Commit 06994961 authored by Richard Mansfield's avatar Richard Mansfield

When serving html files smaller than 1M, always display the filter message and...

When serving html files smaller than 1M, always display the filter message and link to download the original
parent 3e68c3d7
......@@ -510,7 +510,7 @@ $string['youraccounthasbeenunsuspended'] = 'Your account has been unsuspended';
$string['youraccounthasbeenunsuspendedtext'] = 'Your account has been unsuspended'; // @todo: more info?
// Display of purified html
$string['htmlremovedmessage'] = 'Some potentially malicious content was detected and removed from this file.';
$string['htmlremovedmessage'] = 'The file displayed below has been filtered to remove malicious content.';
$string['downloadoriginalversion'] = 'Download the original version';
// size of stuff
......
......@@ -72,22 +72,14 @@ function serve_file($path, $filename, $options=array()) {
if ($mimetype == 'text/html') {
if (isset($options['cleanhtmlparams']) && $filesize < 1024 * 1024) {
// Read file contents, clean if necessary
$originalhtml = file_get_contents($path);
$purifyresult = clean_text($originalhtml, true);
if ($purifyresult->purified) {
display_cleaned_html($purifyresult->html, $options['cleanhtmlparams']);
exit;
}
$fileoutput = $originalhtml;
}
else {
$options['forcedownload'] = true;
$mimetype = 'application/octet-stream';
display_cleaned_html(file_get_contents($path), $options['cleanhtmlparams']);
exit;
}
$options['forcedownload'] = true;
$mimetype = 'application/octet-stream';
}
if (!$mimetype || (!is_image_mime_type($mimetype) && (isset($_SERVER['HTTP_USER_AGENT']) && false !== strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE'))) && !isset($fileoutput)) {
if (!$mimetype || (!is_image_mime_type($mimetype) && (isset($_SERVER['HTTP_USER_AGENT']) && false !== strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE')))) {
$mimetype = 'application/forcedownload';
}
......@@ -184,12 +176,7 @@ function serve_file($path, $filename, $options=array()) {
}
header('Content-Length: ' . $filesize);
while (@ob_end_flush()); //flush the buffers - save memory and disable sid rewrite
if (isset($fileoutput)) {
echo $fileoutput;
}
else {
readfile_chunked($path);
}
readfile_chunked($path);
exit;
}
......
......@@ -131,7 +131,7 @@ class HTMLPurifier
* that HTMLPurifier_Config::create() supports.
* @return Purified HTML
*/
public function purify($html, $config = null, $test = false) {
public function purify($html, $config = null) {
// todo: make the config merge in, instead of replace
$config = $config ? HTMLPurifier_Config::create($config) : $this->config;
......@@ -168,21 +168,27 @@ class HTMLPurifier
$html = $this->filters[$i]->preFilter($html, $config, $context);
}
$dirtytokens = $lexer->tokenizeHTML($html, $config, $context);
$cleantokens = $this->strategy->execute($dirtytokens, $config, $context);
// purified HTML
$html = $this->generator->generateFromTokens($cleantokens, $config, $context);
$html =
$this->generator->generateFromTokens(
// list of tokens
$this->strategy->execute(
// list of un-purified tokens
$lexer->tokenizeHTML(
// un-purified HTML
$html, $config, $context
),
$config, $context
),
$config, $context
);
for ($i = $size - 1; $i >= 0; $i--) {
$html = $this->filters[$i]->postFilter($html, $config, $context);
}
$html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
$this->context =& $context;
if ($test) {
return (object) array('html' => $html, 'purified' => $dirtytokens != $cleantokens);
}
return $html;
}
......
......@@ -1969,15 +1969,14 @@ function format_introduction($introduction) {
* and removes any nasty tags that could mess up pages.
*
* @param string $text The text to be cleaned
* @param string $test Test whether anything was cleaned
* @return string The cleaned up text
*/
function clean_text($text, $test = false) {
function clean_text($text) {
require_once('htmlpurifier/HTMLPurifier.auto.php');
$config = HTMLPurifier_Config::createDefault();
$config->set('Cache', 'SerializerPath', get_config('dataroot') . 'htmlpurifier');
$purifier = new HTMLPurifier($config);
return $purifier->purify($text, null, $test);
return $purifier->purify($text);
}
......@@ -1991,7 +1990,7 @@ function clean_text($text, $test = false) {
function display_cleaned_html($html, $params) {
$smarty = smarty_core();
$smarty->assign('params', $params);
$smarty->assign('content', $html);
$smarty->assign('content', clean_text($html));
$smarty->display('cleanedhtml.tpl');
exit;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment