neosmart
/
wp-visitor-contributions
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
wp-visitor-contributions/vendor/ezyang/htmlpurifier/plugins/phorum
History
Mahmoud Al-Qudsi c2a7360a3d Fix security issue with non-escaped HTML in options page 2018-02-10 13:23:21 -06:00
..
htmlpurifier Initial code import based on Amine's email 6/28/2016 2016-07-04 10:04:24 -05:00
settings Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
.gitignore Fix security issue with non-escaped HTML in options page 2018-02-10 13:23:21 -06:00
Changelog Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
INSTALL Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
README Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
config.default.php Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
htmlpurifier.php Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
info.txt Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
init-config.php Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
migrate.bbcode.php Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00
settings.php Latest updates from Amine (7/8/2016) 2016-07-12 16:58:19 -05:00

README 

HTML Purifier Phorum Mod - Filter your HTML the Standards-Compliant Way!

This Phorum mod enables HTML posting on Phorum.  Under normal circumstances,
this would cause a huge security risk, but because we are running
HTML through HTML Purifier, output is guaranteed to be XSS free and
standards-compliant.

This mod requires HTML input, and previous markup languages need to be
converted accordingly.  Thus, it is vital that you create a 'migrate.php'
file that works with your installation. If you're using the built-in
BBCode formatting, simply move migrate.bbcode.php to that place; for
other markup languages, consult said file for instructions on how
to adapt it to your needs.

    -- NOTE -------------------------------------------------
    You can also run this module in parallel with another
    formatting module; this module attempts to place itself
    at the end of the filtering chain. However, if any
    previous modules produce insecure HTML (for instance,
    a JavaScript email obfuscator) they will get cleaned.

This module will not work if 'migrate.php' is not created, and an improperly
made migration file may *CORRUPT* Phorum, so please take your time to
do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
before attempting anything here. If no migration is necessary, you can
simply create a blank migrate.php file. HTML Purifier is smart and will
not re-migrate already processed messages. However, the original code
is irretrievably lost (we may change this in the future.)

This module will not automatically migrate user signatures, because this
process may take a long time. After installing the HTML Purifier module and
then configuring 'migrate.php', navigate to Settings and click 'Migrate
Signatures' to migrate all user signatures to HTML.

All of HTML Purifier's usual functions are configurable via the mod settings
page. If you require custom configuration, create config.php file in
the mod directory that edits a $config variable. Be sure, also, to
set $PHORUM['mod_htmlpurifier']['wysiwyg'] to TRUE if you are using a
WYSIWYG editor (you can do this through a common hook or the web
configuration form).

Visit HTML Purifier at <http://htmlpurifier.org/>.

    vim: et sw=4 sts=4