Dries's avatar
 
Dries committed
104 105 106 107 108 109
function filter_admin_settings() {
  system_settings_save();

  filter_refresh();

  $form  = filter_default_settings();
Dries's avatar
Dries committed
110
  $form .= implode("\n", module_invoke_all('filter', 'settings'));
Dries's avatar
 
Dries committed
111 112
  $output = system_settings_form($form);

Dries's avatar
Dries committed
113
  print theme('page', $output);
114 115
}

Dries's avatar
Dries committed
116 117 118
/**
 * Search through all modules for the filters they implement.
 */
Dries's avatar
 
Dries committed
119 120 121
function filter_refresh() {
  $modules = module_list();
  $filters = filter_list();
122

Dries's avatar
 
Dries committed
123
  // Update list in database
Dries's avatar
Dries committed
124
  db_query('DELETE FROM {filters}');
Dries's avatar
 
Dries committed
125
  foreach ($modules as $module) {
Dries's avatar
Dries committed
126 127
    if (module_hook($module, 'filter')) {
      $weight = $filters[$module]['weight'];
128

129
      db_query("INSERT INTO {filters} (module, weight) VALUES ('%s', %d)", $module, $weight);
Dries's avatar
 
Dries committed
130 131 132 133 134 135
    }
  }

  filter_list(1);
}

Dries's avatar
Dries committed
136 137 138
/**
 * Retrieve a list of all filters from the database.
 */
Dries's avatar
 
Dries committed
139 140 141 142 143
function filter_list($force = 0) {
  static $filters;

  if (!is_array($filters) || $force) {
    $filters = array();
Dries's avatar
Dries committed
144
    $result = db_query('SELECT * FROM {filters} ORDER BY weight ASC');
Dries's avatar
 
Dries committed
145 146
    while ($filter = db_fetch_array($result)) {
      // Fail-safe in case a module was deleted/changed without disabling it
Dries's avatar
Dries committed
147 148
      if (module_hook($filter['module'], 'filter')) {
        $filters[$filter['module']] = $filter;
Dries's avatar
 
Dries committed
149 150 151 152 153
      }
    }
  }

  return $filters;
154 155
}

Dries's avatar
Dries committed
156 157 158
/**
 * Run all the enabled filters on a piece of text.
 */
159 160
function check_output($text) {
  if (isset($text)) {
161 162 163 164 165 166

    // Convert all Windows and Mac newlines to a single newline,
    // so filters only need to deal with this one
    $text = str_replace(array("\r\n", "\r"), "\n", $text);

    // Get complete list of filters ordered properly
Dries's avatar
 
Dries committed
167 168
    $filters = filter_list();

Dries's avatar
Dries committed
169 170 171
    // Give filters the chance to escape HTML-like data such as code or formulas.
    // From this point on, the input can be treated as HTML.
    if (variable_get('filter_html', FILTER_HTML_DONOTHING) != FILTER_HTML_ESCAPE) {
172
      foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
173
        $text = module_invoke($module, 'filter', 'prepare', $text);
174
      }
Dries's avatar
 
Dries committed
175
    }
176

Dries's avatar
Dries committed
177
    // HTML handling is done before all regular filtering activities.
178 179
    $text = filter_default($text);

Dries's avatar
Dries committed
180
    // Regular filtering.
Dries's avatar
 
Dries committed
181
    foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
182
      $text = module_invoke($module, 'filter', 'process', $text);
183 184
    }

Dries's avatar
Dries committed
185 186
    // If only inline elements are used and no block level elements, we
    // replace all newlines with HTML line breaks.
Dries's avatar
 
Dries committed
187
    if (strip_tags($text, '<a><br><span><bdo><map><object><img><tt><i><b><u><big><small><em><strong><dfn><code><q><samp><kbd><var><cite><abbr><acronym><sub><sup><input><select><textarea><label><button><ins><del><script>') == $text) {
188 189 190 191 192 193 194 195 196 197
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
}

Dries's avatar
Dries committed
198 199 200
/**
 * Perform the default filters, preventing malicious HTML from being displayed.
 */
201
function filter_default($text) {
Dries's avatar
 
Dries committed
202 203 204 205 206
  if (variable_get('filter_html', FILTER_HTML_DONOTHING) == FILTER_HTML_STRIP) {
    // Allow users to enter HTML, but filter it
    $text = strip_tags($text, variable_get('allowed_html', ''));
    if (variable_get('filter_style', FILTER_STYLE_STRIP)) {
      $text = preg_replace('/\Wstyle\s*=[^>]+?>/i', '>', $text);
207
    }
Dries's avatar
 
Dries committed
208 209
    $text = preg_replace('/\Won[a-z]+\s*=[^>]+?>/i', '>', $text);
  }
210

Dries's avatar
 
Dries committed
211 212 213
  if (variable_get('filter_html', FILTER_HTML_DONOTHING) == FILTER_HTML_ESCAPE) {
    // Escape HTML
    $text = htmlspecialchars($text);
214 215 216 217 218
  }

  return trim($text);
}

Dries's avatar
Dries committed
219 220 221
/**
 * Settings for the filter system's built-in HTML handling.
 */
Dries's avatar
 
Dries committed
222
function filter_default_settings() {
Dries's avatar
Dries committed
223 224 225 226
  $group = form_radios(t('Filter HTML tags'), 'filter_html', variable_get('filter_html', FILTER_HTML_DONOTHING), array(FILTER_HTML_DONOTHING => t('Do not filter'), FILTER_HTML_STRIP => t('Strip tags'), FILTER_HTML_ESCAPE => t('Escape tags')), t('How to deal with HTML and PHP tags in user-contributed content. If set to "Strip tags", dangerous tags are removed (see below).  If set to "Escape tags", all HTML is escaped and presented as it was typed.'));
  $group .= form_textfield(t('Allowed HTML tags'), 'allowed_html', variable_get('allowed_html', '<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>'), 64, 255, t('If "Strip tags" is selected, optionally specify tags which should not be stripped.  "ON*" attributes are always stripped.'));
  $group .= form_radios(t('HTML style attributes'), 'filter_style', variable_get('filter_style', FILTER_STYLE_STRIP), array(FILTER_STYLE_ALLOW => t('Allowed'), FILTER_STYLE_STRIP => t('Removed')), t('If "Strip tags" is selected, you can choose whether "STYLE" attributes are allowed or removed from input.'));
  $output .= form_group(t('HTML filtering'), $group);
Dries's avatar
 
Dries committed
227 228 229 230

  return $output;
}

Dries's avatar
Dries committed
231 232 233 234
/**
 * Implementation of hook_filter(). Handles URL upgrades from Drupal 4.1.
 */
function filter_filter($op, $text = '') {
Dries's avatar
 
Dries committed
235
  switch ($op) {
Dries's avatar
Dries committed
236 237 238 239
    case 'name':
      return t('Legacy filtering');
    case 'process':
      if (variable_get('rewrite_old_urls', 0)) {
Dries's avatar
 
Dries committed
240 241 242
        $text = filter_old_urls($text);
      }
      return $text;
Dries's avatar
Dries committed
243 244 245
    case 'settings':
      $group   = form_radios(t('Rewrite old URLs'), 'rewrite_old_urls', variable_get('rewrite_old_urls', 0), array(t('Disabled'), t('Enabled')), t('The introduction of "clean URLs" in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before.  If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links.  If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal\'s <code>.htaccess</code> file instead as these will also correct external referrers.'));
      $output .= form_group(t('Legacy filtering'), $group);
Dries's avatar
 
Dries committed
246 247 248 249 250 251
      return $output;
    default:
      return $text;
  }
}

Dries's avatar
Dries committed
252 253 254 255 256 257 258 259 260
/**
 * Rewrite legacy URLs.
 *
 * This is a *temporary* filter to rewrite old-style URLs to new-style
 * URLs (clean URLs).  Currently, URLs are being rewritten dynamically
 * (ie. "on output"), however when these rewrite rules have been tested
 * enough, we will use them to permanently rewrite the links in node
 * and comment bodies.
 */
261 262 263 264 265
function filter_old_urls($text) {
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
Dries committed
266 267
  if (variable_get('clean_url', '0') == '0') {
    // Relative URLs:
268 269 270 271 272 273 274 275 276

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

Dries's avatar
Dries committed
277
    // Absolute URLs:
278 279 280 281 282 283 284 285 286 287

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
  }
  else {
Dries's avatar
Dries committed
288
    // Relative URLs:
289 290 291 292 293 294 295 296 297

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

Dries's avatar
Dries committed
298
    // Absolute URLs:
299 300 301 302 303 304 305 306 307 308 309 310 311

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
  }

  return $text;
}

Dries's avatar
Dries committed
312 313 314
/**
 * Fetch full filter help texts defined by modules.
 */
Dries's avatar
 
Dries committed
315 316 317 318 319
function filter_tips_long() {
  $tiplist = '';
  foreach (module_list() as $name) {
    if ($tip = module_invoke($name, 'help', 'filter#long-tip')) {
      $tiplist .= "<li id=\"filter-$name\">$tip</li>\n";
Dries's avatar
 
Dries committed
320 321
    }
  }
Dries's avatar
 
Dries committed
322
  $output = "<ul class=\"filter-tips-long\">\n$tiplist\n</ul>\n";
Dries's avatar
Dries committed
323
  print theme('page', $output, t('Compose Tips'));
Dries's avatar
 
Dries committed
324 325
}

Dries's avatar
Dries committed
326 327 328
/**
 * Fetch abbreviated filter help texts defined by modules.
 */
Dries's avatar
 
Dries committed
329
function filter_tips_short() {
Dries's avatar
 
Dries committed
330
  $tiplist = '';
Dries's avatar
 
Dries committed
331 332
  foreach (module_list() as $name) {
    if ($tip = module_invoke($name, 'help', 'filter#short-tip')) {
Dries's avatar
 
Dries committed
333
      $tiplist .= "<li>$tip</li>\n";
Dries's avatar
 
Dries committed
334 335
    }
  }
Dries's avatar
 
Dries committed
336 337
  $tiplist .= '<li class="more-tips">' . l(t('More information on formatting options'), 'filter/tips') . '</li>';
  return "<ul class=\"filter-tips-short\">\n$tiplist\n</ul>\n";
Dries's avatar
 
Dries committed
338 339 340
}

?>