Elgg  Version 4.3
ValidateInputHandler.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg\Input;
4 
11 
27  public function __invoke(\Elgg\Hook $hook) {
28  $var = $hook->getValue();
29  if ((!is_string($var) && !is_array($var)) || empty($var)) {
30  return $var;
31  }
32 
33  $config = [
34  // seems to handle about everything we need.
35  'safe' => true,
36 
37  // remove comments/CDATA instead of converting to text
38  'comment' => 1,
39  'cdata' => 1,
40 
41  // do not check for unique ids as the full input stack could be checked multiple times
42  // @see https://github.com/Elgg/Elgg/issues/12934
43  'unique_ids' => 0,
44 
45  'elements' => '*-applet-button-form-input-textarea-iframe-script-style-embed-object',
46  'deny_attribute' => 'class, on*, formaction',
47  'hook_tag' => '_elgg_htmlawed_tag_post_processor',
48 
49  'schemes' => '*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto',
50  // apparent this doesn't work.
51  // 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float'
52  ];
53 
54  // add nofollow to all links on output
55  if (!elgg_in_context('input')) {
56  $config['anti_link_spam'] = ['/./', ''];
57  }
58 
59  $config = elgg_trigger_plugin_hook('config', 'htmlawed', null, $config);
60  $spec = elgg_trigger_plugin_hook('spec', 'htmlawed', null, '');
61 
62  if (!is_array($var)) {
63  return \Htmlawed::filter($var, $config, $spec);
64  } else {
65  $callback = function (&$v, $k, $config_spec) {
66  if (!is_string($v) || empty($v)) {
67  return;
68  }
69 
70  list ($config, $spec) = $config_spec;
71  $v = \Htmlawed::filter($v, $config, $spec);
72  };
73 
74  array_walk_recursive($var, $callback, [$config, $spec]);
75 
76  return $var;
77  }
78  }
79 }
$config
Advanced site settings, debugging section.
Definition: debugging.php:6
Models an event passed to hook handlers.
Definition: Hook.php:11
elgg_in_context($context)
Check if this context exists anywhere in the stack.
Definition: context.php:78
elgg_trigger_plugin_hook($hook, $type, $params=null, $returnvalue=null)
Definition: elgglib.php:380
function filter(array, term)
__invoke(\Elgg\Hook $hook)
htmLawed filtering of data
Validates input using htmlawed.