filter.module 8.19 KB
Newer Older
1 2 3 4 5 6 7 8 9
<?php
// $Id$

function filter_help($section = "admin/help#filter") {
  switch ($section) {
    case 'admin/system/modules#description':
      return t("Framework for handling filtering of content.");
    case 'admin/system/filters':
      return t("Filters fit between the raw text in a node and the HTML output. They allow you to replace text selectively. Uses include automatic conversion of emoticons into graphics and filtering HTML content from users' submissions.");
Dries's avatar
 
Dries committed
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
    case 'filter#tip':
      switch (variable_get("filter_html", 1)) {
        case 0:
          return t("All HTML tags allowed");
          break;
        case 1:
          if ($allowed_html = variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>")) {
            return t("Allowed HTML tags") .": ". htmlspecialchars($allowed_html);
          } else {
            return t("No HTML tags allowed");
          }
          break;
        case 2:
          return t("No HTML tags allowed");
          break;
      }
      break;
27 28 29 30
  }
}

function filter_link($type) {
Dries's avatar
 
Dries committed
31 32 33 34 35
  if ($type == "system") {
    if (user_access("administer site configuration")) {
      menu("admin/system/filters", t("filters"), "filter_admin", 5);
    }
    menu("filter/tips", t("Compose tips"), "filter_tips_page", 0, MENU_HIDE);
36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
  }
}

function filter_admin() {
  if (user_access("administer site configuration")) {
    system_settings_save();

    $form = implode("\n", module_invoke_all("conf_filters"));
    $output = system_settings_form($form);
    print theme("page", $output);
  }
  else {
    print theme("page", message_access());
  }
}

function filter_conf_filters() {
  $group1 .= form_radios(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(0 => t("Do not filter"), 1 => t("Strip tags"), 2 => t("Escape tags")), t("How to deal with HTML and PHP tags in user-contributed content. If set to \"Strip tags\", dangerous tags are removed (see below).  If set to \"Escape tags\", all HTML is escaped and presented as it was typed."));
  $group1 .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If \"Strip tags\" is selected, optionally specify tags which should not be stripped.  'ON*' attributes and unclosed tags are always stripped."));
  $group1 .= form_radios(t("HTML style attributes"), "filter_style", variable_get("filter_style", 1), array(t("Allowed"), t("Removed")), t("If \"Strip tags\" is selected, you can choose whether 'STYLE' attributes are allowed or removed from input."));
  $output .= form_group(t("HTML filtering"), $group1);

  $group2 .= form_radios(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before.  If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links.  If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
  $output .= form_group(t("Legacy filtering"), $group2);

  return $output;
}

function check_output($text) {
  if (isset($text)) {
    // filter content on output:
    $modules = module_list();

    // Default filters are run first: they determine how to handle HTML
    $text = filter_default($text);

    foreach ($modules as $name) {
73
      if (module_hook($name, "filter")) {
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107
        $text = module_invoke($name, "filter", $text);
      }
    }

    /*
    ** If only inline elements are used and no block level elements, we
    ** replace all newlines with HTML line breaks.
    */
    if (strip_tags($text, '<a><br><span><bdo><map><object><img><tt><i><b><big><small><em><strong><dfn><code><q><samp><kbd><var><cite><abbr><acronym><sub><sup><input><select><textarea><label><button><ins><del><script>') == $text) {
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
}

function filter_default($text) {
  if (variable_get("filter_html", 0) == 1) {
    // Allow users to enter HTML, but filter it
    $text = strip_tags($text, variable_get("allowed_html", ""));
    if (variable_get("filter_style", 1)) {
      $text = preg_replace("/\Wstyle\s*=[^>]+?>/i", ">", $text);
    }
    $text = preg_replace("/\Won[a-z]+\s*=[^>]+?>/i", ">", $text);
  }

  if (variable_get("rewrite_old_urls", 0)) {
    $text = filter_old_urls($text);
  }

  if (variable_get("filter_html", 0) == 2) {
Dries's avatar
 
Dries committed
108
    // Escape HTML
109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181
    $text = htmlspecialchars($text);
  }

  return trim($text);
}

function filter_old_urls($text) {
  global $base_url;

  $end = substr($base_url, 12);

  /*
  ** This is a *temporary* filter to rewrite old-style URLs to new-style
  ** URLs (clean URLs).  Currently, URLs are being rewritten dynamically
  ** (ie. "on output"), however when these rewrite rules have been tested
  ** enough, we will use them to permanently rewrite the links in node
  ** and comment bodies.
  */

  if (variable_get("clean_url", "0") == "0") {
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
  }
  else {
    /*
    ** Relative URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

    /*
    ** Absolute URLs:
    */

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
  }

  return $text;
}

Dries's avatar
 
Dries committed
182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197
function filter_tips_page() {
  $tips = module_invoke_all("help", "filter#tip");
  foreach ($tips as $tip) {
    if ($tip) {
      $tiplist .= "<li>$tip</li>\n";
    }
  }
  $output = "<ul class=\"compose-tips\">\n$tiplist\n</ul>\n";
  print theme("page", $output, t("Compose Tips"));
}

function filter_tips_short() {
  return filter_help("filter#tip") . "<br />" . l(t("More information on formatting options."), "filter/tips", array("target" => "_blank"));
}

?>