Commit fb99e807 authored by Nigel McNie's avatar Nigel McNie

Cleaned up and re-worded HTML message displayed when viewing a filtered HTML file.

Now it clarifies that what you are viewing is only a rough representation of the original. There's a back link to go back to the files section or whatever previous page you were on. The message has been styled a bit too.
parent 7343c13e
......@@ -48,7 +48,7 @@ else {
$downloadurl .= '&size=' . $size;
}
$downloadurl .= '&download=1';
$options['cleanhtmlparams'] = array('downloadurl' => $downloadurl);
$options['downloadurl'] = $downloadurl;
}
if ($viewid && $fileid) {
......@@ -101,6 +101,7 @@ $title = $file->download_title();
if ($contenttype = $file->override_content_type()) {
$options['overridecontenttype'] = $contenttype;
}
$options['owner'] = $file->get('owner');
serve_file($path, $title, $options);
?>
......@@ -43,6 +43,7 @@ $string['deletefolder?'] = 'Are you sure you want to delete this folder?';
$string['Description'] = 'Description';
$string['destination'] = 'Destination';
$string['Download'] = 'Download';
$string['downloadoriginalversion'] = 'Download the original version';
$string['editfile'] = 'Edit file';
$string['editfolder'] = 'Edit folder';
$string['emptyfolder'] = 'Empty folder';
......@@ -62,6 +63,7 @@ $string['filetypedescription'] = '<p>You may configure the allowed file types th
$string['folder'] = 'Folder';
$string['foldercreated'] = 'Folder created';
$string['home'] = 'Home';
$string['htmlremovedmessage'] = 'You are viewing <strong>%s</strong> by <a href="%s">%s</a>. The file displayed below has been filtered to remove malicious content, and is only a rough representation of the original.';
$string['image'] = 'Image';
$string['lastmodified'] = 'Last Modified';
$string['myfiles'] = 'My Files';
......
......@@ -509,10 +509,6 @@ $string['youraccounthasbeensuspendedtext'] = 'Your account has been suspended';
$string['youraccounthasbeenunsuspended'] = 'Your account has been unsuspended';
$string['youraccounthasbeenunsuspendedtext'] = 'Your account has been unsuspended'; // @todo: more info?
// Display of purified html
$string['htmlremovedmessage'] = 'The file displayed below has been filtered to remove malicious content.';
$string['downloadoriginalversion'] = 'Download the original version';
// size of stuff
$string['sizemb'] = 'MB';
$string['sizekb'] = 'KB';
......
......@@ -70,9 +70,9 @@ function serve_file($path, $filename, $options=array()) {
$lastmodified = filemtime($path);
$filesize = filesize($path);
if ($mimetype == 'text/html') {
if (isset($options['cleanhtmlparams']) && $filesize < 1024 * 1024) {
display_cleaned_html(file_get_contents($path), $options['cleanhtmlparams']);
if ($mimetype == 'text/html' || $mimetype == 'text/xml') {
if (isset($options['downloadurl']) && $filesize < 1024 * 1024) {
display_cleaned_html(file_get_contents($path), $filename, $options);
exit;
}
$options['forcedownload'] = true;
......
......@@ -1985,13 +1985,14 @@ function clean_text($text) {
/**
* Displays purified html on a page with an explanatory message.
*
* @param string $html The purified html.
* @param array $params Variables passed to the template. Currently
* downloadurl - link to download the original (dirty) file.
* @param string $html The purified html.
* @param string $filename The filename to serve the file as
* @param array $params Parameters previously passed to serve_file
*/
function display_cleaned_html($html, $params) {
function display_cleaned_html($html, $filename, $params) {
$smarty = smarty_core();
$smarty->assign('params', $params);
$smarty->assign('htmlremovedmessage', get_string('htmlremovedmessage', 'artefact.file', $filename, get_config('wwwroot') . 'user/view.php?id=' . $params['owner'], display_name($params['owner'])));
$smarty->assign('content', clean_text($html));
$smarty->display('cleanedhtml.tpl');
exit;
......
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head><title></title></head>
<head>
<meta http-equiv="Content-type" content="text/html; charset=UTF-8">
<title>{$pagetitle}</title>
</head>
<body>
<hr />
<div>{str tag=htmlremovedmessage}</div>
{if !empty($params.downloadurl)}
<div>
<a href="{$params.downloadurl}">{str tag=downloadoriginalversion}</a>
</div>
{/if}
<hr />
<div style="font-family: Arial, sans-serif; font-size: smaller; border-bottom: 1px solid #aaa; margin-bottom: 1em; padding-bottom: .5em; text-align: center;">
<div style="float: left; margin-right: 1em; height: 2em;"><a href="" onclick="history.go(-1); return false;">&laquo; {str tag="back"}</a></div>
{$htmlremovedmessage}{if !empty($params.downloadurl)} <a href="{$params.downloadurl}">{str tag="downloadoriginalversion" section="artefact.file"}</a>{/if}</div>
<div>
{$content}
</div>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment