Elgg  Version 3.0
input.php
Go to the documentation of this file.
1 <?php
27 function get_input($variable, $default = null, $filter_result = true) {
28  return _elgg_services()->request->getParam($variable, $default, $filter_result);
29 }
30 
41 function set_input($variable, $value) {
42  _elgg_services()->request->setParam($variable, $value, true);
43 }
44 
56 function elgg_get_request_data($filter_result = true) {
57  return _elgg_services()->request->getParams($filter_result);
58 }
59 
69 function elgg_get_title_input($variable = 'title', $default = '') {
70  $raw_input = get_input($variable, $default, false);
71  return htmlspecialchars($raw_input, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
72 }
73 
82 function filter_tags($var) {
83  return elgg_trigger_plugin_hook('validate', 'input', null, $var);
84 }
85 
94 function current_page_url() {
95  return _elgg_services()->request->getCurrentURL();
96 }
97 
105 function is_email_address($address) {
106  return elgg()->accounts->isValidEmail($address);
107 }
108 
120 function elgg_make_sticky_form($form_name) {
121  _elgg_services()->stickyForms->makeStickyForm($form_name);
122 }
123 
136 function elgg_clear_sticky_form($form_name) {
137  _elgg_services()->stickyForms->clearStickyForm($form_name);
138 }
139 
148 function elgg_is_sticky_form($form_name) {
149  return _elgg_services()->stickyForms->isStickyForm($form_name);
150 }
151 
165 function elgg_get_sticky_value($form_name, $variable = '', $default = null, $filter_result = true) {
166  return _elgg_services()->stickyForms->getStickyValue($form_name, $variable, $default, $filter_result);
167 }
168 
178 function elgg_get_sticky_values($form_name, $filter_result = true) {
179  return _elgg_services()->stickyForms->getStickyValues($form_name, $filter_result);
180 }
181 
191 function elgg_clear_sticky_value($form_name, $variable) {
192  _elgg_services()->stickyForms->clearStickyValue($form_name, $variable);
193 }
194 
208 }
209 
228 function _elgg_htmlawed_filter_tags($hook, $type, $result, $params = null) {
229  $var = $result;
230 
231  $config = [
232  // seems to handle about everything we need.
233  'safe' => true,
234 
235  // remove comments/CDATA instead of converting to text
236  'comment' => 1,
237  'cdata' => 1,
238 
239  'deny_attribute' => 'class, on*, formaction',
240  'hook_tag' => '_elgg_htmlawed_tag_post_processor',
241 
242  'schemes' => '*:http,https,ftp,news,mailto,rtsp,teamspeak,gopher,mms,callto',
243  // apparent this doesn't work.
244  // 'style:color,cursor,text-align,font-size,font-weight,font-style,border,margin,padding,float'
245  ];
246 
247  // add nofollow to all links on output
248  if (!elgg_in_context('input')) {
249  $config['anti_link_spam'] = ['/./', ''];
250  }
251 
252  $config = elgg_trigger_plugin_hook('config', 'htmlawed', null, $config);
253  $spec = elgg_trigger_plugin_hook('spec', 'htmlawed', null, '');
254 
255  if (!is_array($var)) {
256  return Htmlawed::filter($var, $config, $spec);
257  } else {
258  array_walk_recursive($var, '_elgg_htmLawedArray', [$config, $spec]);
259  return $var;
260  }
261 }
262 
263 // @codingStandardsIgnoreStart
267 function _elgg_htmLawedArray(&$v, $k, $config_spec) {
268  list ($config, $spec) = $config_spec;
269  $v = Htmlawed::filter($v, $config, $spec);
270 }
271 // @codingStandardsIgnoreEnd
272 
285 function _elgg_htmlawed_tag_post_processor($element, $attributes = false) {
286  if ($attributes === false) {
287  // This is a closing tag. Prevent further processing to avoid inserting a duplicate tag
288  return "</${element}>";
289  }
290 
291  // this list should be coordinated with the WYSIWYG editor used (tinymce, ckeditor, etc.)
292  $allowed_styles = [
293  'color', 'cursor', 'text-align', 'vertical-align', 'font-size',
294  'font-weight', 'font-style', 'border', 'border-top', 'background-color',
295  'border-bottom', 'border-left', 'border-right',
296  'margin', 'margin-top', 'margin-bottom', 'margin-left',
297  'margin-right', 'padding', 'float', 'text-decoration'
298  ];
299 
300  $params = ['tag' => $element];
301  $allowed_styles = elgg_trigger_plugin_hook('allowed_styles', 'htmlawed', $params, $allowed_styles);
302 
303  // must return something.
304  $string = '';
305 
306  foreach ($attributes as $attr => $value) {
307  if ($attr == 'style') {
308  $styles = explode(';', $value);
309 
310  $style_str = '';
311  foreach ($styles as $style) {
312  if (!trim($style)) {
313  continue;
314  }
315  list($style_attr, $style_value) = explode(':', trim($style));
316  $style_attr = trim($style_attr);
317  $style_value = trim($style_value);
318 
319  if (in_array($style_attr, $allowed_styles)) {
320  $style_str .= "$style_attr: $style_value; ";
321  }
322  }
323 
324  if ($style_str) {
325  $style_str = trim($style_str);
326  $string .= " style=\"$style_str\"";
327  }
328  } else {
329  $string .= " $attr=\"$value\"";
330  }
331  }
332 
333  // Some WYSIWYG editors do not like tags like <p > so only add a space if needed.
334  if ($string = trim($string)) {
335  $string = " $string";
336  }
337 
338  $r = "<$element$string>";
339  return $r;
340 }
341 
355  return $value;
356 }
357 
368 function _elgg_disable_password_autocomplete($hook, $type, $return_value, $params) {
369 
370  if (!_elgg_config()->security_disable_password_autocomplete) {
371  return;
372  }
373 
374  $return_value['autocomplete'] = 'off';
375 
376  return $return_value;
377 }
378 
385 function _elgg_input_init() {
386 
387  elgg_register_plugin_hook_handler('validate', 'input', '_elgg_htmlawed_filter_tags', 1);
388 
389  elgg_register_plugin_hook_handler('unit_test', 'system', '_elgg_htmlawed_test');
390 
391  elgg_register_plugin_hook_handler('view_vars', 'input/password', '_elgg_disable_password_autocomplete');
392 }
393 
397 return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) {
398  $events->registerHandler('init', 'system', '_elgg_input_init');
399 };
elgg_get_title_input($variable= 'title', $default= '')
Get an HTML-escaped title from input.
Definition: input.php:69
$params
Saves global plugin settings.
Definition: save.php:13
_elgg_htmLawedArray(&$v, $k, $config_spec)
wrapper function for htmlawed for handling arrays
Definition: input.php:267
Events service.
_elgg_htmlawed_test($hook, $type, $value, $params)
Runs unit tests for htmlawed.
Definition: input.php:353
current_page_url()
Returns the current page&#39;s complete URL.
Definition: input.php:94
filter_tags($var)
Filter tags from a given string based on registered hooks.
Definition: input.php:82
$type
Definition: delete.php:21
elgg_register_plugin_hook_handler($hook, $type, $callback, $priority=500)
Definition: elgglib.php:634
static isEmpty($value)
Check if a value isn&#39;t empty, but allow 0 and &#39;0&#39;.
Definition: Values.php:189
_elgg_htmlawed_filter_tags($hook, $type, $result, $params=null)
htmLawed filtering of data
Definition: input.php:228
elgg_is_empty($value)
Check if a value isn&#39;t empty, but allow 0 and &#39;0&#39;.
Definition: input.php:206
$config
Advanced site settings, debugging section.
Definition: debugging.php:6
is_email_address($address)
Validates an email address.
Definition: input.php:105
set_input($variable, $value)
Sets an input value that may later be retrieved by get_input.
Definition: input.php:41
Base class for events and hooks.
elgg_get_sticky_value($form_name, $variable= '', $default=null, $filter_result=true)
Get a specific value from cached form submission data.
Definition: input.php:165
get_input($variable, $default=null, $filter_result=true)
Get some input from variables passed submitted through GET or POST.
Definition: input.php:27
elgg_make_sticky_form($form_name)
Save form submission data (all GET and POST vars) into a session cache.
Definition: input.php:120
elgg_in_context($context)
Check if this context exists anywhere in the stack.
Definition: pageowner.php:238
_elgg_disable_password_autocomplete($hook, $type, $return_value, $params)
Disable the autocomplete feature on password fields.
Definition: input.php:368
elgg_trigger_plugin_hook($hook, $type, $params=null, $returnvalue=null)
Definition: elgglib.php:720
_elgg_htmlawed_tag_post_processor($element, $attributes=false)
Post processor for tags in htmlawed.
Definition: input.php:285
_elgg_input_init()
Initialize the input library.
Definition: input.php:385
$default
Definition: checkbox.php:35
function filter(array, term)
_elgg_config()
Get the Elgg config service.
$value
Definition: debugging.php:7
elgg_clear_sticky_value($form_name, $variable)
Remove one value of form submission data from the session.
Definition: input.php:191
elgg_get_request_data($filter_result=true)
Returns all values parsed from the current request, including $_GET and $_POST values, as well as any values set with set_input()
Definition: input.php:56
class
Definition: placeholder.php:21
_elgg_services()
Get the global service provider.
Definition: elgglib.php:1292
elgg_is_sticky_form($form_name)
Does form submission data exist for this form?
Definition: input.php:148
elgg_clear_sticky_form($form_name)
Remove form submission data from the session.
Definition: input.php:136
$attributes
Definition: ajax_loader.php:13
elgg_get_sticky_values($form_name, $filter_result=true)
Get all submission data cached for a form.
Definition: input.php:178
var elgg
Definition: elgglib.js:4