diff --git a/plugins/phorum/htmlpurifier.php b/plugins/phorum/htmlpurifier.php
index 96e77b51..af6ff532 100644
--- a/plugins/phorum/htmlpurifier.php
+++ b/plugins/phorum/htmlpurifier.php
@@ -92,6 +92,10 @@ function phorum_htmlpurifier_format($data)
// order is important
$body = str_replace("\n", "\n", $body);
$body = str_replace(array('<','>','&'), array('<','>','&'), $body);
+ if (!$message_id && defined('PHORUM_CONTROL_CENTER')) {
+ // we're in control.php, so it was double-escaped
+ $body = str_replace(array('<','>','&', '"'), array('<','>','&','"'), $body);
+ }
}
$body = $purifier->purify($body);
diff --git a/plugins/phorum/install.txt b/plugins/phorum/install.txt
index a16b2ad6..d1848938 100644
--- a/plugins/phorum/install.txt
+++ b/plugins/phorum/install.txt
@@ -18,6 +18,11 @@ made migration file may *CORRUPT* Phorum, so please take your time to
do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
before attempting anything here.
+This module will not automatically migrate user signatures, because this
+process may take a long time. After installing the HTML Purifier module and
+then configuring 'migrate.php', navigate to Settings and click 'Migrate
+Signatures' to migrate all user signatures.
+
The version of HTML Purifier bundled with is a custom modified 2.0.1.
Do not attempt to replace it with a version equal to or less than
downloaded from the HTML Purifier website: the module will combust
diff --git a/plugins/phorum/settings.php b/plugins/phorum/settings.php
index 7f77f3ac..656a07db 100644
--- a/plugins/phorum/settings.php
+++ b/plugins/phorum/settings.php
@@ -49,8 +49,83 @@ if ($config_exists || !isset($PHORUM['mod_htmlpurifier']['config'])) {
$config = HTMLPurifier_Config::create($PHORUM['mod_htmlpurifier']['config']);
}
-// save settings
-if(!empty($_POST)){
+$offset = 0;
+if (!empty($_POST['migrate-sigs'])) {
+ if (!isset($_POST['confirmation']) || strtolower($_POST['confirmation']) !== 'yes') {
+ echo 'Invalid confirmation code.';
+ exit;
+ }
+ $PHORUM['mod_htmlpurifier']['migrate-sigs'] = true;
+ phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
+ $offset = 1;
+} elseif (!empty($_GET['migrate-sigs']) && $PHORUM['mod_htmlpurifier']['migrate-sigs']) {
+ $offset = (int) $_GET['migrate-sigs'];
+}
+
+// lower this setting if you're getting time outs/out of memory
+$increment = 100;
+
+if ($offset) do {
+ require_once 'migrate.php';
+ // migrate signatures
+ // do this in batches so we don't run out of time/space
+ $end = $offset + $increment;
+ $user_ids = array();
+ for ($i = $offset; $i < $end; $i++) {
+ $user_ids[] = $i;
+ }
+ $userinfos = phorum_db_user_get_fields($user_ids, 'signature');
+ foreach ($userinfos as $i => $user) {
+ if (empty($user['signature'])) continue;
+ $sig = $user['signature'];
+ // perform standard Phorum processing on the sig
+ $sig = str_replace(array("&","<",">"), array("&","<",">"), $sig);
+ $sig = preg_replace("/<((http|https|ftp):\/\/[a-z0-9;\/\?:@=\&\$\-_\.\+!*'\(\),~%]+?)>/i", "$1", $sig);
+ // prepare fake data to pass to migration function
+ $fake_data = array(array("author"=>"", "email"=>"", "subject"=>"", 'body' => $sig));
+ list($fake_message) = phorum_htmlpurifier_migrate($fake_data);
+ $user['signature'] = $fake_message['body'];
+ if (!phorum_user_save($user)) {
+ exit('Error while saving user data');
+ }
+ }
+ unset($userinfos); // free up memory
+
+ // query for highest ID in database
+ $type = $PHORUM['DBCONFIG']['type'];
+ if ($type == 'mysql') {
+ $conn = phorum_db_mysql_connect();
+ $sql = "select MAX(user_id) from {$PHORUM['user_table']}";
+ $res = mysql_query($sql, $conn);
+ $row = mysql_fetch_row($res);
+ $top_id = (int) $row[0];
+ } elseif ($type == 'mysqli') {
+ $conn = phorum_db_mysqli_connect();
+ $sql = "select MAX(user_id) from {$PHORUM['user_table']}";
+ $res = mysqli_query($conn, $sql);
+ $row = mysqli_fetch_row($res);
+ $top_id = (int) $row[0];
+ } else {
+ exit('Unrecognized database!');
+ }
+
+ $offset += $increment;
+ if ($offset > $top_id) { // test for end condition
+ echo 'Migration finished';
+ $PHORUM['mod_htmlpurifier']['migrate-sigs'] = false;
+ phorum_db_update_settings(array("mod_htmlpurifier"=>$PHORUM["mod_htmlpurifier"]));
+ continue;
+ }
+ $host = $_SERVER['HTTP_HOST'];
+ $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
+ $extra = 'admin.php?module=modsettings&mod=htmlpurifier&migrate-sigs=' . $offset;
+ // relies on output buffering to work
+ header("Location: http://$host$uri/$extra");
+ exit;
+} while (0);
+
+if(!empty($_POST) && !$offset){
+ // save settings
if ($config_exists) {
echo "Cannot update settings, mods/htmlpurifier/config.php already exists. To change
settings, edit that file. To use the web form, delete that file.
";
@@ -96,6 +171,24 @@ if ($config_exists) {
// output form
require_once './include/admin/PhorumInputForm.php';
+ $frm_migrate = new PhorumInputForm ('', "post", "Migrate");
+ $frm_migrate->hidden("module", "modsettings");
+ $frm_migrate->hidden("mod", "htmlpurifier");
+ $frm_migrate->hidden("migrate-sigs", "1");
+ $frm_migrate->addbreak("Migrate user signatures to HTML");
+ $frm_migrate->addMessage('This operation will migrate your users signatures
+ to HTML. This process is irreversible and must only be performed once.
+ Type in yes in the confirmation field to migrate.');
+ if (!file_exists(dirname(__FILE__) . '/migrate.php')) {
+ $frm_migrate->addMessage('Migration file does not exist, cannot migrate signatures.
+ Please check migrate.bbcode.php on how to create an appropriate file.');
+ } else {
+ $frm_migrate->addrow('Confirm:', $frm_migrate->text_box("confirmation", ""));
+ }
+ $frm_migrate->show();
+
+ echo '
';
+
$frm = new PhorumInputForm ("", "post", "Save");
$frm->hidden("module", "modsettings");
$frm->hidden("mod", "htmlpurifier"); // this is the directory name that the Settings file lives in
@@ -131,4 +224,5 @@ if ($config_exists) {
echo '';
$frm->show();
+
}