diff --git a/app/Observers/TopicObserver.php b/app/Observers/TopicObserver.php index 6600dbefa..cb7c9f985 100644 --- a/app/Observers/TopicObserver.php +++ b/app/Observers/TopicObserver.php @@ -11,6 +11,8 @@ class TopicObserver { public function saving(Topic $topic) { + $topic->body = clean($topic->body, 'user_topic_body'); + $topic->excerpt = make_excerpt($topic->body); } } diff --git a/composer.json b/composer.json index ee8300ed0..8a6f86c35 100644 --- a/composer.json +++ b/composer.json @@ -14,6 +14,7 @@ "laravel/framework": "^6.0", "laravel/tinker": "^1.0", "mews/captcha": "~3.0", + "mews/purifier": "~3.0", "overtrue/laravel-lang": "~3.0", "summerblue/laravel-active": "6.*" }, diff --git a/composer.lock b/composer.lock index c5da0b49e..3100c48f8 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "4e16f3f17945ca8d299fdfd3132c3916", + "content-hash": "17df021621f3527a49cf3662ecaeac82", "packages": [ { "name": "caouecs/laravel-lang", @@ -411,6 +411,59 @@ ], "time": "2019-03-17T18:48:37+00:00" }, + { + "name": "ezyang/htmlpurifier", + "version": "v4.11.0", + "source": { + "type": "git", + "url": "https://github.com/ezyang/htmlpurifier.git", + "reference": "83ab08bc1af7d808a9e0fbf024f1c24bfd73c0a7" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/83ab08bc1af7d808a9e0fbf024f1c24bfd73c0a7", + "reference": "83ab08bc1af7d808a9e0fbf024f1c24bfd73c0a7", + "shasum": "", + "mirrors": [ + { + "url": "https://mirrors.aliyun.com/composer/dists/%package%/%reference%.%type%", + "preferred": true + } + ] + }, + "require": { + "php": ">=5.2" + }, + "require-dev": { + "simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd" + }, + "type": "library", + "autoload": { + "psr-0": { + "HTMLPurifier": "library/" + }, + "files": [ + "library/HTMLPurifier.composer.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-or-later" + ], + "authors": [ + { + "name": "Edward Z. Yang", + "email": "admin@htmlpurifier.org", + "homepage": "http://ezyang.com" + } + ], + "description": "Standards compliant HTML filter written in PHP", + "homepage": "http://htmlpurifier.org/", + "keywords": [ + "html" + ], + "time": "2019-07-14T18:58:38+00:00" + }, { "name": "fideloper/proxy", "version": "4.2.1", @@ -1109,6 +1162,90 @@ ], "time": "2019-09-05T22:33:04+00:00" }, + { + "name": "mews/purifier", + "version": "3.1.0", + "source": { + "type": "git", + "url": "https://github.com/mewebstudio/Purifier.git", + "reference": "bddf8a18fcbd123c81440768f68058c30a7e60e7" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/mewebstudio/Purifier/zipball/bddf8a18fcbd123c81440768f68058c30a7e60e7", + "reference": "bddf8a18fcbd123c81440768f68058c30a7e60e7", + "shasum": "", + "mirrors": [ + { + "url": "https://mirrors.aliyun.com/composer/dists/%package%/%reference%.%type%", + "preferred": true + } + ] + }, + "require": { + "ezyang/htmlpurifier": "4.11.*", + "illuminate/config": "5.1.* || 5.2.* || 5.3.* || 5.4.* || 5.5.* || 5.6.* || 5.7.* || 5.8.* || 6.0.*", + "illuminate/filesystem": "5.1.* || 5.2.* || 5.3.* || 5.4.* || 5.5.* || 5.6.* || 5.7.* || 5.8.* || 6.0.*", + "illuminate/support": "5.1.* || 5.2.* || 5.3.* || 5.4.* || 5.5.* || 5.6.* || 5.7.* || 5.8.* || 6.0.*", + "php": "^7.2" + }, + "require-dev": { + "graham-campbell/testbench": "^3.2", + "mockery/mockery": "0.9.*", + "phpunit/phpunit": "^4.8|^5.0", + "scrutinizer/ocular": "^1.3" + }, + "suggest": { + "laravel/framework": "To test the Laravel bindings", + "laravel/lumen-framework": "To test the Lumen bindings" + }, + "type": "package", + "extra": { + "laravel": { + "providers": [ + "Mews\\Purifier\\PurifierServiceProvider" + ], + "aliases": { + "Purifier": "Mews\\Purifier\\Facades\\Purifier" + } + } + }, + "autoload": { + "psr-4": { + "Mews\\Purifier\\": "src/" + }, + "files": [ + "src/helpers.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Muharrem ERİN", + "email": "me@mewebstudio.com", + "homepage": "https://github.com/mewebstudio", + "role": "Developer" + } + ], + "description": "Laravel 5/6 HtmlPurifier Package", + "homepage": "https://github.com/mewebstudio/purifier", + "keywords": [ + "Purifier", + "htmlpurifier", + "laravel5 HtmlPurifier", + "laravel5 Purifier", + "laravel5 Security", + "laravel6 HtmlPurifier", + "laravel6 Purifier", + "laravel6 Security", + "security", + "xss" + ], + "time": "2019-09-09T10:53:00+00:00" + }, { "name": "monolog/monolog", "version": "2.0.0", diff --git a/config/purifier.php b/config/purifier.php new file mode 100644 index 000000000..05d010cbf --- /dev/null +++ b/config/purifier.php @@ -0,0 +1,17 @@ + 'UTF-8', + 'finalize' => true, + 'cachePath' => storage_path('app/purifier'), + 'cacheFileMode' => 0755, + 'settings' => [ + 'user_topic_body' => [ + 'HTML.Doctype' => 'XHTML 1.0 Transitional', + 'HTML.Allowed' => 'div,b,strong,i,em,a[href|title],ul,ol,ol[start],li,p[style],br,span[style],img[width|height|alt|src],*[style|class],pre,hr,code,h2,h3,h4,h5,h6,blockquote,del,table,thead,tbody,tr,th,td', + 'CSS.AllowedProperties' => 'font,font-size,font-weight,font-style,margin,width,height,font-family,text-decoration,padding-left,color,background-color,text-align', + 'AutoFormat.AutoParagraph' => true, + 'AutoFormat.RemoveEmpty' => true, + ], + ], +];