From: Jeremy Laine <jeremy.laine@m4x.org>
Date: Fri, 30 Jun 2006 18:11:50 +0000 (+0000)
Subject: protect <table> HTML tags before passing to Textile plugin
X-Git-Url: http://git.polytechnique.org/?p=diogenes.git;a=commitdiff_plain;h=b83c2cd955fee7bf470dc99406dfdc7dd4246491

protect <table> HTML tags before passing to Textile plugin
---

diff --git a/ChangeLog b/ChangeLog
index 8aadc51..5f5d87f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ Diogenes 0.9.19
  * fixed - fix handling of filter plugins without arguments
  * improved - reduce database calls used to build a page's menu
  * improved - in debug mode, trace database calls used to build page menu
+ * improved - protect some HTML tags before passing to Textile plugin
 
 Diogenes 0.9.18
  * improved - resync Textile plugin with Textpattern 4.0.2
diff --git a/include/admin/compose.php b/include/admin/compose.php
index 5b00f11..76e0d8e 100644
--- a/include/admin/compose.php
+++ b/include/admin/compose.php
@@ -1,7 +1,7 @@
 <?php
 require_once 'diogenes.common.inc.php';
 require_once 'diogenes.admin.inc.php';
-require_once 'diogenes.compose.inc.php';
+require_once 'diogenes.text.inc.php';
 require_once 'Barrel/Page.php';
 require_once 'Barrel/File.php';
 
diff --git a/include/diogenes.compose.inc.php b/include/diogenes.compose.inc.php
index 1d5bef0..e69de29 100644
--- a/include/diogenes.compose.inc.php
+++ b/include/diogenes.compose.inc.php
@@ -1,81 +0,0 @@
-<?php
-/*
- * Copyright (C) 2003-2004 Polytechnique.org
- * http://opensource.polytechnique.org/
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-
-require_once 'diogenes/diogenes.misc.inc.php';
-
-/** Protect PHP code.
- */
-function phpProtect($input)
-{
-  $splits = preg_split("/(<\?php|\?>)/",$input,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
-  $output = "";
-
-  while ($block = array_shift($splits)) {
-    if ($block == "<?php") {
-      $code = array_shift($splits);
-      $end = array_shift($splits);
-      if ($end != "?>")
-        die("phpProtect : parse error");
-      $output .= "{PHP:".base64_encode($code).":PHP}";
-    } else {
-      $output .= $block;
-    }
-  }
-
-  return $output;
-}
-
-
-/** Unprotect PHP code.
- */
-function phpUnprotect($input)
-{
-  $splits = preg_split("/({PHP:.+:PHP})/",$input,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
-  $output = "";
-
-  foreach ($splits as $block) {
-    if (preg_match("/{PHP:(.+):PHP}/",$block,$match)) {
-      $output .= "<?php".base64_decode($match[1])."?>";
-    } else {
-      $output .= $block;
-    }
-  }
-
-  return $output;
-}
-
-
-/** Convert XHTML-compliant tags to plain HTML.
- */
-function xhtmlToHtml($input)
-{
-  return html_accent(preg_replace("/<(br|img|input|p)( [^\/]*)?\/>/","<\$1\$2>",$input));
-}
-
-
-/** Restore XHTML-compliant tags.
- */
-function htmlToXhtml($input)
-{
-  return preg_replace("/<(br|img|input)( [^>]+)?>/","<\$1\$2/>",$input);
-}
-
-?>
diff --git a/plugins/TextileMarkup.php b/plugins/TextileMarkup.php
index e692a1b..6416612 100644
--- a/plugins/TextileMarkup.php
+++ b/plugins/TextileMarkup.php
@@ -49,7 +49,9 @@ class TextileMarkup extends Diogenes_Plugin_Skel_Filter
   function filter($input)
   {
     $textile = new Textile();
-    return $textile->TextileThis($input);
+    $data = htmlProtectFromTextism($input);
+    $data = $textile->TextileThis($data);
+    return htmlUnprotectFromTextism($data);
   }
   
 }