mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-05 06:07:32 +02:00
Code Issues Releases Wiki Activity

Fixes #4346 - TinyMce parser issue. Hide side-panel help icon on legacy admin theme.

Browse Source
This commit is contained in:
Cameron
2021-02-05 18:31:54 -08:00
parent ddc53d00be
commit 2337b075a8
8 changed files with 224 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
class2.php
View File

@@ -83,7 +83,7 @@ if(!empty($_E107['minimal']))
$_E107['no_maintenance'] = true;
$_E107['no_forceuserupdate'] = true;
$_E107['no_event'] = true;
$_E107['no_session'] = true;
// $_E107['no_session'] = true;
// $_E107['no_parser'] = true;
$_E107['no_override'] = true;
$_E107['no_log'] = true;

4
e107_core/shortcodes/batch/admin_shortcodes.php
View File

@@ -2658,6 +2658,10 @@ Inverse 10 <span class="badge badge-inverse">10</span>
*/
private function renderHelpIcon()
{
if(deftrue('THEME_STYLE') !== 'css/modern-light.css' && deftrue('THEME_STYLE') !=='css/modern-dark.css')
{
return null;
}
$text = '
<ul class="nav nav-pills nav-stacked" style="position: absolute;bottom: 100px;">

53
e107_handlers/bbcode_handler.php
View File

@@ -831,10 +831,35 @@ class e_bbcode
*/
function htmltoBBcode($text)
{
$allowedTags = array('html', 'body','div', 'a', 'img', 'table', 'thead', 'tbody', 'tr', 'td', 'th', 'b',
'i', 'pre', 'code', 'strong', 'u', 'em', 'ul', 'ol', 'li', 'h2', 'h3', 'h4', 'h5', 'h6', 'p',
'blockquote', /*'audio', 'video',*/ 'br', 'small'
);
$allowedAttributes = array(
'default' => array(),
'img' => array('src', 'alt', 'width', 'height'),
'a' => array('href', 'target', 'rel'),
'audio' => array('src', 'controls', 'autoplay', 'loop', 'muted', 'preload'),
'video' => array('autoplay', 'controls', 'height', 'loop', 'muted', 'poster', 'preload', 'src', 'width'),
'td' => array('colspan', 'rowspan'),
'th' => array('colspan', 'rowspan'),
'x-bbcode' => array('alt'),
);
$tp = e107::getParser();
$tp->setAllowedTags($allowedTags);
$tp->setAllowedAttributes($allowedAttributes);
$tp->setScriptAttibutes(null);
$text = $tp->cleanHtml($text);
$tp->init(); // reset to default; // FIXME needs to reset the above values to default.
$text = str_replace("<!-- bbcode-html-start -->","[html]",$text);
$text = str_replace("<!-- bbcode-html-end -->","[/html]",$text);
// $text = str_replace('<!-- pagebreak -->',"[newpage=]",$text);
@@ -891,10 +916,16 @@ class e_bbcode
// Mostly closing tags.
$convert = array(
$convert = array(
array( "\n", '<br />'),
// array( "\n", '<p>'),
array( "\n", "</p>\n"),
array( "", "<div>\n"),
array( "", "\t"),
array( "", "</div>\n"),
array( "\n", "<thead>\n"),
array( "\n", "</thead>\n"),
array( "\n", "</p>"),
array( "[/list]", '</ul>\n'),
array( "[/list]", '</ul>'),
@@ -906,14 +937,22 @@ class e_bbcode
array( "[h=3]", '<h3 class="bbcode-center" style="text-align: center;">'), // e107 bbcode markup
array( "[h=3]", '<h3>'),
array( "[/h]", '</h3>'),
array( "[h=4]", '<h4>'),
array( "[/h]", '</h4>'),
array( "[h=5]", '<h5>'),
array( "[/h]", '</h5>'),
array( "[h=6]", '<h6>'),
array( "[/h]", '</h6>'),
array( "[/b]", '</strong>'),
array( "[/i]", '</em>'),
array( "[/block]", '</div>'),
array( "[/table]", '</table>'),
array( "[/tbody]", '</tbody>'),
array( "[/table]", '</table>'),
array( "[/tbody]", '</tbody>'),
array( "[/code]\n", '</code>'),
array( "[/tr]", '</tr>'),
array( "[/td]", '</td>'),
array( "[/tr]", '</tr>'),
array( "[/td]", '</td>'),
array( "[td]", '<th>'),
array( "[/td]", '</th>'),
array( "[/blockquote]",'</blockquote>'),
array( "]", ' style=]')

5
e107_handlers/e_parse_class.php
View File

@@ -3457,6 +3457,11 @@ class e_parse
$this->scriptAccess = $val;
}
public function setScriptAttibutes($arr)
{
$this->scriptAttributes = (array) $arr;
}
public function getAllowedTags()
{

2
e107_handlers/session_handler.php
View File

@@ -990,7 +990,7 @@ class e_core_session extends e_session
return false;
}
$this->log('Session Token Okay!', E_LOG_NOTICE);
$this->log('Session Token Okay!', defset('E_LOG_NOTICE', 1));
}

97
e107_plugins/tinymce4/plugins/e107/parser.php
View File

@@ -7,23 +7,26 @@
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt)
*/
if(empty($_POST['content']) && empty($_GET['debug']) && !defined('TINYMCE_DEBUG') && !defined('TINYMCE_UNIT_TEST'))
{
header('Content-Length: 0');
exit;
}
$_E107['no_online'] = true;
$_E107['no_menus'] = true;
$_E107['no_forceuserupdate'] = true;
$_E107['no_maintenance'] = true;
$_E107['minimal'] = true;
if(!defined('e_ADMIN_AREA'))
{
define('e_ADMIN_AREA', true);
}
if (!defined('e_ADMIN_AREA')) define('e_ADMIN_AREA', true);
if(!defined('TINYMCE_DEBUG') && !defined('TINYMCE_UNIT_TEST'))
{
require_once("../../../../class2.php");
$_E107['no_online'] = true;
$_E107['no_menus'] = true;
$_E107['no_forceuserupdate'] = true;
$_E107['no_maintenance'] = true;
$_E107['minimal'] = true;
require_once(__DIR__."/../../../../class2.php");
}
/**
@@ -35,15 +38,14 @@ if(!defined('TINYMCE_DEBUG') && !defined('TINYMCE_UNIT_TEST'))
*/
class e107TinyMceParser
{
protected $gzipCompression = false;
protected $postHtmlClass;
/**
*
*/
function __construct()
{
$_POST['mode'] = isset($_POST['mode']) ? $_POST['mode'] : 'tohtml';
$this->postHtmlClass = (int) e107::getPref('post_html', e_UC_NOBODY);
$mode = isset($_POST['mode']) ? $_POST['mode'] : 'tohtml';
$_POST['content'] = isset($_POST['content']) ? $_POST['content'] : '';
$html = '';
@@ -80,24 +82,16 @@ TEMPL;
$debug = false;
}
if($_POST['mode'] == 'tohtml')
if($mode === 'tohtml')
{
$html = $this->toHTML($_POST['content']);
}
if($_POST['mode'] == 'tobbcode')
elseif($mode === 'tobbcode')
{
$html = $this->toBBcode($_POST['content']);
$html = $this->toDB($_POST['content']);
}
if($debug == true)
{
print_a($html);
echo "<hr />";
echo "<h1>Rendered</h1>";
echo $html;
}
elseif($this->gzipCompression == true)
if($this->gzipCompression == true)
{
header('Content-Encoding: gzip');
$gzipoutput = gzencode($html,6);
@@ -111,12 +105,14 @@ TEMPL;
}
public function setHtmlClass($value)
{
$this->postHtmlClass = (int) $value;
}
public function toHTML($content)
{
// global $pref; //XXX faster?
$pref = e107::getPref();
$tp = e107::getParser();
// XXX @Cam possible fix - convert to BB first, see news admin AJAX request/response values for reference why
$content = stripslashes($content);
@@ -124,11 +120,8 @@ TEMPL;
// $content = e107::getBB()->htmltoBBcode($content); //XXX This breaks inserted images from media-manager. :/
e107::getBB()->setClass($this->getMediaCategory());
if(check_class($pref['post_html'])) // raw HTML within [html] tags.
if(check_class($this->postHtmlClass)) // raw HTML within [html] tags.
{
// $content = $tp->replaceConstants($content,'abs');
if(strpos($content,"[html]") === false) // BC - convert old BB code text to html.
{
e107::getBB()->clearClass();
@@ -147,22 +140,7 @@ TEMPL;
$content = $tp->parseBBTags($content,true); // parse the <bbcode> tag so we see the HTML equivalent while editing!
$content = e107::getBB()->parseBBCodes($content);
if(!empty($content) && E107_DEBUG_LEVEL > 0)
{
// $content = "-- DEBUG MODE ACTIVE -- \n".$content;
// echo htmlentities($content)."\n";
// echo "<pre>".$content."</pre>";
$text = $content;
return $text;
// exit;
}
else
{
$text = $content;
}
$text = $content;
}
else // bbcode Mode.
@@ -176,12 +154,6 @@ TEMPL;
$content = str_replace(e_MEDIA_IMAGE,"{e_MEDIA_IMAGE}",$content);
$text = "";
if(!empty($content) && E107_DEBUG_LEVEL > 0)
{
$text .= "<!-- bbcode mode -->";
//print_r(htmlentities($content))."\n";
//exit;
}
$text .= $content;
}
@@ -193,37 +165,26 @@ TEMPL;
function toBBcode($content)
function toDB($content)
{
// echo $_POST['content'];
// global $pref;
$pref = e107::getPref();
// $tp = e107::getParser();
e107::getBB()->setClass($this->getMediaCategory());
$content = stripslashes($content);
if(check_class($pref['post_html'])) // Plain HTML mode.
if(check_class($this->postHtmlClass)) // Plain HTML mode.
{
$content = trim($content);
// $content = $this->updateImg($content);
$content = e107::getBB()->imgToBBcode($content);
// $content = $tp->parseBBTags($content,true); // replace html with bbcode equivalent
if(strip_tags($content, '<i>') == '&nbsp;') // Avoid this: [html]<p>&nbsp;</p>[/html]
{
exit;
}
$text = $content ? "[html]".$content."[/html]" : ""; // Add the tags before saving to DB.
$text = !empty($content) ? "[html]".$content."[/html]" : ''; // Add the tags before saving to DB.
}
else // bbcode Mode. //XXX Disabled at the moment in tinymce/e_meta.php - post_html is required to activate.
else // User doesn't have HTML access - bbcode Mode.
{
// [img width=400]/e107_2.0/thumb.php?src={e_MEDIA_IMAGE}2012-12/e107org_white_stripe.png&w=400&h=0[/img]
// $content = str_replace("{e_BASE}","", $content); // We want {e_BASE} in the final data going to the DB, but not the editor.
$text = e107::getBB()->htmltoBBcode($content); // not reliable enough yet.
}

33
e107_tests/tests/unit/e_bbcodeTest.php
View File

@@ -13,7 +13,7 @@
{
/** @var e_bbcode */
protected $bb;
protected e_bbcode $bb;
protected function _before()
{
@@ -47,12 +47,39 @@
{
}
*/
public function testHtmltoBBcode()
{
$text = '<h1 style="text-align: center;">Heading 1</h1>
<h2 style="text-align: right;">Heading 2</h2>
<h3 style="text-align: left;">Heading 3</h3>
<h4>Heading 4</h4>
<h5>Heading 5</h5>
<h6>Heading 6</h6>
<div style="background-color: #333; color: white; padding: 10px;">
<p>Paragraph.</p>
<table onclick="alert(1)">
<colgroup>
<col style="width:30%" />
<col style="width:70%" />
</colgroup>
<thead>
<tr><th>Column 1</th><th>Column 2</th></tr>
</thead>
<tbody>
<tr><td><a href="#">link</a></td><td></td></tr>
</tbody>
</table>
</div>';
$result = $this->bb->htmltoBbcode($text);
$expected = strip_tags($result);
$this->assertSame($expected, $result);
}
/*
public function testImgToBBcode()
{

118
e107_tests/tests/unit/plugins/e107TinyMceParserTest.php
View File

@@ -76,8 +76,10 @@ Plain text paragraph 3<br />';
/**
* Test parsing of input from user via TinyMce.
*/
public function testToBBcode()
public function testToDB()
{
$this->tm->setHtmlClass(e_UC_ADMIN);
$test_1 = '<ul>
<li>one<a class="bbcode bbcode-link" href="http://www.three.co.uk/"></a></li>
@@ -88,7 +90,7 @@ Plain text paragraph 3<br />';
<sup>2</sup>
';
$actual_1 = $this->tm->toBBcode($test_1);
$actual_1 = $this->tm->toDB($test_1);
$expected_1 = '[html]<ul>
<li>one<a class="bbcode bbcode-link" href="http://www.three.co.uk/"></a></li>
<li>two</li>
@@ -110,7 +112,7 @@ Plain text paragraph 3<br />';
$actual_2 = $this->tm->toBBcode($test_2);
$actual_2 = $this->tm->toDB($test_2);
$expected_2 = '[html]<p>[img class=bbcode-img-right&width=300]{e_MEDIA_IMAGE}2017-11/e107_about.png[/img]Some text</p>
<p>[img class=bbcode-img-left&width=600]{e_MEDIA_IMAGE}2017-11/e107_about.png[/img]Some other text</p>[/html]';
@@ -122,21 +124,120 @@ Plain text paragraph 3<br />';
}
function testParsingOfScriptTags()
/**
* Simulate TinyMce usage by a user without access to post HTML.
*/
function testToDBUser()
{
$text = "An example,<br />
<br />
Thank you for your purchase.<br />
Your order reference number is: #{ORDER_DATA: order_ref}<br />
<br />
<table class='table'>
<colgroup>
<col style='width:50%' />
<col style='width:50%' />
</colgroup>
<tr>
<th>Merchant</th>
<th>Customer</th>
</tr>
<tr>
<td>{ORDER_MERCHANT_INFO}</td>
<td>
<h4>Billing address</h4>
{ORDER_DATA: cust_firstname} {ORDER_DATA: cust_lastname}<br />
</td>
</tr>
</table>
<hr />";
global $_E107;
$_E107['phpunit'] = true; // enable the user of check_class();
$this->tm->setHtmlClass(e_UC_NOBODY);
$result = $this->tm->toDB($text);
$_E107['phpunit'] = false;
}
function testtoDBOnScriptTags()
{
$this->tm->setHtmlClass(e_UC_ADMIN);
// test parsing of scripts.
$string = '<p><script type="text/javascript" src="https://cdn.myscript.net/js/1.js" async></script></p>';
$result = $this->tm->toBBcode($string);
$result = $this->tm->toDB($string);
$this->assertSame('[html]'.$string.'[/html]', $result);
$result = $this->tm->toHTML($string);
$this->assertSame($string, $result);
}
public function testParsingofTable()
{
// -----------
$string = "Hello {ORDER_DATA: cust_firstname} {ORDER_DATA: cust_lastname},<br />
<br />
Thank you for your purchase.<br />
Your order reference number is: #{ORDER_DATA: order_ref}<br />
<br />
<table class='table'>
<colgroup>
<col style='width:50%' />
<col style='width:50%' />
</colgroup>
<tr>
<th>Merchant</th>
<th>Customer</th>
</tr>
<tr>
<td>{ORDER_MERCHANT_INFO}</td>
<td>
<h4>Billing address</h4>
{ORDER_DATA: cust_firstname} {ORDER_DATA: cust_lastname}<br />
{ORDER_DATA: cust_company}<br />
{ORDER_DATA: cust_address}<br />
{ORDER_DATA: cust_city} &nbsp;{ORDER_DATA: cust_state} &nbsp;{ORDER_DATA: cust_zip}<br />
{ORDER_DATA: cust_country}
<br />
<h4>Shipping address</h4>
{ORDER_DATA: ship_firstname} {ORDER_DATA: ship_lastname}<br />
{ORDER_DATA: ship_company}<br />
{ORDER_DATA: ship_address}<br />
{ORDER_DATA: ship_city} &nbsp;{ORDER_DATA: ship_state} &nbsp;{ORDER_DATA: ship_zip}<br />
{ORDER_DATA: ship_country}
</td>
</tr>
</table>";
$this->tm->setHtmlClass(254);
$result = $this->tm->toDB($string);
$this->assertSame('[html]'.$string.'[/html]', $result);
$result = $this->tm->toHTML($string);
$this->assertSame($string, $result);
}
@@ -145,7 +246,4 @@ Plain text paragraph 3<br />';
}