From 42b685d336097cf52ce30befbab95c6f0e7236d0 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Fri, 19 Jan 2018 15:27:29 +0100
Subject: [PATCH 1/2] Introduce class
 Icinga\Module\Monitoring\Web\Helper\PluginOutputPurifier

---
 .../Web/Helper/PluginOutputPurifier.php         | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 modules/monitoring/library/Monitoring/Web/Helper/PluginOutputPurifier.php

diff --git a/modules/monitoring/library/Monitoring/Web/Helper/PluginOutputPurifier.php b/modules/monitoring/library/Monitoring/Web/Helper/PluginOutputPurifier.php
new file mode 100644
index 000000000..9382c9eea
--- /dev/null
+++ b/modules/monitoring/library/Monitoring/Web/Helper/PluginOutputPurifier.php
@@ -0,0 +1,17 @@
+<?php
+/* Icinga Web 2 | (c) 2018 Icinga Development Team | GPLv2+ */
+
+namespace Icinga\Module\Monitoring\Web\Helper;
+
+use Icinga\Web\Helper\HtmlPurifier;
+
+class PluginOutputPurifier extends HtmlPurifier
+{
+    protected function configure($config)
+    {
+        $config->set(
+            'HTML.Allowed',
+            'p,br,b,a[href|target],i,ul,ol,li,table,tr,th[colspan],td[colspan],div,*[class]'
+        );
+    }
+}

From e8fa99f913fd7394cfbafd28ecfa0de90ecc8ee4 Mon Sep 17 00:00:00 2001
From: Johannes Meyer <johannes.meyer@icinga.com>
Date: Fri, 19 Jan 2018 15:40:28 +0100
Subject: [PATCH 2/2] PluginOutput: Use new PluginOutputPurifier helper instead

---
 .../views/helpers/PluginOutput.php            | 36 ++-----------------
 1 file changed, 2 insertions(+), 34 deletions(-)

diff --git a/modules/monitoring/application/views/helpers/PluginOutput.php b/modules/monitoring/application/views/helpers/PluginOutput.php
index 673b95edd..cecf0262b 100644
--- a/modules/monitoring/application/views/helpers/PluginOutput.php
+++ b/modules/monitoring/application/views/helpers/PluginOutput.php
@@ -2,6 +2,7 @@
 /* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */
 
 use Icinga\Web\Dom\DomNodeIterator;
+use Icinga\Module\Monitoring\Web\Helper\PluginOutputPurifier;
 
 /**
  * Plugin output renderer
@@ -94,7 +95,7 @@ class Zend_View_Helper_PluginOutput extends Zend_View_Helper_Abstract
             $output = preg_replace(
                 self::$htmlPatterns,
                 self::$htmlReplacements,
-                $this->getPurifier()->purify($output)
+                PluginOutputPurifier::process($output)
             );
             $isHtml = true;
         } else {
@@ -176,37 +177,4 @@ class Zend_View_Helper_PluginOutput extends Zend_View_Helper_Abstract
 
         return substr($doc->saveHTML(), 5, -7);
     }
-
-    /**
-     * Initialize and return self::$purifier
-     *
-     * @return HTMLPurifier
-     */
-    protected function getPurifier()
-    {
-        if (self::$purifier === null) {
-            require_once 'HTMLPurifier/Bootstrap.php';
-            require_once 'HTMLPurifier.php';
-            require_once 'HTMLPurifier.autoload.php';
-
-            $config = HTMLPurifier_Config::createDefault();
-            $config->set('Core.EscapeNonASCIICharacters', true);
-            $config->set('Attr.AllowedFrameTargets', array('_blank'));
-            $config->set(
-                'HTML.Allowed',
-                'p,br,b,a[href|target],i,ul,ol,li,table,tr,th[colspan],td[colspan],div,*[class]'
-            );
-            // This avoids permission problems:
-            // $config->set('Core.DefinitionCache', null);
-            $config->set('Cache.DefinitionImpl', null);
-            // TODO: Use a cache directory:
-            // $config->set('Cache.SerializerPath', '/var/spool/whatever');
-
-            // $config->set('URI.Base', 'http://www.example.com');
-            // $config->set('URI.MakeAbsolute', true);
-            // $config->set('AutoFormat.AutoParagraph', true);
-            self::$purifier = new HTMLPurifier($config);
-        }
-        return self::$purifier;
-    }
 }