You are here: Foswiki>Devel Web>DadaIMC>DadaKsesHowTo (28 Oct 2004, MikeCastleman)Edit Attach

HOWTO Get DadaIMC and kses working together

kses is a PHP library for cleaning up HTML by only allowing specified tags. it's not perfect, but is probably better than the regex-based disallowing currently in dada. in case any other IMCs are interested, here is how I got it working:

1. download kses from http://sourceforge.net/projects/kses

2. fish out the kses.php file and put it in the imc_classes directory of your dada installation

3. add to the top of imc_classes/imc_FunctionLibrary.inc: 
require_once('imc_classes/kses.php');

4. somewhere in imc_classes/imc_FunctionLibrary.inc, add the following function, modifying to taste if you like: 
function call_kses($str) {
        $args = array(); // just for paranoia
        $args['a'] = array('href' => array('minlen' => 6, 'maxlen' => 200),
                           'title' => array('valueless' => 'n'));
        $args['abbr'] = array('title' => array('valueless' => 'n'));
        $args['acronym'] = array('title' => array('valueless' => 'n'));
        $args['b'] = array();
        $args['blockquote'] = array('cite' => array('maxlen' => 200));
        $args['br'] = array();
        $args['code'] = array();
        $args['cite'] = array();
        $args['dfn'] = array();
        $args['em'] = array();
        $args['i'] = array();
        $args['kbd'] = array();
        $args['p'] = array();
        $args['q'] = array('cite' => array('maxlen' => 200));
        $args['s'] = array();
        $args['samp'] = array();
        $args['strike'] = array();
        $args['strong'] = array();
        $args['tt'] = array();
        $args['u'] = array();
        $args['var'] = array();

        return kses($str, $args, array('http', 'https', 'ftp', 'mailto'));
}

5. in imc_classes/imc_Article.inc, modify the relevant lines to use the call_kses() function rather than cleantext(): 
                if (isset($form_summary)) $this->set_summary(call_kses($form_summary));
                if (isset($form_body)) $this->set_body(call_kses($form_body));
(if you're not calling htmlspecialchars() on the other form inputs, you can make the appropriate substitution of call_kses())

6. make similar changes in other places where it's needed. this includes at a minimum mods/otherpress/imc_classes/imc_OtherPress.inc and something for the media gallery if you use it (we don't in nyc), possibly other files -- not sure yet.

we're now using this in nyc. it seems to work, but please let me know if you see or know of any problems with this.

-- MikeCastleman - 28 Oct 2004
Edit  | Attach | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r1 - 28 Oct 2004, MikeCastleman
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback