SOPHAL/CRM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
BACHIR SOULDI
2025-09-28 08:49:37 +01:00
commit 2794e62571
16819 changed files with 2664196 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
customerportal/include/htmlpurify/plugins/modx.txt Normal file
View File

@@ -0,0 +1,112 @@
MODx Plugin
MODx <http://www.modxcms.com/> is an open source PHP application framework.
I first came across them in my referrer logs when tillda asked if anyone
could implement an HTML Purifier plugin. This forum thread
<http://modxcms.com/forums/index.php/topic,6604.0.html> eventually resulted
in the fruition of this plugin that davidm says, "is on top of my favorite
list." HTML Purifier goes great with WYSIWYG editors!
1. Credits
PaulGregory wrote the overall structure of the code. I added the
slashes hack.
2. Install
First, you need to place HTML Purifier library somewhere. The code here
assumes that you've placed in MODx's assets/plugins/htmlpurifier (no version
number).
Log into the manager, and navigate:
Resources > Manage Resources > Plugins tab > New Plugin
Type in a name (probably HTML Purifier), and copy paste this code into the
textarea:
--------------------------------------------------------------------------------
$e = &$modx->Event;
if ($e->name == 'OnBeforeDocFormSave') {
global $content;
include_once '../assets/plugins/htmlpurifier/library/HTMLPurifier.auto.php';
$purifier = new HTMLPurifier();
static $magic_quotes = null;
if ($magic_quotes === null) {
// this is an ugly hack because this hook hasn't
// had the backslashes removed yet when magic_quotes_gpc is on,
// but HTMLPurifier must not have the quotes slashed.
$magic_quotes = get_magic_quotes_gpc();
}
if ($magic_quotes) $content = stripslashes($content);
$content = $purifier->purify($content);
if ($magic_quotes) $content = addslashes($content);
}
--------------------------------------------------------------------------------
Then navigate to the System Events tab and check "OnBeforeDocFormSave".
Save the plugin. HTML Purifier now is integrated!

2
customerportal/include/htmlpurify/plugins/phorum/.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
migrate.php

26
customerportal/include/htmlpurify/plugins/phorum/Changelog Normal file
View File

@@ -0,0 +1,26 @@
Changelog HTMLPurifier : Phorum Mod
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
= KEY ====================
# Breaks back-compat
! Feature
- Bugfix
+ Sub-comment
. Internal change
==========================
Version 3.0.0.1 for Phorum 5.2, unknown release date
! Better installation documentation

79
customerportal/include/htmlpurify/plugins/phorum/INSTALL Normal file
View File

@@ -0,0 +1,79 @@
Install
How to install the Phorum HTML Purifier plugin
1. UNZIP
--------
Unzip phorum-htmlpurifier-x.y.z, producing an htmlpurifier folder.
You've already done this step if you're reading this!
2. MOVE
-------
Move the htmlpurifier folder to the mods/ folder of your Phorum
installation, so the directory structure looks like:
phorum/
mods/
htmlpurifier/
INSTALL - this install file
info.txt, ... - the module files
htmlpurifier/
3. INSTALL HTML PURIFIER
------------------------
Download and unzip HTML Purifier <htmlpurifier.org>. Place the contents of
the library/ folder in the htmlpurifier/htmlpurifier folder. Your directory
structure will look like:
phorum/
mods/
htmlpurifier/
htmlpurifier/
HTMLPurifier.auto.php
... - other files
HTMLPurifier/
Advanced users:
If you have HTML Purifier installed elsewhere on your server,
all you need is an HTMLPurifier.auto.php file in the library folder which
includes the HTMLPurifier.auto.php file in your install.

45
customerportal/include/htmlpurify/plugins/phorum/README Normal file
View File

@@ -0,0 +1,45 @@
HTML Purifier Phorum Mod - Filter your HTML the Standards-Compliant Way!
This Phorum mod enables HTML posting on Phorum. Under normal circumstances,
this would cause a huge security risk, but because we are running
HTML through HTML Purifier, output is guaranteed to be XSS free and
standards-compliant.
This mod requires HTML input, and previous markup languages need to be
converted accordingly. Thus, it is vital that you create a 'migrate.php'
file that works with your installation. If you're using the built-in
BBCode formatting, simply move migrate.bbcode.php to that place; for
other markup languages, consult said file for instructions on how
to adapt it to your needs.
-- NOTE -------------------------------------------------
You can also run this module in parallel with another
formatting module; this module attempts to place itself
at the end of the filtering chain. However, if any
previous modules produce insecure HTML (for instance,
a JavaScript email obfuscator) they will get cleaned.
This module will not work if 'migrate.php' is not created, and an improperly

57
customerportal/include/htmlpurify/plugins/phorum/config.default.php Normal file
View File

@@ -0,0 +1,57 @@
<?php
if(!defined("PHORUM")) exit;
// default HTML Purifier configuration settings
$config->set('HTML.Allowed',
// alphabetically sorted
'a[href|title]
abbr[title]
acronym[title]
b
blockquote[cite]
br
caption
cite
code
dd
del
dfn
div
dl
dt
em
i
img[src|alt|title|class]
ins
kbd
li
ol

309
customerportal/include/htmlpurify/plugins/phorum/htmlpurifier.php Normal file
View File

@@ -0,0 +1,309 @@
<?php
/**
* HTML Purifier Phorum Mod. Filter your HTML the Standards-Compliant Way!
*
* This Phorum mod enables users to post raw HTML into Phorum. But never
* fear: with the help of HTML Purifier, this HTML will be beat into
* de-XSSed and standards-compliant form, safe for general consumption.
* It is not recommended, but possible to run this mod in parallel
* with other formatters (in short, please DISABLE the BBcode mod).
*
* For help migrating from your previous markup language to pure HTML
* please check the migrate.bbcode.php file.
*
* If you'd like to use this with a WYSIWYG editor, make sure that
* editor sets $PHORUM['mod_htmlpurifier']['wysiwyg'] to true. Otherwise,
* administrators who need to edit other people's comments may be at
* risk for some nasty attacks.
*
* Tested with Phorum 5.2.6.
*/
// Note: Cache data is base64 encoded because Phorum insists on flinging
// to the user and expecting it to come back unharmed, newlines and
// all, which ain't happening. It's slower, it takes up more space, but
// at least it won't get mutilated
/**
* Purifies a data array
*/
function phorum_htmlpurifier_format($data)
{
$PHORUM = $GLOBALS["PHORUM"];
$purifier =& HTMLPurifier::getInstance();
$cache_serial = $PHORUM['mod_htmlpurifier']['body_cache_serial'];
foreach($data as $message_id => $message){
if(isset($message['body'])) {
if ($message_id) {
// we're dealing with a real message, not a fake, so
// there a number of shortcuts that can be taken
if (isset($message['meta']['htmlpurifier_light'])) {
// format hook was called outside of Phorum's normal
// functions, do the abridged purification
$data[$message_id]['body'] = $purifier->purify($message['body']);
continue;
}
if (!empty($PHORUM['args']['purge'])) {
// purge the cache, must be below the following if
unset($message['meta']['body_cache']);
}
if (
isset($message['meta']['body_cache']) &&
isset($message['meta']['body_cache_serial']) &&
$message['meta']['body_cache_serial'] == $cache_serial
) {
// cached version is present, bail out early
$data[$message_id]['body'] = base64_decode($message['meta']['body_cache']);
continue;
}
}
// migration might edit this array, that's why it's defined
// so early
$updated_message = array();
// create the $body variable
if (
$message_id && // message must be real to migrate
!isset($message['meta']['body_cache_serial'])
) {
// perform migration
$fake_data = array();
list($signature, $edit_message) = phorum_htmlpurifier_remove_sig_and_editmessage($message);
$fake_data[$message_id] = $message;
$fake_data = phorum_htmlpurifier_migrate($fake_data);
$body = $fake_data[$message_id]['body'];
$body = str_replace("<phorum break>\n", "\n", $body);
$updated_message['body'] = $body; // save it in
$body .= $signature . $edit_message; // add it back in
} else {
// reverse Phorum's pre-processing
$body = $message['body'];
// order is important
$body = str_replace("<phorum break>\n", "\n", $body);
$body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
// we're in control.php, so it was double-escaped
$body = str_replace(array('&lt;','&gt;','&amp;', '&quot;'), array('<','>','&','"'), $body);
}
}
$body = $purifier->purify($body);
// dynamically update the cache (MUST BE DONE HERE!)
// this is inefficient because it's one db call per
// cache miss, but once the cache is in place things are
// a lot zippier.
if ($message_id) { // make sure it's not a fake id
$updated_message['meta'] = $message['meta'];
$updated_message['meta']['body_cache'] = base64_encode($body);
$updated_message['meta']['body_cache_serial'] = $cache_serial;
phorum_db_update_message($message_id, $updated_message);
}
// must not get overloaded until after we cache it, otherwise
// we'll inadvertently change the original text
$data[$message_id]['body'] = $body;
}
}
return $data;
}
// -----------------------------------------------------------------------
// This is fragile code, copied from read.php:596 (Phorum 5.2.6). Please
// keep this code in-sync with Phorum
/**
* Generates a signature based on a message array
*/
function phorum_htmlpurifier_generate_sig($row) {
$phorum_sig = '';
if(isset($row["user"]["signature"])
&& isset($row['meta']['show_signature']) && $row['meta']['show_signature']==1){
$phorum_sig=trim($row["user"]["signature"]);
if(!empty($phorum_sig)){
$phorum_sig="\n\n$phorum_sig";
}
}
return $phorum_sig;
}
/**
* Generates an edit message based on a message array
*/
function phorum_htmlpurifier_generate_editmessage($row) {
$PHORUM = $GLOBALS['PHORUM'];
$editmessage = '';
if(isset($row['meta']['edit_count']) && $row['meta']['edit_count'] > 0) {
$editmessage = str_replace ("%count%", $row['meta']['edit_count'], $PHORUM["DATA"]["LANG"]["EditedMessage"]);
$editmessage = str_replace ("%lastedit%", phorum_date($PHORUM["short_date_time"],$row['meta']['edit_date']), $editmessage);
$editmessage = str_replace ("%lastuser%", $row['meta']['edit_username'], $editmessage);
$editmessage = "\n\n\n\n$editmessage";
}
return $editmessage;
}

18
customerportal/include/htmlpurify/plugins/phorum/info.txt Normal file
View File

@@ -0,0 +1,18 @@
title: HTML Purifier Phorum Mod
desc: This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
author: Edward Z. Yang
url: http://htmlpurifier.org/
version: 3.0.0
hook: format|phorum_htmlpurifier_format
hook: quote|phorum_htmlpurifier_quote
hook: posting_custom_action|phorum_htmlpurifier_posting

28
customerportal/include/htmlpurify/plugins/phorum/init-config.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
/**
* Initializes the appropriate configuration from either a PHP file
* or a module configuration value
* @return Instance of HTMLPurifier_Config
*/
function phorum_htmlpurifier_get_config($default = false) {
global $PHORUM;
$config_exists = phorum_htmlpurifier_config_file_exists();
if ($default || $config_exists || !isset($PHORUM['mod_htmlpurifier']['config'])) {
$config = HTMLPurifier_Config::createDefault();
include(dirname(__FILE__) . '/config.default.php');
if ($config_exists) {

30
customerportal/include/htmlpurify/plugins/phorum/migrate.bbcode.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
/**
* This file is responsible for migrating from a specific markup language
* like BBCode or Markdown to HTML. WARNING: THIS PROCESS IS NOT REVERSIBLE
*
* Copy this file to 'migrate.php' and it will automatically work for
* BBCode; you may need to tweak this a little to get it to work for other
* languages (usually, just replace the include name and the function name).
*
* If you do NOT want to have any migration performed (for instance, you
* are installing the module on a new forum with no posts), simply remove
* phorum_htmlpurifier_migrate() function. You still need migrate.php
* present, otherwise the module won't work. This ensures that the user
* explicitly says, "No, I do not need to migrate."

64
customerportal/include/htmlpurify/plugins/phorum/settings.php Normal file
View File

@@ -0,0 +1,64 @@
<?php
// based off of BBCode's settings file
/**
* HTML Purifier Phorum mod settings configuration. This provides
* a convenient web-interface for editing the most common HTML Purifier
* configuration directives. You can also specify custom configuration
* by creating a 'config.php' file.
*/
if(!defined("PHORUM_ADMIN")) exit;
// error reporting is good!
error_reporting(E_ALL ^ E_NOTICE);
// load library and other paraphenalia
require_once './include/admin/PhorumInputForm.php';
require_once (dirname(__FILE__) . '/htmlpurifier/HTMLPurifier.auto.php');
require_once (dirname(__FILE__) . '/init-config.php');
require_once (dirname(__FILE__) . '/settings/migrate-sigs-form.php');
require_once (dirname(__FILE__) . '/settings/migrate-sigs.php');
require_once (dirname(__FILE__) . '/settings/form.php');
require_once (dirname(__FILE__) . '/settings/save.php');
// define friendly configuration directives. you can expand this array
// to get more web-definable directives
$PHORUM['mod_htmlpurifier']['directives'] = array(
'URI.Host', // auto-detectable
'URI.DisableExternal',
'URI.DisableExternalResources',
'URI.DisableResources',

93
customerportal/include/htmlpurify/plugins/phorum/settings/form.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
function phorum_htmlpurifier_show_form() {
if (phorum_htmlpurifier_config_file_exists()) {
phorum_htmlpurifier_show_config_info();
return;
}
global $PHORUM;
$config = phorum_htmlpurifier_get_config();
$frm = new PhorumInputForm ("", "post", "Save");
$frm->hidden("module", "modsettings");
$frm->hidden("mod", "htmlpurifier"); // this is the directory name that the Settings file lives in
if (!empty($error)){
echo "$error<br />";
}
$frm->addbreak("Edit settings for the HTML Purifier module");
$frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'wysiwyg\']</code>.
When checked, contents sent for edit are now purified and the
informative message is disabled. If your WYSIWYG editor is disabled for
admin edits, you can safely keep this unchecked.</p>');
$frm->addRow('Use WYSIWYG?', $frm->checkbox('wysiwyg', '1', '', $PHORUM['mod_htmlpurifier']['wysiwyg']));
$frm->addMessage('<p>The box below sets <code>$PHORUM[\'mod_htmlpurifier\'][\'suppress_message\']</code>,
which removes the big how-to use
HTML Purifier message.</p>');
$frm->addRow('Suppress information?', $frm->checkbox('suppress_message', '1', '', $PHORUM['mod_htmlpurifier']['suppress_message']));
$frm->addMessage('<p>Click on directive links to read what each option does
(links do not open in new windows).</p>
<p>For more flexibility (for instance, you want to edit the full
range of configuration directives), you can create a <tt>config.php</tt>
file in your <tt>mods/htmlpurifier/</tt> directory. Doing so will,
however, make the web configuration interface unavailable.</p>');
require_once 'HTMLPurifier/Printer/ConfigForm.php';
$htmlpurifier_form = new HTMLPurifier_Printer_ConfigForm('config', 'http://htmlpurifier.org/live/configdoc/plain.html#%s');
$htmlpurifier_form->setTextareaDimensions(23, 7); // widen a little, since we have space
$frm->addMessage($htmlpurifier_form->render(
$config, $PHORUM['mod_htmlpurifier']['directives'], false));

22
customerportal/include/htmlpurify/plugins/phorum/settings/migrate-sigs-form.php Normal file
View File

@@ -0,0 +1,22 @@
<?php
function phorum_htmlpurifier_show_migrate_sigs_form() {
$frm = new PhorumInputForm ('', "post", "Migrate");
$frm->hidden("module", "modsettings");
$frm->hidden("mod", "htmlpurifier");
$frm->hidden("migrate-sigs", "1");
$frm->addbreak("Migrate user signatures to HTML");
$frm->addMessage('This operation will migrate your users signatures
to HTML. <strong>This process is irreversible and must only be performed once.</strong>

77
customerportal/include/htmlpurify/plugins/phorum/settings/migrate-sigs.php Normal file
View File

@@ -0,0 +1,77 @@
<?php
function phorum_htmlpurifier_migrate_sigs_check() {
global $PHORUM;
$offset = 0;
if (!empty($_POST['migrate-sigs'])) {
if (!isset($_POST['confirmation']) || strtolower($_POST['confirmation']) !== 'yes') {
echo 'Invalid confirmation code.';
exit;
}
$PHORUM['mod_htmlpurifier']['migrate-sigs'] = true;
phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
$offset = 1;
} elseif (!empty($_GET['migrate-sigs']) && $PHORUM['mod_htmlpurifier']['migrate-sigs']) {
$offset = (int) $_GET['migrate-sigs'];
}
return $offset;
}
function phorum_htmlpurifier_migrate_sigs($offset) {
global $PHORUM;
if(!$offset) return; // bail out quick if $offset == 0
// theoretically, we could get rid of this multi-request
// doo-hickery if safe mode is off
@set_time_limit(0); // attempt to let this run
$increment = $PHORUM['mod_htmlpurifier']['migrate-sigs-increment'];
require_once(dirname(__FILE__) . '/../migrate.php');
// migrate signatures
// do this in batches so we don't run out of time/space
$end = $offset + $increment;
$user_ids = array();
for ($i = $offset; $i < $end; $i++) {
$user_ids[] = $i;
}
$userinfos = phorum_db_user_get_fields($user_ids, 'signature');
foreach ($userinfos as $i => $user) {

27
customerportal/include/htmlpurify/plugins/phorum/settings/save.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
function phorum_htmlpurifier_save_settings() {
global $PHORUM;
if (phorum_htmlpurifier_config_file_exists()) {
echo "Cannot update settings, <code>mods/htmlpurifier/config.php</code> already exists. To change
settings, edit that file. To use the web form, delete that file.<br />";
} else {
$config = phorum_htmlpurifier_get_config(true);
if (!isset($_POST['reset'])) $config->mergeArrayFromForm($_POST, 'config', $PHORUM['mod_htmlpurifier']['directives']);
$PHORUM['mod_htmlpurifier']['config'] = $config->getAll();
}
$PHORUM['mod_htmlpurifier']['wysiwyg'] = !empty($_POST['wysiwyg']);
$PHORUM['mod_htmlpurifier']['suppress_message'] = !empty($_POST['suppress_message']);