filter.module 12.7 KB
Newer Older
1 2 3
<?php
// $Id$

4 5 6 7 8 9 10
define('FILTER_HTML_DONOTHING', 0);
define('FILTER_HTML_STRIP', 1);
define('FILTER_HTML_ESCAPE', 2);

define('FILTER_STYLE_ALLOW', 0);
define('FILTER_STYLE_STRIP', 1);

Dries's avatar
Dries committed
11 12 13 14
/**
 * Implementation of hook_help().
 */
function filter_help($section) {
15 16
  switch ($section) {
    case 'admin/system/modules#description':
Dries's avatar
Dries committed
17
      return t('Framework for handling filtering of content.');
18
    case 'admin/system/filters':
Dries's avatar
 
Dries committed
19 20
      return t("
<p>Filters fit between the raw text in a node and the HTML output. They allow you to replace text selectively. Uses include automatic conversion of emoticons into graphics and filtering HTML content from users' submissions.</p>
Dries's avatar
Dries committed
21
<p>If you notice some filters are causing conflicts in the output, you can <a href=\"%url\">rearrange them</a>.</p>", array('%url' => url('admin/system/filters/order')));
Dries's avatar
 
Dries committed
22 23 24 25
    case 'admin/system/filters/order':
      return t("
<p>Because of the flexible filtering system, you might encounter a situation where one filter prevents another from doing its job. For example: a word in an URL gets converted into a glossary term, before the URL can be converted in a clickable link. When this happens, you will need to rearrange the order in which filters get executed.</p>
<p>Filters are executed from top-to-bottom. You can use the weight column to rearrange them: heavier filters 'sink' to the bottom. Standard HTML filtering is always run first.</p>");
Dries's avatar
 
Dries committed
26 27
    case 'filter#long-tip':
    case 'filter#short-tip':
Dries's avatar
Dries committed
28
      switch (variable_get('filter_html', FILTER_HTML_DONOTHING)) {
Dries's avatar
 
Dries committed
29
        case 0:
Dries's avatar
Dries committed
30
          return t('All HTML tags allowed');
Dries's avatar
 
Dries committed
31 32
          break;
        case 1:
Dries's avatar
Dries committed
33 34
          if ($allowed_html = variable_get('allowed_html', '<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>')) {
            return t('Allowed HTML tags') .': '. htmlspecialchars($allowed_html);
Dries's avatar
 
Dries committed
35
          } else {
Dries's avatar
Dries committed
36
            return t('No HTML tags allowed');
Dries's avatar
 
Dries committed
37 38 39
          }
          break;
        case 2:
Dries's avatar
Dries committed
40
          return t('No HTML tags allowed');
Dries's avatar
 
Dries committed
41 42 43
          break;
      }
      break;
44 45 46
  }
}

Dries's avatar
 
Dries committed
47 48 49
/**
 * Implementation of hook_link().
 */
50
function filter_link($type) {
Dries's avatar
 
Dries committed
51
  if ($type == 'system') {
Dries's avatar
Dries committed
52 53
    menu('admin/system/filters', t('filters'), user_access('administer site configuration') ? 'filter_admin_settings' : MENU_DENIED, 5);
    menu('admin/system/filters/order', t('ordering'), user_access('administer site configuration') ? 'filter_admin_order' : MENU_DENIED, 5);
Dries's avatar
 
Dries committed
54
    menu('filter/tips', t('compose tips'), 'filter_tips_long', 0, MENU_HIDE);
55 56 57
  }
}

Dries's avatar
Dries committed
58 59 60
/**
 * Menu callback; allows administrators to change the filter ordering.
 */
Dries's avatar
 
Dries committed
61
function filter_admin_order() {
Dries's avatar
Dries committed
62 63 64
  $edit = $_POST['edit'];
  $op = $_POST['op'];
  if ($op == t('Save configuration')) {
Dries's avatar
 
Dries committed
65
    foreach ($edit as $module => $filter) {
Dries's avatar
Dries committed
66
      db_query("UPDATE {filters} SET weight = %d WHERE module = '%s'", $filter['weight'], $module);
Dries's avatar
 
Dries committed
67 68 69 70 71 72 73
    }
  }

  // Get list (with forced refresh)
  filter_refresh();
  $filters = filter_list();

74
  $header = array(t('name'), t('weight'));
Dries's avatar
 
Dries committed
75 76 77
  $rows = array();

  // Standard HTML filters are always run first, we add a dummy row to indicate this
Dries's avatar
Dries committed
78
  $rows[] = array(t('HTML filtering'), array('data' => t('locked')));
Dries's avatar
 
Dries committed
79 80

  foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
81 82
    $name = module_invoke($module, 'filter', 'name');
    $rows[] = array($name, array('data' => form_weight(NULL, $module .'][weight', $filter['weight'])));
Dries's avatar
 
Dries committed
83 84
  }

Dries's avatar
Dries committed
85 86
  $form  = theme('table', $header, $rows);
  $form .= form_submit(t('Save configuration'));
Dries's avatar
 
Dries committed
87 88
  $output = form($form);

Dries's avatar
Dries committed
89
  print theme('page', $output);
Dries's avatar
 
Dries committed
90 91
}

Dries's avatar
Dries committed
92 93 94
/**
 * Menu callback; displays settings defined by filters.
 */
Dries's avatar
 
Dries committed
95 96 97 98 99 100
function filter_admin_settings() {
  system_settings_save();

  filter_refresh();

  $form  = filter_default_settings();
Dries's avatar
Dries committed
101
  $form .= implode("\n", module_invoke_all('filter', 'settings'));
Dries's avatar
 
Dries committed
102 103
  $output = system_settings_form($form);

Dries's avatar
Dries committed
104
  print theme('page', $output);
105 106
}

Dries's avatar
Dries committed
107 108 109
/**
 * Search through all modules for the filters they implement.
 */
Dries's avatar
 
Dries committed
110 111 112
function filter_refresh() {
  $modules = module_list();
  $filters = filter_list();
113

Dries's avatar
 
Dries committed
114
  // Update list in database
Dries's avatar
Dries committed
115
  db_query('DELETE FROM {filters}');
Dries's avatar
 
Dries committed
116
  foreach ($modules as $module) {
Dries's avatar
Dries committed
117 118
    if (module_hook($module, 'filter')) {
      $weight = $filters[$module]['weight'];
119

120
      db_query("INSERT INTO {filters} (module, weight) VALUES ('%s', %d)", $module, $weight);
Dries's avatar
 
Dries committed
121 122 123 124 125 126
    }
  }

  filter_list(1);
}

Dries's avatar
Dries committed
127 128 129
/**
 * Retrieve a list of all filters from the database.
 */
Dries's avatar
 
Dries committed
130 131 132 133 134
function filter_list($force = 0) {
  static $filters;

  if (!is_array($filters) || $force) {
    $filters = array();
Dries's avatar
Dries committed
135
    $result = db_query('SELECT * FROM {filters} ORDER BY weight ASC');
Dries's avatar
 
Dries committed
136 137
    while ($filter = db_fetch_array($result)) {
      // Fail-safe in case a module was deleted/changed without disabling it
Dries's avatar
Dries committed
138 139
      if (module_hook($filter['module'], 'filter')) {
        $filters[$filter['module']] = $filter;
Dries's avatar
 
Dries committed
140 141 142 143 144
      }
    }
  }

  return $filters;
145 146
}

Dries's avatar
Dries committed
147 148 149
/**
 * Run all the enabled filters on a piece of text.
 */
150 151
function check_output($text) {
  if (isset($text)) {
Dries's avatar
 
Dries committed
152 153
    $filters = filter_list();

Dries's avatar
Dries committed
154 155 156
    // Give filters the chance to escape HTML-like data such as code or formulas.
    // From this point on, the input can be treated as HTML.
    if (variable_get('filter_html', FILTER_HTML_DONOTHING) != FILTER_HTML_ESCAPE) {
157
      foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
158
        $text = module_invoke($module, 'filter', 'prepare', $text);
159
      }
Dries's avatar
 
Dries committed
160
    }
161

Dries's avatar
Dries committed
162
    // HTML handling is done before all regular filtering activities.
163 164
    $text = filter_default($text);

Dries's avatar
Dries committed
165
    // Regular filtering.
Dries's avatar
 
Dries committed
166
    foreach ($filters as $module => $filter) {
Dries's avatar
Dries committed
167
      $text = module_invoke($module, 'filter', 'process', $text);
168 169
    }

Dries's avatar
Dries committed
170 171
    // If only inline elements are used and no block level elements, we
    // replace all newlines with HTML line breaks.
Dries's avatar
 
Dries committed
172
    if (strip_tags($text, '<a><br><span><bdo><map><object><img><tt><i><b><u><big><small><em><strong><dfn><code><q><samp><kbd><var><cite><abbr><acronym><sub><sup><input><select><textarea><label><button><ins><del><script>') == $text) {
173 174 175 176 177 178 179 180 181 182
      $text = nl2br($text);
    }
  }
  else {
    $text = message_na();
  }

  return $text;
}

Dries's avatar
Dries committed
183 184 185
/**
 * Perform the default filters, preventing malicious HTML from being displayed.
 */
186
function filter_default($text) {
Dries's avatar
Dries committed
187
  if (variable_get('filter_html', FILTER_HTML_DONOTHING) == FILTER_HTML_STRIP) {
188
    // Allow users to enter HTML, but filter it
Dries's avatar
Dries committed
189 190 191
    $text = strip_tags($text, variable_get('allowed_html', ''));
    if (variable_get('filter_style', FILTER_STYLE_STRIP)) {
      $text = preg_replace('/\Wstyle\s*=[^>]+?>/i', '>', $text);
192
    }
Dries's avatar
Dries committed
193
    $text = preg_replace('/\Won[a-z]+\s*=[^>]+?>/i', '>', $text);
194 195
  }

Dries's avatar
Dries committed
196
  if (variable_get('filter_html', FILTER_HTML_DONOTHING) == FILTER_HTML_ESCAPE) {
Dries's avatar
 
Dries committed
197
    // Escape HTML
198 199 200 201 202 203
    $text = htmlspecialchars($text);
  }

  return trim($text);
}

Dries's avatar
Dries committed
204 205 206
/**
 * Settings for the filter system's built-in HTML handling.
 */
Dries's avatar
 
Dries committed
207
function filter_default_settings() {
Dries's avatar
Dries committed
208 209 210 211
  $group = form_radios(t('Filter HTML tags'), 'filter_html', variable_get('filter_html', FILTER_HTML_DONOTHING), array(FILTER_HTML_DONOTHING => t('Do not filter'), FILTER_HTML_STRIP => t('Strip tags'), FILTER_HTML_ESCAPE => t('Escape tags')), t('How to deal with HTML and PHP tags in user-contributed content. If set to "Strip tags", dangerous tags are removed (see below).  If set to "Escape tags", all HTML is escaped and presented as it was typed.'));
  $group .= form_textfield(t('Allowed HTML tags'), 'allowed_html', variable_get('allowed_html', '<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>'), 64, 255, t('If "Strip tags" is selected, optionally specify tags which should not be stripped.  "ON*" attributes are always stripped.'));
  $group .= form_radios(t('HTML style attributes'), 'filter_style', variable_get('filter_style', FILTER_STYLE_STRIP), array(FILTER_STYLE_ALLOW => t('Allowed'), FILTER_STYLE_STRIP => t('Removed')), t('If "Strip tags" is selected, you can choose whether "STYLE" attributes are allowed or removed from input.'));
  $output .= form_group(t('HTML filtering'), $group);
Dries's avatar
 
Dries committed
212 213 214 215

  return $output;
}

Dries's avatar
Dries committed
216 217 218 219
/**
 * Implementation of hook_filter(). Handles URL upgrades from Drupal 4.1.
 */
function filter_filter($op, $text = '') {
Dries's avatar
 
Dries committed
220
  switch ($op) {
Dries's avatar
Dries committed
221 222 223 224
    case 'name':
      return t('Legacy filtering');
    case 'process':
      if (variable_get('rewrite_old_urls', 0)) {
Dries's avatar
 
Dries committed
225 226 227
        $text = filter_old_urls($text);
      }
      return $text;
Dries's avatar
Dries committed
228 229 230
    case 'settings':
      $group   = form_radios(t('Rewrite old URLs'), 'rewrite_old_urls', variable_get('rewrite_old_urls', 0), array(t('Disabled'), t('Enabled')), t('The introduction of "clean URLs" in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before.  If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links.  If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal\'s <code>.htaccess</code> file instead as these will also correct external referrers.'));
      $output .= form_group(t('Legacy filtering'), $group);
Dries's avatar
 
Dries committed
231 232 233 234 235 236
      return $output;
    default:
      return $text;
  }
}

Dries's avatar
Dries committed
237 238 239 240 241 242 243 244 245
/**
 * Rewrite legacy URLs.
 *
 * This is a *temporary* filter to rewrite old-style URLs to new-style
 * URLs (clean URLs).  Currently, URLs are being rewritten dynamically
 * (ie. "on output"), however when these rewrite rules have been tested
 * enough, we will use them to permanently rewrite the links in node
 * and comment bodies.
 */
246 247 248 249 250
function filter_old_urls($text) {
  global $base_url;

  $end = substr($base_url, 12);

Dries's avatar
Dries committed
251 252
  if (variable_get('clean_url', '0') == '0') {
    // Relative URLs:
253 254 255 256 257 258 259 260 261

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"?q=\\2", $text);

Dries's avatar
Dries committed
262
    // Absolute URLs:
263 264 265 266 267 268 269 270 271 272

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/?q=\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4/\\6" , $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/?q=\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"$end/?q=\\2", $text);
  }
  else {
Dries's avatar
Dries committed
273
    // Relative URLs:
274 275 276 277 278 279 280 281 282

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("\"(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "\"\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4/\\6", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2/\\4", $text);
    $text = ereg_replace("\"module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "\"\\2", $text);

Dries's avatar
Dries committed
283
    // Absolute URLs:
284 285 286 287 288 289 290 291 292 293 294 295 296

    // rewrite 'node.php?id=<number>[&cid=<number>]' style URLs:
    $text = eregi_replace("$end/(node)\.php\?id=([[:digit:]]+)(&cid=)?([[:digit:]]*)", "$end/\\1/view/\\2/\\4", $text);

    // rewrite 'module.php?mod=<name>{&<op>=<value>}' style URLs:
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4/\\6", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2/\\4", $text);
    $text = ereg_replace("$end/module\.php\?(&?[[:alpha:]]+=([[:alnum:]]+))", "$end/\\2", $text);
  }

  return $text;
}

Dries's avatar
Dries committed
297 298 299
/**
 * Fetch full filter help texts defined by modules.
 */
Dries's avatar
 
Dries committed
300 301 302 303 304
function filter_tips_long() {
  $tiplist = '';
  foreach (module_list() as $name) {
    if ($tip = module_invoke($name, 'help', 'filter#long-tip')) {
      $tiplist .= "<li id=\"filter-$name\">$tip</li>\n";
Dries's avatar
 
Dries committed
305 306
    }
  }
Dries's avatar
 
Dries committed
307
  $output = "<ul class=\"filter-tips-long\">\n$tiplist\n</ul>\n";
Dries's avatar
Dries committed
308
  print theme('page', $output, t('Compose Tips'));
Dries's avatar
 
Dries committed
309 310
}

Dries's avatar
Dries committed
311 312 313
/**
 * Fetch abbreviated filter help texts defined by modules.
 */
Dries's avatar
 
Dries committed
314
function filter_tips_short() {
Dries's avatar
 
Dries committed
315
  $tiplist = '';
Dries's avatar
 
Dries committed
316 317
  foreach (module_list() as $name) {
    if ($tip = module_invoke($name, 'help', 'filter#short-tip')) {
Dries's avatar
 
Dries committed
318
      $tiplist .= "<li>$tip</li>\n";
Dries's avatar
 
Dries committed
319 320
    }
  }
Dries's avatar
 
Dries committed
321 322
  $tiplist .= '<li class="more-tips">' . l(t('More information on formatting options'), 'filter/tips') . '</li>';
  return "<ul class=\"filter-tips-short\">\n$tiplist\n</ul>\n";
Dries's avatar
 
Dries committed
323 324 325
}

?>