litzinger · December 3, 2014 22:34
diff --git a/cleaner.php b/cleaner.php
 <?php
 /*
 HTMLPurifier settings example
 'cleaner_xss_clean' => 'no',
        'cleaner_html_clean' => 'no',
        'cleaner_allow_tags_in_post' => '',
        'cleaner_allow_attr_in_template' => 'href, class, src, rel, width, height',
        'cleaner_allow_tags_in_template' => 'img, h1, h2, h3, h4, h5, blockquote, strong, em, p, b, a, i, ul, li, ol, br',
 */

 require PATH_THIRD.'cleaner/config.php';

 $plugin_info = array(
    'pi_name'           => CLEANER_NAME,
    'pi_version'        => CLEANER_VERSION,
    'pi_author'         => CLEANER_AUTHOR,
    'pi_author_url'     => CLEANER_DOCS_URL,
    'pi_description'    => CLEANER_DESC,
    'pi_usage'          => Cleaner::usage()
 );

 class Cleaner {

    var $return_data;   
    var $purifier; 
    var $EE;

    function Cleaner($allowed_attr = false, $allowed_tags = false)
    {
        $this->EE =& get_instance();
        
        if(!isset($this->EE->session->cache['cleaner']['plugin']))
        {
            $settings = $this->EE->db->select('settings')
                                     ->where('class', 'Cleaner_ext')
                                     ->limit(1)
                                     ->get('extensions')
                                     ->row('settings');
                                     
            $settings = unserialize($settings);
            
            $this->EE->session->cache['cleaner']['plugin']['tags'] = $settings['cleaner_allow_tags_in_template'];
            $this->EE->session->cache['cleaner']['plugin']['attr'] = $settings['cleaner_allow_attr_in_template'];
        }
        
        // replace this with the path to the HTML Purifier library
        require_once 'htmlpurifier/HTMLPurifier.standalone.php';

        $config = HTMLPurifier_Config::createDefault();
        
        $allowed_attr = $allowed_attr ? $allowed_attr : $this->EE->session->cache['cleaner']['plugin']['attr'];
        $allowed_tags = $allowed_tags ? $allowed_tags : $this->EE->session->cache['cleaner']['plugin']['tags'];

        $config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
        $config->set('HTML.Doctype', 'XHTML 1.1'); // replace with your doctype
        $config->set('HTML.TidyLevel', 'heavy'); // burn baby burn!
        $config->set('HTML.AllowedAttributes', $allowed_attr); // strip all html attributes, mostly for style and class
        $config->set('HTML.AllowedElements', $allowed_tags);
        $config->set('AutoFormat.RemoveEmpty', true); // remove empty tag pairs
        $config->set('AutoFormat.RemoveEmpty.RemoveNbsp', true); // remove empty, even if it contains an &nbsp;
        $config->set('AutoFormat.AutoParagraph', true); // remove empty tag pairs

        $cache_path = APPPATH . 'cache/htmlpurifier';

        // Make sure our cache folder exists.
        if ( ! is_dir($cache_path))
        {
            if( ! is_writable($cache_path))
            {
                show_error('Please make the following directory writable: '.$cache_path);
            }

            if(mkdir($cache_path, DIR_WRITE_MODE, TRUE))
            {
                $config->set('Cache.SerializerPath', $cache_path);
            }
        }
        else
        {
            $config->set('Cache.SerializerPath', $cache_path);
        }

        $this->purifier = new HTMLPurifier($config);
    }
    
    function clean($str = '')
    {
        if ($str == '')
        {
            $str = $this->EE->TMPL->tagdata;
        }

        try 
        {
            $str = $this->purifier->purify($str);
        } 
        catch (Exception $e)
        {
            if(REQ == 'CP')
            {
                show_error($e);
            }
            else
            {
                return $this->EE->output->show_user_error('general', array($e));
            }
        }

        // Remove any <br /> tags between <p> tags. Don't know how WP allowed this...
        $str = preg_replace('#</p>\s*<br />\s*<p#mi', '</p></p', $str);
        $str = str_replace('<br/><br/>', '', $str);

        // If there are any instances of double br tags, blow them up and wrap the strings in <p></p> tags instead
        // HTMLPurifier's AutoParagraph didn't seem to work how I wanted it to....
        $paragraphs = explode("<br /><br />", $str);
        
        if(count($paragraphs) > 1)
        {
            for ($i = 0; $i < count($paragraphs); $i++)
            {
                if($paragraphs[$i] != "" AND $paragraphs != "&nbsp;")
                {
                    $paragraphs[$i] = '<p>' . $paragraphs[$i] . '</p>';
                }
            }
        
            $str = implode ('', $paragraphs);
        }
        
        $this->return_data = $str;

        // Optionally update the database with the cleaned data. 
        // After this is done you can basically remove this plugin entirely.
        $update_field = $this->EE->TMPL->fetch_param('update_field');
        $entry_id = $this->EE->TMPL->fetch_param('entry_id');

        if ($update_field AND $entry_id)
        {
            $this->EE->db->where('entry_id', $entry_id)
                         ->update('channel_data', array($update_field => $str));
        }
        
        return $this->return_data;
    }
 }
	<?php
	/*
	HTMLPurifier settings example
	'cleaner_xss_clean' => 'no',
	'cleaner_html_clean' => 'no',
	'cleaner_allow_tags_in_post' => '',
	'cleaner_allow_attr_in_template' => 'href, class, src, rel, width, height',
	'cleaner_allow_tags_in_template' => 'img, h1, h2, h3, h4, h5, blockquote, strong, em, p, b, a, i, ul, li, ol, br',
	*/

	require PATH_THIRD.'cleaner/config.php';

	$plugin_info = array(
	'pi_name' => CLEANER_NAME,
	'pi_version' => CLEANER_VERSION,
	'pi_author' => CLEANER_AUTHOR,
	'pi_author_url' => CLEANER_DOCS_URL,
	'pi_description' => CLEANER_DESC,
	'pi_usage' => Cleaner::usage()
	);

	class Cleaner {

	var $return_data;
	var $purifier;
	var $EE;

	function Cleaner($allowed_attr = false, $allowed_tags = false)
	{
	$this->EE =& get_instance();

	if(!isset($this->EE->session->cache['cleaner']['plugin']))
	{
	$settings = $this->EE->db->select('settings')
	->where('class', 'Cleaner_ext')
	->limit(1)
	->get('extensions')
	->row('settings');

	$settings = unserialize($settings);

	$this->EE->session->cache['cleaner']['plugin']['tags'] = $settings['cleaner_allow_tags_in_template'];
	$this->EE->session->cache['cleaner']['plugin']['attr'] = $settings['cleaner_allow_attr_in_template'];
	}

	// replace this with the path to the HTML Purifier library
	require_once 'htmlpurifier/HTMLPurifier.standalone.php';

	$config = HTMLPurifier_Config::createDefault();

	$allowed_attr = $allowed_attr ? $allowed_attr : $this->EE->session->cache['cleaner']['plugin']['attr'];
	$allowed_tags = $allowed_tags ? $allowed_tags : $this->EE->session->cache['cleaner']['plugin']['tags'];

	$config->set('Core.Encoding', 'UTF-8'); // replace with your encoding
	$config->set('HTML.Doctype', 'XHTML 1.1'); // replace with your doctype
	$config->set('HTML.TidyLevel', 'heavy'); // burn baby burn!
	$config->set('HTML.AllowedAttributes', $allowed_attr); // strip all html attributes, mostly for style and class
	$config->set('HTML.AllowedElements', $allowed_tags);
	$config->set('AutoFormat.RemoveEmpty', true); // remove empty tag pairs
	$config->set('AutoFormat.RemoveEmpty.RemoveNbsp', true); // remove empty, even if it contains an
	$config->set('AutoFormat.AutoParagraph', true); // remove empty tag pairs

	$cache_path = APPPATH . 'cache/htmlpurifier';

	// Make sure our cache folder exists.
	if ( ! is_dir($cache_path))
	{
	if( ! is_writable($cache_path))
	{
	show_error('Please make the following directory writable: '.$cache_path);
	}

	if(mkdir($cache_path, DIR_WRITE_MODE, TRUE))
	{
	$config->set('Cache.SerializerPath', $cache_path);
	}
	}
	else
	{
	$config->set('Cache.SerializerPath', $cache_path);
	}

	$this->purifier = new HTMLPurifier($config);
	}

	function clean($str = '')
	{
	if ($str == '')
	{
	$str = $this->EE->TMPL->tagdata;
	}

	try
	{
	$str = $this->purifier->purify($str);
	}
	catch (Exception $e)
	{
	if(REQ == 'CP')
	{
	show_error($e);
	}
	else
	{
	return $this->EE->output->show_user_error('general', array($e));
	}
	}

	// Remove any <br /> tags between <p> tags. Don't know how WP allowed this...
	$str = preg_replace('#</p>\s<br />\s<p#mi', '</p></p', $str);
	$str = str_replace('<br/><br/>', '', $str);

	// If there are any instances of double br tags, blow them up and wrap the strings in <p></p> tags instead
	// HTMLPurifier's AutoParagraph didn't seem to work how I wanted it to....
	$paragraphs = explode("<br /><br />", $str);

	if(count($paragraphs) > 1)
	{
	for ($i = 0; $i < count($paragraphs); $i++)
	{
	if($paragraphs[$i] != "" AND $paragraphs != " ")
	{
	$paragraphs[$i] = '<p>' . $paragraphs[$i] . '</p>';
	}
	}

	$str = implode ('', $paragraphs);
	}

	$this->return_data = $str;

	// Optionally update the database with the cleaned data.
	// After this is done you can basically remove this plugin entirely.
	$update_field = $this->EE->TMPL->fetch_param('update_field');
	$entry_id = $this->EE->TMPL->fetch_param('entry_id');

	if ($update_field AND $entry_id)
	{
	$this->EE->db->where('entry_id', $entry_id)
	->update('channel_data', array($update_field => $str));
	}

	return $this->return_data;
	}
	}