Elgg
Version 4.3
Main Page
Related Pages
Namespaces
Classes
Files
Examples
File List
File Members
engine
classes
Elgg
Input
ValidateInputHandler.php
Go to the documentation of this file.
1
<?php
2
3
namespace
Elgg\Input
;
4
10
class
ValidateInputHandler
{
11
27
public
function
__invoke
(\
Elgg
\
Hook
$hook) {
28
$var = $hook->getValue();
29
if
((!is_string($var) && !is_array($var)) || empty($var)) {
30
return
$var;
31
}
32
33
$config
= [
34
// seems to handle about everything we need.
35
'safe'
=>
true
,
36
37
// remove comments/CDATA instead of converting to text
38
'comment'
=> 1,
39
'cdata'
=> 1,
40
41
// do not check for unique ids as the full input stack could be checked multiple times
42
// @see https://github.com/Elgg/Elgg/issues/12934
43
'unique_ids'
=> 0,
44
45
'elements'
=>
'*-applet-button-form-input-textarea-iframe-script-style-embed-object'
,
46
'deny_attribute'
=>
'class, on*, formaction'
,
47
'hook_tag'
=>
'_elgg_htmlawed_tag_post_processor'
,
48
49
'schemes'
=>
'*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto'
,
50
// apparent this doesn't work.
51
// 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float'
52
];
53
54
// add nofollow to all links on output
55
if
(!
elgg_in_context
(
'input'
)) {
56
$config
[
'anti_link_spam'
] = [
'/./'
,
''
];
57
}
58
59
$config
=
elgg_trigger_plugin_hook
(
'config'
,
'htmlawed'
, null,
$config
);
60
$spec =
elgg_trigger_plugin_hook
(
'spec'
,
'htmlawed'
, null,
''
);
61
62
if
(!is_array($var)) {
63
return \Htmlawed::filter
($var,
$config
, $spec);
64
}
else
{
65
$callback =
function
(&$v, $k, $config_spec) {
66
if
(!is_string($v) || empty($v)) {
67
return
;
68
}
69
70
list (
$config
, $spec) = $config_spec;
71
$v =
\Htmlawed::filter
($v,
$config
, $spec);
72
};
73
74
array_walk_recursive($var, $callback, [
$config
, $spec]);
75
76
return
$var;
77
}
78
}
79
}
$config
$config
Advanced site settings, debugging section.
Definition:
debugging.php:6
Elgg\Input
Definition:
AddFileHelpTextHandler.php:3
Elgg\Hook
Models an event passed to hook handlers.
Definition:
Hook.php:11
Elgg
Definition:
ActionsService.php:3
elgg_in_context
elgg_in_context($context)
Check if this context exists anywhere in the stack.
Definition:
context.php:78
elgg_trigger_plugin_hook
elgg_trigger_plugin_hook($hook, $type, $params=null, $returnvalue=null)
Definition:
elgglib.php:380
filter
function filter(array, term)
Definition:
jquery.ui.autocomplete.html.js:14
Elgg\Input\ValidateInputHandler\__invoke
__invoke(\Elgg\Hook $hook)
htmLawed filtering of data
Definition:
ValidateInputHandler.php:27
Elgg\Input\ValidateInputHandler
Validates input using htmlawed.
Definition:
ValidateInputHandler.php:10
Generated on Fri Feb 3 2023 00:00:22 for Elgg by
1.8.11