Commit 62f93994 authored by Dries's avatar Dries

- Added 'escape HTML' option to the filters.  Patch by Gabor Hojtsy.
parent 01f3bcfc
......@@ -496,13 +496,18 @@ function node_settings() {
}
function node_conf_filters() {
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content."));
$output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before. If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links. If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
$output .= "<hr />";
return $output;
}
function node_escape_html($text) {
return htmlspecialchars($text);
}
function node_filter_html($text) {
$text = strip_tags($text, variable_get("allowed_html", ""));
return $text;
......@@ -530,6 +535,10 @@ function node_filter($text) {
$text = rewrite_old_urls($text);
}
if (variable_get("escape_html", 0)) {
$text = node_escape_html($text);
}
return trim($text);
}
......
......@@ -496,13 +496,18 @@ function node_settings() {
}
function node_conf_filters() {
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content."));
$output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before. If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links. If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
$output .= "<hr />";
return $output;
}
function node_escape_html($text) {
return htmlspecialchars($text);
}
function node_filter_html($text) {
$text = strip_tags($text, variable_get("allowed_html", ""));
return $text;
......@@ -530,6 +535,10 @@ function node_filter($text) {
$text = rewrite_old_urls($text);
}
if (variable_get("escape_html", 0)) {
$text = node_escape_html($text);
}
return trim($text);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment