Changeset 2176 for plugins/contribute/inc/lib.contribute.document.php

Timestamp:

04/11/10 14:48:21 (14 years ago)

Author:

Moe

Message:

Contribute 1.0-alpha25 :

• added a filter against Javascript injections
• check installed and active plugins
• display more info on post
• removed unused code
• switched to GPL v2 (previous commit [2172]])

File:

• plugins/contribute/inc/lib.contribute.document.php (modified) (7 diffs)

plugins/contribute/inc/lib.contribute.document.php

@@ -57 +57 @@
           }
           
+          $disabled_plugins = $core->plugins->getDisabledModules();
+          
           $_ctx =& $GLOBALS['_ctx'];
           
@@ -69 +71 @@
           
           # Metadata
-          if ($core->plugins->moduleExists('metadata'))
+          if ($core->plugins->moduleExists('metadata')
+               && !array_key_exists('metadata',$disabled_plugins))
           {
                $meta = new dcMeta($core);
@@ -80 +83 @@
           # My Meta
           if ($core->plugins->moduleExists('mymeta')
-               && ($settings->contribute_allow_mymeta))
+               && ($settings->contribute_allow_mymeta)
+               && !array_key_exists('mymeta',$disabled_plugins))
           {
                $mymeta_values = array();
@@ -264 +268 @@
                     
                     # avoid Notice: Indirect modification of overloaded property
-                    # record::$post_excerpt has no effect in .../contribute/_public.php
-                    # on line 146
-                    $post_excerpt = $post->post_excerpt;
-                    $post_excerpt_xhtml = $post->post_excerpt_xhtml;
-                    $post_content = $post->post_content;
-                    $post_content_xhtml = $post->post_content_xhtml;
-                    
-                    # HTML filter
-                    # get the setting value
-                    $enable_html_filter = $settings->enable_html_filter;
-                    # set the setting to true
-                    $settings->enable_html_filter = true;
+                    # record::$post_excerpt has no effect in [this file]
+                    # on line [...]
+                    
+                    # filter to remove JavaScript
+                    $post_excerpt = contribute::HTMLfilter($post->post_excerpt);
+                    $post_excerpt_xhtml = contribute::HTMLfilter($post->post_excerpt_xhtml);
+                    $post_content = contribute::HTMLfilter($post->post_content);
+                    $post_content_xhtml = contribute::HTMLfilter($post->post_content_xhtml);
                     
                     $core->blog->setPostContent(
@@ -282 +282 @@
                          $post_content,$post_content_xhtml
                     );
-                    
-                    # set the old value to the setting
-                    $settings->enable_html_filter = $enable_html_filter;
-                    unset($enable_html_filter);
                     
                     $post->post_excerpt = $post_excerpt;
@@ -398 +394 @@
                          && (isset($_POST['post_notes'])))
                     {
-                         $post->post_notes = $_POST['post_notes'];
+                         $post->post_notes = contribute::HTMLfilter($_POST['post_notes']);
                     }
                     
@@ -492 +488 @@
                          # antispam
                          if ($settings->contribute_enable_antispam
-                              && $core->plugins->moduleExists('antispam'))
+                              && $core->plugins->moduleExists('antispam')
+                              && !array_key_exists('antispam',$disabled_plugins))
                          {
                               $cur = $core->con->openCursor($core->prefix.'comment');