From: Jeremy Laine <jeremy.laine@m4x.org>
Date: Fri, 30 Jun 2006 18:11:24 +0000 (+0000)
Subject: protect <table> HTML tags before passing to Textile
X-Git-Url: http://git.polytechnique.org/?p=diogenes.git;a=commitdiff_plain;h=e2e369d67aae533cf6e53a5e535807f70dde825f

protect <table> HTML tags before passing to Textile
---

diff --git a/ChangeLog b/ChangeLog
index faed551..47aaaaa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@ Diogenes 0.9.19
  * fixed - fix handling of filter plugins without arguments
  * improved - reduce database calls used to build a page's menu
  * improved - in debug mode, trace database calls used to build page menu
+ * improved - protect some HTML tags before passing to Textile plugin
 
 Diogenes 0.9.18
  * improved - resync Textile plugin with Textpattern 4.0.2
diff --git a/include/admin/compose.php b/include/admin/compose.php
index 5b00f11..76e0d8e 100644
--- a/include/admin/compose.php
+++ b/include/admin/compose.php
@@ -1,7 +1,7 @@
 <?php
 require_once 'diogenes.common.inc.php';
 require_once 'diogenes.admin.inc.php';
-require_once 'diogenes.compose.inc.php';
+require_once 'diogenes.text.inc.php';
 require_once 'Barrel/Page.php';
 require_once 'Barrel/File.php';
 
diff --git a/include/diogenes.compose.inc.php b/include/diogenes.text.inc.php
similarity index 50%
rename from include/diogenes.compose.inc.php
rename to include/diogenes.text.inc.php
index 1d5bef0..7f415d6 100644
--- a/include/diogenes.compose.inc.php
+++ b/include/diogenes.text.inc.php
@@ -1,6 +1,6 @@
 <?php
 /*
- * Copyright (C) 2003-2004 Polytechnique.org
+ * Copyright (C) 2003-2006 Polytechnique.org
  * http://opensource.polytechnique.org/
  *
  * This program is free software; you can redistribute it and/or modify
@@ -18,23 +18,34 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-
 require_once 'diogenes/diogenes.misc.inc.php';
 
-/** Protect PHP code.
+/** Protect a text block and encode it as base64.
  */
-function phpProtect($input)
+function textProtectTag($tag_open, $tag_close, $prot_open, $prot_close, $input)
 {
-  $splits = preg_split("/(<\?php|\?>)/",$input,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
+  $splits = preg_split("/($tag_open|$tag_close)/",$input,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
+  
   $output = "";
-
+  $depth = 0;
   while ($block = array_shift($splits)) {
-    if ($block == "<?php") {
-      $code = array_shift($splits);
-      $end = array_shift($splits);
-      if ($end != "?>")
-        die("phpProtect : parse error");
-      $output .= "{PHP:".base64_encode($code).":PHP}";
+    if (preg_match("/^$tag_open$/", $block)) {
+      if ($depth == 0) {
+        $save = "";
+      }
+      $save .= $block;
+      $depth++;
+    } else if ($depth > 0) {
+      $save .= $block;
+      if (preg_match("/^$tag_close$/", $block))
+      {
+        $depth--;
+        if ($depth == 0)
+        {
+           $output .= $prot_open.base64_encode($save).$prot_close;
+           $save = "";
+        }
+      }
     } else {
       $output .= $block;
     }
@@ -44,16 +55,16 @@ function phpProtect($input)
 }
 
 
-/** Unprotect PHP code.
+/** Unprotect base64 blocks.
  */
-function phpUnprotect($input)
+function textUnprotectTags($prot_open, $prot_close, $input)
 {
-  $splits = preg_split("/({PHP:.+:PHP})/",$input,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
+  $splits = preg_split("/($prot_open.+$prot_close)/",$input,-1,PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
   $output = "";
 
   foreach ($splits as $block) {
-    if (preg_match("/{PHP:(.+):PHP}/",$block,$match)) {
-      $output .= "<?php".base64_decode($match[1])."?>";
+    if (preg_match("/^$prot_open(.+)$prot_close$/", $block, $match)) {
+      $output .= base64_decode($match[1]);
     } else {
       $output .= $block;
     }
@@ -63,6 +74,38 @@ function phpUnprotect($input)
 }
 
 
+/** Protect HTML code from Textism.
+ */
+function htmlProtectFromTextism($input)
+{
+  return textProtectTag("<table\s*?[^>]*>", "<\/table>", "{NOP:", ":NOP}", $input);
+}
+
+
+/** Restore HTML code that was protected from Textism.
+ */
+function htmlUnprotectFromTextism($input)
+{
+  return textUnprotectTags("{NOP:", ":NOP}", $input);
+}
+
+
+/** Protect PHP code.
+ */
+function phpProtect($input)
+{
+  return textProtectTag("<\?php", "\?>", "{PHP:", ":PHP}", $input);
+}
+
+
+/** Unprotect PHP code.
+ */
+function phpUnprotect($input)
+{
+  return textUnprotectTags("{PHP:", ":PHP}", $input);
+}
+
+
 /** Convert XHTML-compliant tags to plain HTML.
  */
 function xhtmlToHtml($input)
@@ -78,4 +121,5 @@ function htmlToXhtml($input)
   return preg_replace("/<(br|img|input)( [^>]+)?>/","<\$1\$2/>",$input);
 }
 
+
 ?>
diff --git a/plugins/TextileMarkup.php b/plugins/TextileMarkup.php
index 29f700d..e71ae2c 100644
--- a/plugins/TextileMarkup.php
+++ b/plugins/TextileMarkup.php
@@ -49,7 +49,9 @@ class TextileMarkup extends Diogenes_Plugin_Filter
   function filter($input)
   {
     $textile = new Textile();
-    return $textile->TextileThis($input);
+    $data = htmlProtectFromTextism($input);
+    $data = $textile->TextileThis($data);
+    return htmlUnprotectFromTextism($data);
   }
   
 }