Add HTML purifier filtering and filter traversal

Author: technicalguru

composer.json

@@ -15,7 +15,8 @@
 	"require" : {
 		"php" : ">=7.0.0",
 		"ext-mbstring" : "*",
-		"technicalguru/i18n" : "~1"
+		"technicalguru/i18n" : "~1",
+        "ezyang/htmlpurifier":"^4.13"
 	},
 	"autoload" : {
 		"psr-4" : {

src/TgUtils/AbstractStringFilter.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace TgUtils;
+
+/**
+ * Abstract string filter that traverses objects and arrays.
+ */
+abstract class AbstractStringFilter implements StringFilter {
+
+	public function __construct() {
+	}
+
+	/**
+	 * Filters the given string and returns sanitized value.
+	 * @param string $s - string to sanitize (can be null)
+	 * @return the sanitized string.
+	 */
+	public function filter($s) {
+		if ($s == NULL) return $s;
+		if (is_string($s)) {
+			return $this->filterString($s);
+		} else if (is_array($s)) {
+			foreach ($s AS $key => $value) {
+				$s[$key] = $this->filter($value);
+			}
+		} else if (is_object($s)) {
+			foreach (get_object_vars($s) AS $name => $value) {
+				$s->$name = $this->filter($value);
+			}
+		}
+		return $s;
+	}
+
+	protected function filterString($s) {
+		return $s;
+	}
+}
+

src/TgUtils/NoHtmlStringFilter.php

@@ -5,23 +5,17 @@
 /**
  * An interface for filter strings from any HTML tags.
  */
-class NoHtmlStringFilter implements StringFilter {
+class NoHtmlStringFilter extends AbstractStringFilter {
 
 	public static $INSTANCE;
 
 	public function __construct() {
+		parent::__construct();
 	}
 
-	/**
-	 * Filters the given string and returns sanitized value.
-	 * @param string $s - string to sanitize (can be null)
-	 * @return the sanitized string.
-	 */
-	public function filter($s) {
-		if ($s == NULL) return $s;
+	protected function filterString($s) {
 		return strip_tags($s);
 	}
-
 }
 NoHtmlStringFilter::$INSTANCE = new NoHtmlStringFilter();
 

src/TgUtils/PurifierStringFilter.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace TgUtils;
+
+class PurifierStringFilter extends AbstractStringFilter {
+
+	public static $INSTANCE;
+
+	protected $purifier;
+
+	public function __construct() {
+		parent::__construct();
+		$config = $this->getConfig();
+		$this->purifier = new \HTMLPurifier($config);
+	}
+
+	public function filterString($s) {
+		return $this->purifier->purify($s);
+	}
+
+	protected function getConfig() {
+		$config = \HTMLPurifier_Config::createDefault();
+		$config->set('HTML.DefinitionID', 'simple');
+		$config->set('HTML.DefinitionRev', 1);
+		$config->set('HTML.AllowedElements', array('br', 'p', 'div', 'li', 'ol', 'ul', 'i', 'b', 'strong', 'a', 'h4', 'h5','table','tr','td','th'));
+		$config->set('HTML.AllowedAttributes', array(
+			'a.href', 'a.class', 'a.style', 
+			'p.style', 'div.style', 
+			'li.style', 'ol.style', 'ul.style', 
+			'i.style', 'b.style', 'strong.style', 
+			'h4.style', 'h5.style',
+			'table.style','table.class','tr.style','td.colspan','td.rowspan','td.style','th.colspan','th.rowspan','th.style','tr.class','td.class',
+		));
+		return $config;
+	}
+}
+PurifierStringFilter::$INSTANCE = new PurifierStringFilter();
+

src/TgUtils/StringFilters.php

@@ -1,14 +1,18 @@
 <?php
 
-package TgUtils;
+namespace TgUtils;
 
 /**
  * Provides default string filters.
  */
-public class StringFilters {
+class StringFilters {
 
-	public static $DUMMY   = DummyStringFilter::$INSTANCE;
-	public static $NO_HTML = NoHtmlStringFilter::$INSTANCE;
+	public static $DUMMY;
+	public static $NO_HTML;
+	public static $TEXTBOX;
 
 }
+StringFilters::$DUMMY   = DummyStringFilter::$INSTANCE;
+StringFilters::$NO_HTML = NoHtmlStringFilter::$INSTANCE;
+StringFilters::$TEXTBOX = PurifierStringFilter::$INSTANCE;