diff --git a/plugins/phorum/config.default.php b/plugins/phorum/config.default.php
index 952291f7..4dc0adaa 100644
--- a/plugins/phorum/config.default.php
+++ b/plugins/phorum/config.default.php
@@ -20,5 +20,8 @@ $config->set('AutoFormat', 'AutoParagraph', true);
$config->set('AutoFormat', 'Linkify', true);
$config->set('HTML', 'Doctype', 'XHTML 1.0 Transitional');
$config->set('Core', 'AggressivelyFixLt', true);
-$config->set('Core', 'Encoding', 'iso-8859-1'); // we'll change this eventually
+$config->set('Core', 'Encoding', $GLOBALS['PHORUM']['DATA']['CHARSET']); // we'll change this eventually
+if (strtolower($GLOBALS['PHORUM']['DATA']['CHARSET']) !== 'utf-8') {
+ $config->set('Core', 'EscapeNonASCIICharacters', true);
+}
diff --git a/plugins/phorum/htmlpurifier.php b/plugins/phorum/htmlpurifier.php
index af4aa84d..ae6b79a8 100644
--- a/plugins/phorum/htmlpurifier.php
+++ b/plugins/phorum/htmlpurifier.php
@@ -12,6 +12,11 @@
* For help migrating from your previous markup language to pure HTML
* please check the migrate.bbcode.php file.
*
+ * If you'd like to use this with a WYSIWYG editor, make sure that
+ * editor sets $PHORUM['mod_htmlpurifier']['wysiwyg'] to true. Otherwise,
+ * administrators who need to edit other people's comments may be at
+ * risk for some nasty attacks.
+ *
* Tested with Phorum 5.1.22. This module will almost definitely need
* to be upgraded when Phorum 6 rolls around.
*/
@@ -136,10 +141,12 @@ function phorum_htmlpurifier_common() {
$config = HTMLPurifier_Config::create($PHORUM['mod_htmlpurifier']['config']);
}
HTMLPurifier::getInstance($config);
-
+
// increment revision.txt if you want to invalidate the cache
$GLOBALS['PHORUM']['mod_htmlpurifier']['body_cache_serial'] = $config->getSerial();
-
+
+ $GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'] = true;
+
// load migration
if (file_exists(dirname(__FILE__) . '/migrate.php')) {
include(dirname(__FILE__) . '/migrate.php');
@@ -170,3 +177,22 @@ function phorum_htmlpurifier_bubble_hook($hook) {
$PHORUM['hooks'][$hook]['funcs'][] = $func;
}
+/**
+ * Pre-emptively performs purification if it looks like a WYSIWYG editor
+ * is being used
+ */
+function phorum_htmlpurifier_before_editor($message) {
+ if (!empty($GLOBALS['PHORUM']['mod_htmlpurifier']['wysiwyg'])) {
+ if (!empty($message['body'])) {
+ $body = $message['body'];
+ // de-entity-ize contents
+ $body = str_replace(array('<','>','&'), array('<','>','&'), $body);
+ $purifier =& HTMLPurifier::getInstance();
+ $body = $purifier->purify($message['body']);
+ // re-entity-ize contents
+ $body = htmlspecialchars($body, ENT_QUOTES, $GLOBALS['PHORUM']['DATA']['CHARSET']);
+ }
+ }
+ return $message;
+}
+
diff --git a/plugins/phorum/info.txt b/plugins/phorum/info.txt
index c59a6133..db06aa8d 100644
--- a/plugins/phorum/info.txt
+++ b/plugins/phorum/info.txt
@@ -2,5 +2,6 @@ hook: format|phorum_htmlpurifier_format
hook: quote|phorum_htmlpurifier_quote
hook: posting_custom_action|phorum_htmlpurifier_posting
hook: common|phorum_htmlpurifier_common
+hook: before_editor|phorum_htmlpurifier_before_editor
title: HTML Purifier Phorum Mod
desc: This module enables standards-compliant HTML filtering on Phorum. Please check migrate.bbcode.php before enabling this mod.
\ No newline at end of file
diff --git a/plugins/phorum/settings.php b/plugins/phorum/settings.php
index e0eb379f..552d5248 100644
--- a/plugins/phorum/settings.php
+++ b/plugins/phorum/settings.php
@@ -106,8 +106,8 @@ if ($config_exists) {
$frm->addbreak("Edit settings for the HTML Purifier module");
- $frm->addMessage('Click on directive links to read what each option does.
- Warning: This will navigate you to a new page.
+ $frm->addMessage('Click on directive links to read what each option does
+ (links do not open in new windows).
For more flexibility (for instance, you want to edit the full
range of configuration directives), you can create a config.php
file in your mods/htmlpurifier/ directory. Doing so will,