mirror of
https://github.com/processwire/processwire.git
synced 2025-08-17 20:11:46 +02:00
This commit is contained in:
Ryan Cramer
@@ -84,6 +84,19 @@ function _checkForTwoFactorAuth(Session $session) {
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if POST request exceeds PHP’s max_input_vars
|
||||
*
|
||||
* @param WireInput $input
|
||||
*
|
||||
*/
|
||||
function _checkForMaxInputVars(WireInput $input) {
|
||||
$max = (int) ini_get('max_input_vars');
|
||||
if($max && count($_POST) >= $max) {
|
||||
$input->error(sprintf(__('You have reached PHP’s “max_input_vars” setting of %d — please increase it.'), $max));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// notify superuser if there is an http host error
|
||||
if($user->isSuperuser()) _checkForHttpHostError($config);
|
||||
@@ -118,6 +131,8 @@ if($page->process && $page->process != 'ProcessPageView') {
|
||||
foreach($_POST as $k => $v) unset($_POST[$k]);
|
||||
foreach($_FILES as $k => $v) unset($_FILES[$k]);
|
||||
$input->post->removeAll();
|
||||
} else if($input->requestMethod('POST') && $user->isLoggedin() && $user->hasPermission('page-edit')) {
|
||||
_checkForMaxInputVars($input);
|
||||
}
|
||||
|
||||
$controller = new ProcessController();
|
||||
|
||||
@@ -559,13 +559,14 @@ class InputfieldCKEditor extends InputfieldTextarea {
|
||||
if(!$length) return '';
|
||||
|
||||
if($this->usePurifier && $this->wire('modules')->isInstalled('MarkupHTMLPurifier')) {
|
||||
$enableID = stripos($this->toolbar, 'anchor') !== false || $this->isExtraAllowedContentAttribute('id');
|
||||
if(is_null(self::$purifier)) self::$purifier = $this->wire('modules')->get('MarkupHTMLPurifier');
|
||||
$configData = $this->wire('modules')->getModuleConfigData('ProcessPageEditLink');
|
||||
$targets = isset($configData['targetOptions']) ? $configData['targetOptions'] : '_blank';
|
||||
$targets = explode("\n", $targets);
|
||||
foreach($targets as $k => $v) $targets[$k] = trim($v);
|
||||
self::$purifier->set('Attr.AllowedFrameTargets', $targets); // allow links opened in new window/tab
|
||||
self::$purifier->set('Attr.EnableID', stripos($this->toolbar, 'anchor') !== false); // for anchor plugin use of id and name attributes
|
||||
self::$purifier->set('Attr.EnableID', $enableID); // for anchor plugin use of id and name attributes
|
||||
$value = self::$purifier->purify($value);
|
||||
// $newLength = strlen($value);
|
||||
// if($length != $newLength) $this->message("HTML Purifier: $this->name (before: $length bytes, after: $newLength bytes)", Notice::debug);
|
||||
@@ -704,6 +705,32 @@ class InputfieldCKEditor extends InputfieldTextarea {
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is the given attribute present for any tag in the extraAllowedContent?
|
||||
*
|
||||
* @param string $attr
|
||||
* @param string $type One of 'attribute', 'class' or 'style' (default='attribute')
|
||||
* @return bool
|
||||
*
|
||||
*/
|
||||
protected function isExtraAllowedContentAttribute($attr, $type = 'attribute') {
|
||||
$types = array(
|
||||
'attribute' => array('[', ']'),
|
||||
'class' => array('(', ')'),
|
||||
'style' => array('{', '}'),
|
||||
);
|
||||
$is = false;
|
||||
list($open, $close) = $types[$type];
|
||||
foreach(explode($open, str_replace(array(' ', '!'), '', $this->extraAllowedContent)) as $attrs) {
|
||||
list($attrs,) = explode($close, $attrs, 2);
|
||||
$attrs = explode(',', $attrs);
|
||||
if(!in_array($attr, $attrs)) continue;
|
||||
$is = true;
|
||||
break;
|
||||
}
|
||||
return $is;
|
||||
}
|
||||
|
||||
/*
|
||||
* Inputfield configuration screen
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user