tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-04-08 17:15:08 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3146 from Icinga/bugfix/links-in-announcements-2641

Browse Source 
Render HTML in announcements' messages as expected
This commit is contained in:
lippserd 2018-01-19 16:13:59 +01:00 committed by GitHub
commit ce428cb77d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 100 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
library/Icinga/Web/Helper/HtmlPurifier.php Normal file
View File

@ -0,0 +1,93 @@
<?php
/* Icinga Web 2 | (c) 2018 Icinga Development Team | GPLv2+ */
namespace Icinga\Web\Helper;
use Closure;
use InvalidArgumentException;
class HtmlPurifier
{
/**
* The actual purifier instance
*
* @var \HTMLPurifier
*/
protected $purifier;
/**
* Create a new HtmlPurifier
*
* @param array|Closure $config Additional configuration
*/
public function __construct($config = null)
{
require_once 'HTMLPurifier/Bootstrap.php';
require_once 'HTMLPurifier.php';
require_once 'HTMLPurifier.autoload.php';
$purifierConfig = \HTMLPurifier_Config::createDefault();
$purifierConfig->set('Core.EscapeNonASCIICharacters', true);
$purifierConfig->set('Attr.AllowedFrameTargets', array('_blank'));
// This avoids permission problems:
// $purifierConfig->set('Core.DefinitionCache', null);
$purifierConfig->set('Cache.DefinitionImpl', null);
// TODO: Use a cache directory:
// $purifierConfig->set('Cache.SerializerPath', '/var/spool/whatever');
// $purifierConfig->set('URI.Base', 'http://www.example.com');
// $purifierConfig->set('URI.MakeAbsolute', true);
$this->configure($purifierConfig);
if ($config instanceof Closure) {
call_user_func($config, $purifierConfig);
} elseif (is_array($config)) {
$purifierConfig->loadArray($config);
} elseif ($config !== null) {
throw new InvalidArgumentException('$config must be either a Closure or array');
}
$this->purifier = new \HTMLPurifier($purifierConfig);
}
/**
* Apply additional default configuration
*
* May be overwritten by more concrete purifier implementations.
*
* @param \HTMLPurifier_Config $config
*/
protected function configure($config)
{
}
/**
* Purify and return the given HTML string
*
* @param string $html
* @param array|Closure $config Configuration to use instead of the default
*
* @return string
*/
public function purify($html, $config = null)
{
return $this->purifier->purify($html, $config);
}
/**
* Purify and return the given HTML string
*
* Convenience method to bypass object creation.
*
* @param string $html
* @param array|Closure $config Additional configuration
*
* @return string
*/
public static function process($html, $config = null)
{
$purifier = new static($config);
return $purifier->purify($html);
}
}

4
library/Icinga/Web/Widget/Announcements.php
View File

@ -8,6 +8,7 @@ use Icinga\Data\Filter\Filter;
use Icinga\Forms\Announcement\AcknowledgeAnnouncementForm; use Icinga\Forms\Announcement\AcknowledgeAnnouncementForm;
use Icinga\Web\Announcement\AnnouncementCookie; use Icinga\Web\Announcement\AnnouncementCookie;
use Icinga\Web\Announcement\AnnouncementIniRepository; use Icinga\Web\Announcement\AnnouncementIniRepository;
use Icinga\Web\Helper\HtmlPurifier;
/** /**
* Render announcements * Render announcements
@ -35,12 +36,13 @@ class Announcements extends AbstractWidget
$announcements = $repo->findActive(); $announcements = $repo->findActive();
$announcements->applyFilter($acked); $announcements->applyFilter($acked);
if ($announcements->hasResult()) { if ($announcements->hasResult()) {
$purifier = new HtmlPurifier(array('HTML.Allowed' => 'b,a[href|target],i,*[class]'));
$html = '<ul role="alert" id="announcements">'; $html = '<ul role="alert" id="announcements">';
foreach ($announcements as $announcement) { foreach ($announcements as $announcement) {
$ackForm = new AcknowledgeAnnouncementForm(); $ackForm = new AcknowledgeAnnouncementForm();
$ackForm->populate(array('hash' => $announcement->hash)); $ackForm->populate(array('hash' => $announcement->hash));
$html .= '<li><div>' $html .= '<li><div>'
. $this->view()->escape($announcement->message) . $purifier->purify($announcement->message)
. '</div>' . '</div>'
. $ackForm . $ackForm
. '</li>'; . '</li>';

4
public/css/icinga/widgets.less
View File

@ -22,6 +22,10 @@
border-bottom: 1px solid @gray-lighter; border-bottom: 1px solid @gray-lighter;
padding: 1em 3em; padding: 1em 3em;
position: relative; position: relative;
a {
color: @icinga-blue;
}
} }
> li .message { > li .message {