diff options
| author | Dries Buytaert <dries@buytaert.net> | 2003-09-16 17:35:02 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2003-09-16 17:35:02 +0000 |
| commit | 62f939944f9ecdff0cfb84e1eb057237ad3d52ed (patch) | |
| tree | d3e8d5f8e7f68e14fbcd2c0ae504b9549b78a252 /modules/node/node.module | |
| parent | 01f3bcfc75a0e345151b402ae763f42ea8633d77 (diff) | |
| download | brdo-62f939944f9ecdff0cfb84e1eb057237ad3d52ed.tar.gz brdo-62f939944f9ecdff0cfb84e1eb057237ad3d52ed.tar.bz2 | |
- Added 'escape HTML' option to the filters. Patch by Gabor Hojtsy.
Diffstat (limited to 'modules/node/node.module')
| -rw-r--r-- | modules/node/node.module | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/modules/node/node.module b/modules/node/node.module index eda827042..13aaf1d6c 100644 --- a/modules/node/node.module +++ b/modules/node/node.module @@ -496,13 +496,18 @@ function node_settings() { } function node_conf_filters() { - $output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content.")); + $output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter.")); + $output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content. Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter.")); $output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped. 'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped.")); $output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before. If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links. If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers.")); $output .= "<hr />"; return $output; } +function node_escape_html($text) { + return htmlspecialchars($text); +} + function node_filter_html($text) { $text = strip_tags($text, variable_get("allowed_html", "")); return $text; @@ -530,6 +535,10 @@ function node_filter($text) { $text = rewrite_old_urls($text); } + if (variable_get("escape_html", 0)) { + $text = node_escape_html($text); + } + return trim($text); } |