Merge pull request #3294 from Icinga/feature/use-new-purifier-helper-for-plugin-output

Use new purifier helper for plugin output
2018-01-19 16:55:30 +01:00 · 2018-01-19 16:55:30 +01:00 · 3b6699d28d
parent d9978d19a4 e8fa99f913
commit 3b6699d28d
2 changed files with 19 additions and 34 deletions
--- a/modules/monitoring/application/views/helpers/PluginOutput.php
+++ b/modules/monitoring/application/views/helpers/PluginOutput.php
@ -2,6 +2,7 @@
 /* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */

 use Icinga\Web\Dom\DomNodeIterator;
+use Icinga\Module\Monitoring\Web\Helper\PluginOutputPurifier;

 /**
 * Plugin output renderer
@ -94,7 +95,7 @@ class Zend_View_Helper_PluginOutput extends Zend_View_Helper_Abstract
            $output = preg_replace(
                self::$htmlPatterns,
                self::$htmlReplacements,
-                $this->getPurifier()->purify($output)
+                PluginOutputPurifier::process($output)
            );
            $isHtml = true;
        } else {
@ -176,37 +177,4 @@ class Zend_View_Helper_PluginOutput extends Zend_View_Helper_Abstract

        return substr($doc->saveHTML(), 5, -7);
    }
-
-    /**
-     * Initialize and return self::$purifier
-     *
-     * @return HTMLPurifier
-     */
-    protected function getPurifier()
-    {
-        if (self::$purifier === null) {
-            require_once 'HTMLPurifier/Bootstrap.php';
-            require_once 'HTMLPurifier.php';
-            require_once 'HTMLPurifier.autoload.php';
-
-            $config = HTMLPurifier_Config::createDefault();
-            $config->set('Core.EscapeNonASCIICharacters', true);
-            $config->set('Attr.AllowedFrameTargets', array('_blank'));
-            $config->set(
-                'HTML.Allowed',
-                'p,br,b,a[href|target],i,ul,ol,li,table,tr,th[colspan],td[colspan],div,*[class]'
-            );
-            // This avoids permission problems:
-            // $config->set('Core.DefinitionCache', null);
-            $config->set('Cache.DefinitionImpl', null);
-            // TODO: Use a cache directory:
-            // $config->set('Cache.SerializerPath', '/var/spool/whatever');
-
-            // $config->set('URI.Base', 'http://www.example.com');
-            // $config->set('URI.MakeAbsolute', true);
-            // $config->set('AutoFormat.AutoParagraph', true);
-            self::$purifier = new HTMLPurifier($config);
-        }
-        return self::$purifier;
-    }
 }
--- a/modules/monitoring/library/Monitoring/Web/Helper/PluginOutputPurifier.php
+++ b/modules/monitoring/library/Monitoring/Web/Helper/PluginOutputPurifier.php
@ -0,0 +1,17 @@
+<?php
+/* Icinga Web 2 | (c) 2018 Icinga Development Team | GPLv2+ */
+
+namespace Icinga\Module\Monitoring\Web\Helper;
+
+use Icinga\Web\Helper\HtmlPurifier;
+
+class PluginOutputPurifier extends HtmlPurifier
+{
+    protected function configure($config)
+    {
+        $config->set(
+            'HTML.Allowed',
+            'p,br,b,a[href|target],i,ul,ol,li,table,tr,th[colspan],td[colspan],div,*[class]'
+        );
+    }
+}