From 62f939944f9ecdff0cfb84e1eb057237ad3d52ed Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Tue, 16 Sep 2003 17:35:02 +0000
Subject: - Added 'escape HTML' option to the filters.  Patch by Gabor Hojtsy.

---
 modules/node.module      | 11 ++++++++++-
 modules/node/node.module | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/node.module b/modules/node.module
index eda827042..13aaf1d6c 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -496,13 +496,18 @@ function node_settings() {
 }
 
 function node_conf_filters() {
-  $output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content."));
+  $output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content.  Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
+  $output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content.  Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
   $output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped.  'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
   $output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before.  If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links.  If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
   $output .= "<hr />";
   return $output;
 }
 
+function node_escape_html($text) {
+  return htmlspecialchars($text);
+}
+
 function node_filter_html($text) {
   $text = strip_tags($text, variable_get("allowed_html", ""));
   return $text;
@@ -530,6 +535,10 @@ function node_filter($text) {
     $text = rewrite_old_urls($text);
   }
 
+  if (variable_get("escape_html", 0)) {
+    $text = node_escape_html($text);
+  }
+
   return trim($text);
 }
 
diff --git a/modules/node/node.module b/modules/node/node.module
index eda827042..13aaf1d6c 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -496,13 +496,18 @@ function node_settings() {
 }
 
 function node_conf_filters() {
-  $output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content."));
+  $output .= form_select(t("Escape HTML tags"), "escape_html", variable_get("escape_html", 0), array(t("Disabled"), t("Enabled")), t("Escape HTML and PHP tags in user-contributed content.  Note that it is generally not a good idea to enable the below 'Filter HTML tags' option when using this filter."));
+  $output .= form_select(t("Filter HTML tags"), "filter_html", variable_get("filter_html", 0), array(t("Disabled"), t("Enabled")), t("Filter HTML and PHP tags in user-contributed content.  Note that it is generally not a good idea to enable the above 'Escape HTML tags' option when using this filter."));
   $output .= form_textfield(t("Allowed HTML tags"), "allowed_html", variable_get("allowed_html", "<a> <b> <dd> <dl> <dt> <i> <li> <ol> <u> <ul>"), 64, 255, t("If enabled, optionally specify tags which should not be stripped.  'STYLE' attributes, 'ON*' attributes and unclosed tags are always stripped."));
   $output .= form_select(t("Rewrite old URLs"), "rewrite_old_urls", variable_get("rewrite_old_urls", 0), array(t("Disabled"), t("Enabled")), t("The introduction of 'clean URLs' in Drupal 4.2.0 breaks internal URLs that date back from Drupal 4.1.0 and before.  If enabled, this filter will attempt to rewrite the old style URLs to avoid broken links.  If <code>mod_rewrite</code> is available on your system, use the rewrite rules in Drupal's <code>.htaccess</code> file instead as these will also correct external referrers."));
   $output .= "<hr />";
   return $output;
 }
 
+function node_escape_html($text) {
+  return htmlspecialchars($text);
+}
+
 function node_filter_html($text) {
   $text = strip_tags($text, variable_get("allowed_html", ""));
   return $text;
@@ -530,6 +535,10 @@ function node_filter($text) {
     $text = rewrite_old_urls($text);
   }
 
+  if (variable_get("escape_html", 0)) {
+    $text = node_escape_html($text);
+  }
+
   return trim($text);
 }
 
-- 
cgit v1.2.3