Commit e20f59d9 authored by Dries's avatar Dries

- Jonathan's "HTML filter" improvements.

> If turning on both filters is bad, we shouldn't allow the user to
> select both, should we? The attached patch folds the Escape HTML option
> into the same dropdown as the Filter HTML option, preventing both from
> being activated.
parent 62f93994
......@@ -496,9 +496,8 @@ function node_settings() {
}
function node_conf_filters() {
$output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(0 => t("Do not filter"), 1 => t("Strip tags"), 2 => t("Escape tags")), t("How to deal with HTML and PHP tags in user-contributed content. If set to \"Strip tags\", dangerous tags are removed. If set to \"Escape tags\", all HTML is escaped and presented as it was typed."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If \"Strip tags\" is selected, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before. If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links. If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
$output .= "<hr />";
return $output;
......@@ -527,7 +526,7 @@ function node_comment_mode($nid) {
}
function node_filter($text) {
if (variable_get("filter_html", 0)) {
if (variable_get("filter_html", 0) == 1) {
$text = node_filter_html($text);
}
......@@ -535,7 +534,7 @@ function node_filter($text) {
$text = rewrite_old_urls($text);
}
if (variable_get("escape_html", 0)) {
if (variable_get("filter_html", 0) == 2) {
$text = node_escape_html($text);
}
......
......@@ -496,9 +496,8 @@ function node_settings() {
}
function node_conf_filters() {
$output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(0 => t("Do not filter"), 1 => t("Strip tags"), 2 => t("Escape tags")), t("How to deal with HTML and PHP tags in user-contributed content. If set to \"Strip tags\", dangerous tags are removed. If set to \"Escape tags\", all HTML is escaped and presented as it was typed."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If \"Strip tags\" is selected, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before. If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links. If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
$output .= "<hr />";
return $output;
......@@ -527,7 +526,7 @@ function node_comment_mode($nid) {
}
function node_filter($text) {
if (variable_get("filter_html", 0)) {
if (variable_get("filter_html", 0) == 1) {
$text = node_filter_html($text);
}
......@@ -535,7 +534,7 @@ function node_filter($text) {
$text = rewrite_old_urls($text);
}
if (variable_get("escape_html", 0)) {
if (variable_get("filter_html", 0) == 2) {
$text = node_escape_html($text);
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment