Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

- Added 'escape HTML' option to the filters. Patch by Gabor Hojtsy.

4.3.x
Dries Buytaert 2003-09-16 17:35:02 +00:00
parent 01f3bcfc75
commit 62f939944f
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/node.module
View File

@ -496,13 +496,18 @@ function node_settings() {
}
function node_conf_filters() {
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content."));
$output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before. If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links. If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
$output .= "<hr />";
return $output;
}
function node_escape_html($text) {
return htmlspecialchars($text);
}
function node_filter_html($text) {
$text = strip_tags($text, variable_get("allowed_html", ""));
return $text;
@ -530,6 +535,10 @@ function node_filter($text) {
$text = rewrite_old_urls($text);
}
if (variable_get("escape_html", 0)) {
$text = node_escape_html($text);
}
return trim($text);
}

11
modules/node/node.module
View File

@ -496,13 +496,18 @@ function node_settings() {
}
function node_conf_filters() {
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content."));
$output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
$output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
$output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
$output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before. If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links. If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
$output .= "<hr />";
return $output;
}
function node_escape_html($text) {
return htmlspecialchars($text);
}
function node_filter_html($text) {
$text = strip_tags($text, variable_get("allowed_html", ""));
return $text;
@ -530,6 +535,10 @@ function node_filter($text) {
$text = rewrite_old_urls($text);
}
if (variable_get("escape_html", 0)) {
$text = node_escape_html($text);
}
return trim($text);
}