opensourcemirror
/
dokuwiki
mirror of https://github.com/splitbrain/dokuwiki.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Remove the htmlok and phpok embedding options 

Both options have grave security implications and novice users seem to
ignore advice about them. In the last decades I never came across a wiki
that had legitimate use of these options.

If someone needs the functionality, it can easily be added back using a
plugin. But I prefer to give users one less option to shoot themselves
in the foot.

Removal of the translations for the config strings can follow after this
has been merged.
This commit is contained in:
Andreas Gohr 2022-10-12 13:22:27 +02:00
parent c68f163474
commit bbe6b3a78b
14 changed files with 69 additions and 388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
_test/data/pages/wiki/syntax.txt
View File

@ -1,6 +1,6 @@
====== Formatting Syntax ======
[[doku>DokuWiki]] supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing the //Edit this page// button at the top or bottom of the page. If you want to try something, just use the [[playground:playground|playground]] page. The simpler markup is easily accessible via [[doku>toolbar|quickbuttons]], too.
[[doku>DokuWiki]] supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing "Edit this page". If you want to try something, just use the [[playground:playground|playground]] page. The simpler markup is easily accessible via [[doku>toolbar|quickbuttons]], too.
===== Basic Text Formatting =====
@ -83,9 +83,14 @@ Windows shares like [[\\server\share|this]] are recognized, too. Please note tha
Notes:
* For security reasons direct browsing of windows shares only works in Microsoft Internet Explorer per default (and only in the "local zone").
* For Mozilla and Firefox it can be enabled through different workaround mentioned in the [[http://kb.mozillazine.org/Links_to_local_pages_do_not_work|Mozilla Knowledge Base]]. However, there will still be a JavaScript warning about trying to open a Windows Share. To remove this warning (for all users), put the following line in ''conf/local.protected.php'':
$lang['js']['nosmblinks'] = '';
* For Mozilla and Firefox it can be enabled through different workaround mentioned in the [[http://kb.mozillazine.org/Links_to_local_pages_do_not_work|Mozilla Knowledge Base]]. However, there will still be a JavaScript warning about trying to open a Windows Share. To remove this warning (for all users), put the following line in ''conf/lang/en/lang.php'' (more details at [[doku>localization#changing_some_localized_texts_and_strings_in_your_installation|localization]]): <code - conf/lang/en/lang.php>
<?php
/**
* Customization of the english language file
* Copy only the strings that needs to be modified
*/
$lang['js']['nosmblinks'] = '';
</code>
==== Image Links ====
@ -121,9 +126,9 @@ By using four or more dashes, you can make a horizontal line:
----
===== Images and Other Files =====
===== Media Files =====
You can include external and internal [[doku>images]] with curly brackets. Optionally you can specify the size of them.
You can include external and internal [[doku>images|images, videos and audio files]] with curly brackets. Optionally you can specify the size of them.
Real size: {{wiki:dokuwiki-128.png}}
@ -131,12 +136,12 @@ Resize to given width: {{wiki:dokuwiki-128.png?50}}
Resize to given width and height((when the aspect ratio of the given width and height doesn't match that of the image, it will be cropped to the new ratio before resizing)): {{wiki:dokuwiki-128.png?200x50}}
Resized external image: {{http://php.net/images/php.gif?200x50}}
Resized external image:           {{https://secure.php.net/images/php.gif?200x50}}
Real size: {{wiki:dokuwiki-128.png}}
Resize to given width: {{wiki:dokuwiki-128.png?50}}
Resize to given width and height: {{wiki:dokuwiki-128.png?200x50}}
Resized external image: {{http://php.net/images/php.gif?200x50}}
Resized external image:           {{https://secure.php.net/images/php.gif?200x50}}
By using left or right whitespaces you can choose the alignment.
@ -157,10 +162,37 @@ Of course, you can add a title (displayed as a tooltip by most browsers), too.
{{ wiki:dokuwiki-128.png |This is the caption}}
If you specify a filename (external or internal) that is not an image (''gif, jpeg, png''), then it will be displayed as a link instead.
For linking an image to another page see [[#Image Links]] above.
==== Supported Media Formats ====
DokuWiki can embed the following media formats directly.
| Image | ''gif'', ''jpg'', ''png'' |
| Video | ''webm'', ''ogv'', ''mp4'' |
| Audio | ''ogg'', ''mp3'', ''wav'' |
| Flash | ''swf'' |
If you specify a filename that is not a supported media format, then it will be displayed as a link instead.
By adding ''?linkonly'' you provide a link to the media without displaying it inline
{{wiki:dokuwiki-128.png?linkonly}}
{{wiki:dokuwiki-128.png?linkonly}} This is just a link to the image.
==== Fallback Formats ====
Unfortunately not all browsers understand all video and audio formats. To mitigate the problem, you can upload your file in different formats for maximum browser compatibility.
For example consider this embedded mp4 video:
{{video.mp4|A funny video}}
When you upload a ''video.webm'' and ''video.ogv'' next to the referenced ''video.mp4'', DokuWiki will automatically add them as alternatives so that one of the three files is understood by your browser.
Additionally DokuWiki supports a "poster" image which will be shown before the video has started. That image needs to have the same filename as the video and be either a jpg or png file. In the example above a ''video.jpg'' file would work.
===== Lists =====
Dokuwiki supports ordered and unordered lists. To create a list item, indent your text by two spaces and use a ''*'' for unordered lists or a ''-'' for ordered ones.
@ -214,6 +246,7 @@ DokuWiki converts commonly used [[wp>emoticon]]s to their graphical equivalents.
* :-| %% :-| %%
* ;-) %% ;-) %%
* ^_^ %% ^_^ %%
* m( %% m( %%
* :?: %% :?: %%
* :!: %% :!: %%
* LOL %% LOL %%
@ -240,17 +273,19 @@ There are three exceptions which do not come from that pattern file: multiplicat
Some times you want to mark some text to show it's a reply or comment. You can use the following syntax:
I think we should do it
> No we shouldn't
>> Well, I say we should
> Really?
>> Yes!
>>> Then lets do it!
<code>
I think we should do it
> No we shouldn't
>> Well, I say we should
> Really?
>> Yes!
>>> Then lets do it!
</code>
I think we should do it
@ -296,7 +331,7 @@ As you can see, it's the cell separator before a cell which decides about the fo
^ Heading 4 | no colspan this time | |
^ Heading 5 | Row 2 Col 2 | Row 2 Col 3 |
You can have rowspans (vertically connected cells) by adding '':::'' into the cells below the one to which they should connect.
You can have rowspans (vertically connected cells) by adding ''%%:::%%'' into the cells below the one to which they should connect.
^ Heading 1 ^ Heading 2 ^ Heading 3 ^
| Row 1 Col 1 | this cell spans vertically | Row 1 Col 3 |
@ -382,11 +417,13 @@ class HelloWorldApp {
}
</code>
The following language strings are currently recognized: //4cs, abap, actionscript-french, actionscript, actionscript3, ada, apache, applescript, asm, asp, autoconf, autohotkey, autoit, avisynth, awk, bash, basic4gl, bf, bibtex, blitzbasic, bnf, boo, c, c_mac, caddcl, cadlisp, cfdg, cfm, chaiscript, cil, clojure, cmake, cobol, cpp, cpp-qt, csharp, css, cuesheet, d, dcs, delphi, diff, div, dos, dot, ecmascript, eiffel, email, erlang, fo, fortran, freebasic, fsharp, gambas, genero, genie, gdb, glsl, gml, gnuplot, groovy, gettext, gwbasic, haskell, hicest, hq9plus, html, icon, idl, ini, inno, intercal, io, j, java5, java, javascript, jquery, kixtart, klonec, klonecpp, latex, lisp, locobasic, logtalk, lolcode, lotusformulas, lotusscript, lscript, lsl2, lua, m68k, magiksf, make, mapbasic, matlab, mirc, modula2, modula3, mmix, mpasm, mxml, mysql, newlisp, nsis, oberon2, objc, ocaml-brief, ocaml, oobas, oracle8, oracle11, oxygene, oz, pascal, pcre, perl, perl6, per, pf, php-brief, php, pike, pic16, pixelbender, plsql, postgresql, povray, powerbuilder, powershell, progress, prolog, properties, providex, purebasic, python, q, qbasic, rails, rebol, reg, robots, rpmspec, rsplus, ruby, sas, scala, scheme, scilab, sdlbasic, smalltalk, smarty, sql, systemverilog, tcl, teraterm, text, thinbasic, tsql, typoscript, unicon, vala, vbnet, vb, verilog, vhdl, vim, visualfoxpro, visualprolog, whitespace, winbatch, whois, xbasic, xml, xorg_conf, xpp, z80//
The following language strings are currently recognized: //4cs 6502acme 6502kickass 6502tasm 68000devpac abap actionscript3 actionscript ada aimms algol68 apache applescript apt_sources arm asm asp asymptote autoconf autohotkey autoit avisynth awk bascomavr bash basic4gl batch bf biblatex bibtex blitzbasic bnf boo caddcl cadlisp ceylon cfdg cfm chaiscript chapel cil c_loadrunner clojure c_mac cmake cobol coffeescript c cpp cpp-qt cpp-winapi csharp css cuesheet c_winapi dart dcl dcpu16 dcs delphi diff div dos dot d ecmascript eiffel email epc e erlang euphoria ezt f1 falcon fo fortran freebasic freeswitch fsharp gambas gdb genero genie gettext glsl gml gnuplot go groovy gwbasic haskell haxe hicest hq9plus html html4strict html5 icon idl ini inno intercal io ispfpanel java5 java javascript jcl j jquery julia kixtart klonec klonecpp kotlin latex lb ldif lisp llvm locobasic logtalk lolcode lotusformulas lotusscript lscript lsl2 lua m68k magiksf make mapbasic mathematica matlab mercury metapost mirc mk-61 mmix modula2 modula3 mpasm mxml mysql nagios netrexx newlisp nginx nimrod nsis oberon2 objc objeck ocaml-brief ocaml octave oobas oorexx oracle11 oracle8 oxygene oz parasail parigp pascal pcre perl6 perl per pf phix php-brief php pic16 pike pixelbender pli plsql postgresql postscript povray powerbuilder powershell proftpd progress prolog properties providex purebasic pycon pys60 python qbasic qml q racket rails rbs rebol reg rexx robots roff rpmspec rsplus ruby rust sas sass scala scheme scilab scl sdlbasic smalltalk smarty spark sparql sql sshconfig standardml stonescript swift systemverilog tclegg tcl teraterm texgraph text thinbasic tsql twig typoscript unicon upc urbi uscript vala vbnet vb vbscript vedit verilog vhdl vim visualfoxpro visualprolog whitespace whois winbatch wolfram xbasic xml xojo xorg_conf xpp yaml z80 zxbasic//
There are additional [[doku>syntax_highlighting|advanced options]] available for syntax highlighting, such as highlighting lines or adding line numbers.
==== Downloadable Code Blocks ====
When you use the ''%%<code>%%'' or ''%%<file>%%'' syntax as above, you might want to make the shown code available for download as well. You can to this by specifying a file name after language code like this:
When you use the ''%%<code>%%'' or ''%%<file>%%'' syntax as above, you might want to make the shown code available for download as well. You can do this by specifying a file name after language code like this:
<code>
<file php myexample.php>
@ -400,57 +437,6 @@ When you use the ''%%<code>%%'' or ''%%<file>%%'' syntax as above, you might wan
If you don't want any highlighting but want a downloadable file, specify a dash (''-'') as the language code: ''%%<code - myfile.foo>%%''.
===== Embedding HTML and PHP =====
You can embed raw HTML or PHP code into your documents by using the ''%%<html>%%'' or ''%%<php>%%'' tags. (Use uppercase tags if you need to enclose block level elements.)
HTML example:
<code>
<html>
This is some <span style="color:red;font-size:150%;">inline HTML</span>
</html>
<HTML>
<p style="border:2px dashed red;">And this is some block HTML</p>
</HTML>
</code>
<html>
This is some <span style="color:red;font-size:150%;">inline HTML</span>
</html>
<HTML>
<p style="border:2px dashed red;">And this is some block HTML</p>
</HTML>
PHP example:
<code>
<php>
echo 'A logo generated by PHP:';
echo '<img src="' . $_SERVER['PHP_SELF'] . '?=' . php_logo_guid() . '" alt="PHP Logo !" />';
echo '(generated inline HTML)';
</php>
<PHP>
echo '<table class="inline"><tr><td>The same, but inside a block level element:</td>';
echo '<td><img src="' . $_SERVER['PHP_SELF'] . '?=' . php_logo_guid() . '" alt="PHP Logo !" /></td>';
echo '</tr></table>';
</PHP>
</code>
<php>
echo 'A logo generated by PHP:';
echo '<img src="' . $_SERVER['PHP_SELF'] . '?=' . php_logo_guid() . '" alt="PHP Logo !" />';
echo '(inline HTML)';
</php>
<PHP>
echo '<table class="inline"><tr><td>The same, but inside a block level element:</td>';
echo '<td><img src="' . $_SERVER['PHP_SELF'] . '?=' . php_logo_guid() . '" alt="PHP Logo !" /></td>';
echo '</tr></table>';
</PHP>
**Please Note**: HTML and PHP embedding is disabled by default in the configuration. If disabled, the code is displayed instead of executed.
===== RSS/ATOM Feed Aggregation =====
[[DokuWiki]] can integrate data from external XML feeds. For parsing the XML feeds, [[http://simplepie.org/|SimplePie]] is used. All formats understood by SimplePie can be used in DokuWiki as well. You can influence the rendering by multiple additional space separated parameters:
@ -459,11 +445,14 @@ echo '</tr></table>';
| reverse | display the last items in the feed first |
| author | show item authors names |
| date | show item dates |
| description| show the item description. If [[doku>config:htmlok|HTML]] is disabled all tags will be stripped |
| description| show the item description. All HTML tags will be stripped |
| nosort | do not sort the items in the feed |
| //n//[dhm] | refresh period, where d=days, h=hours, m=minutes. (e.g. 12h = 12 hours). |
The refresh period defaults to 4 hours. Any value below 10 minutes will be treated as 10 minutes. [[wiki:DokuWiki]] will generally try to supply a cached version of a page, obviously this is inappropriate when the page contains dynamic external content. The parameter tells [[wiki:DokuWiki]] to re-render the page if it is more than //refresh period// since the page was last rendered.
By default the feed will be sorted by date, newest items first. You can sort it by oldest first using the ''reverse'' parameter, or display the feed as is with ''nosort''.
**Example:**
{{rss>http://slashdot.org/index.rss 5 author date 1h }}

35
_test/tests/inc/parser/parser_preformatted.test.php
View File

@ -182,41 +182,6 @@ class TestOfDoku_Parser_Preformatted extends TestOfDoku_Parser {
$this->assertEquals(array_map('stripbyteindex',$this->H->calls),$calls);
}
// test for php
function testPHP() {
$this->P->addMode('php',new Php());
$this->P->parse('Foo <php>testing</php> Bar');
$calls = array (
array('document_start',array()),
array('p_open',array()),
array('cdata',array("\n".'Foo ')),
array('php',array('testing')),
array('cdata',array(' Bar')),
array('p_close',array()),
array('document_end',array()),
);
$this->assertEquals(array_map('stripbyteindex',$this->H->calls),$calls);
}
// test with for HTML
function testHTML() {
$this->P->addMode('html',new Html());
$this->P->parse('Foo <html>testing</html> Bar');
$calls = array (
array('document_start',array()),
array('p_open',array()),
array('cdata',array("\n".'Foo ')),
array('html',array('testing')),
array('cdata',array(' Bar')),
array('p_close',array()),
array('document_end',array()),
);
$this->assertEquals(array_map('stripbyteindex',$this->H->calls),$calls);
}
function testPreformattedPlusHeaderAndEol() {
// Note that EOL must come after preformatted!

2
conf/dokuwiki.php
View File

@ -81,8 +81,6 @@ $conf['iexssprotect']= 1; // check for JavaScript and HTML in upl
/* Editing Settings */
$conf['usedraft'] = 1; //automatically save a draft while editing (0|1)
$conf['htmlok'] = 0; //may raw HTML be embedded? This may break layout and XHTML validity 0|1
$conf['phpok'] = 0; //may PHP code be embedded? Never do this on the internet! 0|1
$conf['locktime'] = 15*60; //maximum age for lockfiles (defaults to 15 minutes)
$conf['cachetime'] = 60*60*24; //maximum age for cachefile in seconds (defaults to a day)

53
data/pages/wiki/syntax.txt
View File

@ -437,57 +437,6 @@ When you use the ''%%<code>%%'' or ''%%<file>%%'' syntax as above, you might wan
If you don't want any highlighting but want a downloadable file, specify a dash (''-'') as the language code: ''%%<code - myfile.foo>%%''.
===== Embedding HTML and PHP =====
You can embed raw HTML or PHP code into your documents by using the ''%%<html>%%'' or ''%%<php>%%'' tags. (Use uppercase tags if you need to enclose block level elements.)
HTML example:
<code>
<html>
This is some <span style="color:red;font-size:150%;">inline HTML</span>
</html>
<HTML>
<p style="border:2px dashed red;">And this is some block HTML</p>
</HTML>
</code>
<html>
This is some <span style="color:red;font-size:150%;">inline HTML</span>
</html>
<HTML>
<p style="border:2px dashed red;">And this is some block HTML</p>
</HTML>
PHP example:
<code>
<php>
echo 'The PHP version: ';
echo phpversion();
echo ' (generated inline HTML)';
</php>
<PHP>
echo '<table class="inline"><tr><td>The same, but inside a block level element:</td>';
echo '<td>'.phpversion().'</td>';
echo '</tr></table>';
</PHP>
</code>
<php>
echo 'The PHP version: ';
echo phpversion();
echo ' (inline HTML)';
</php>
<PHP>
echo '<table class="inline"><tr><td>The same, but inside a block level element:</td>';
echo '<td>'.phpversion().'</td>';
echo '</tr></table>';
</PHP>
**Please Note**: HTML and PHP embedding is disabled by default in the configuration. If disabled, the code is displayed instead of executed.
===== RSS/ATOM Feed Aggregation =====
[[DokuWiki]] can integrate data from external XML feeds. For parsing the XML feeds, [[http://simplepie.org/|SimplePie]] is used. All formats understood by SimplePie can be used in DokuWiki as well. You can influence the rendering by multiple additional space separated parameters:
@ -496,7 +445,7 @@ echo '</tr></table>';
| reverse | display the last items in the feed first |
| author | show item authors names |
| date | show item dates |
| description| show the item description. If [[doku>config:htmlok|HTML]] is disabled all tags will be stripped |
| description| show the item description. All HTML tags will be stripped |
| nosort | do not sort the items in the feed |
| //n//[dhm] | refresh period, where d=days, h=hours, m=minutes. (e.g. 12h = 12 hours). |

2
inc/Parsing/Handler/Block.php
View File

@ -20,7 +20,6 @@ class Block
'table_open','tablerow_open','tablecell_open','tableheader_open','tablethead_open',
'quote_open',
'code','file','hr','preformatted','rss',
'htmlblock','phpblock',
'footnote_open',
);
@ -30,7 +29,6 @@ class Block
'table_close','tablerow_close','tablecell_close','tableheader_close','tablethead_close',
'quote_close',
'code','file','hr','preformatted','rss',
'htmlblock','phpblock',
'footnote_close',
);

27
inc/Parsing/ParserMode/Html.php
View File

@ -1,27 +0,0 @@
<?php
namespace dokuwiki\Parsing\ParserMode;
class Html extends AbstractMode
{
/** @inheritdoc */
public function connectTo($mode)
{
$this->Lexer->addEntryPattern('<html>(?=.*</html>)', $mode, 'html');
$this->Lexer->addEntryPattern('<HTML>(?=.*</HTML>)', $mode, 'htmlblock');
}
/** @inheritdoc */
public function postConnect()
{
$this->Lexer->addExitPattern('</html>', 'html');
$this->Lexer->addExitPattern('</HTML>', 'htmlblock');
}
/** @inheritdoc */
public function getSort()
{
return 190;
}
}

27
inc/Parsing/ParserMode/Php.php
View File

@ -1,27 +0,0 @@
<?php
namespace dokuwiki\Parsing\ParserMode;
class Php extends AbstractMode
{
/** @inheritdoc */
public function connectTo($mode)
{
$this->Lexer->addEntryPattern('<php>(?=.*</php>)', $mode, 'php');
$this->Lexer->addEntryPattern('<PHP>(?=.*</PHP>)', $mode, 'phpblock');
}
/** @inheritdoc */
public function postConnect()
{
$this->Lexer->addExitPattern('</php>', 'php');
$this->Lexer->addExitPattern('</PHP>', 'phpblock');
}
/** @inheritdoc */
public function getSort()
{
return 180;
}
}

52
inc/parser/handler.php
View File

@ -539,58 +539,6 @@ class Doku_Handler {
return true;
}
/**
* @param string $match matched syntax
* @param int $state a LEXER_STATE_* constant
* @param int $pos byte position in the original source file
* @return bool mode handled?
*/
public function php($match, $state, $pos) {
if ( $state == DOKU_LEXER_UNMATCHED ) {
$this->addCall('php', array($match), $pos);
}
return true;
}
/**
* @param string $match matched syntax
* @param int $state a LEXER_STATE_* constant
* @param int $pos byte position in the original source file
* @return bool mode handled?
*/
public function phpblock($match, $state, $pos) {
if ( $state == DOKU_LEXER_UNMATCHED ) {
$this->addCall('phpblock', array($match), $pos);
}
return true;
}
/**
* @param string $match matched syntax
* @param int $state a LEXER_STATE_* constant
* @param int $pos byte position in the original source file
* @return bool mode handled?
*/
public function html($match, $state, $pos) {
if ( $state == DOKU_LEXER_UNMATCHED ) {
$this->addCall('html', array($match), $pos);
}
return true;
}
/**
* @param string $match matched syntax
* @param int $state a LEXER_STATE_* constant
* @param int $pos byte position in the original source file
* @return bool mode handled?
*/
public function htmlblock($match, $state, $pos) {
if ( $state == DOKU_LEXER_UNMATCHED ) {
$this->addCall('htmlblock', array($match), $pos);
}
return true;
}
/**
* @param string $match matched syntax
* @param int $state a LEXER_STATE_* constant

2
inc/parser/parser.php
View File

@ -34,7 +34,7 @@ $PARSER_MODES = array(
// modes which have a start and end token but inside which
// no other modes should be applied
'protected' => array('preformatted', 'code', 'file', 'php', 'html', 'htmlblock', 'phpblock'),
'protected' => array('preformatted', 'code', 'file'),
// inside this mode no wiki markup should be applied but lineendings
// and whitespace isn't preserved

42
inc/parser/renderer.php
View File

@ -389,48 +389,6 @@ abstract class Doku_Renderer extends Plugin {
$this->cdata($text);
}
/**
* Output inline PHP code
*
* If $conf['phpok'] is true this should evaluate the given code and append the result
* to $doc
*
* @param string $text The PHP code
*/
public function php($text) {
}
/**
* Output block level PHP code
*
* If $conf['phpok'] is true this should evaluate the given code and append the result
* to $doc
*
* @param string $text The PHP code
*/
public function phpblock($text) {
}
/**
* Output raw inline HTML
*
* If $conf['htmlok'] is true this should add the code as is to $doc
*
* @param string $text The HTML
*/
public function html($text) {
}
/**
* Output raw block-level HTML
*
* If $conf['htmlok'] is true this should add the code as is to $doc
*
* @param string $text The HTML
*/
public function htmlblock($text) {
}
/**
* Output preformatted text
*

68
inc/parser/xhtml.php
View File

@ -543,68 +543,6 @@ class Doku_Renderer_xhtml extends Doku_Renderer {
$this->doc .= $this->_xmlEntities($text);
}
/**
* Execute PHP code if allowed
*
* @param string $text PHP code that is either executed or printed
* @param string $wrapper html element to wrap result if $conf['phpok'] is okff
*
* @author Andreas Gohr <andi@splitbrain.org>
*/
public function php($text, $wrapper = 'code') {
global $conf;
if($conf['phpok']) {
ob_start();
eval($text);
$this->doc .= ob_get_contents();
ob_end_clean();
} else {
$this->doc .= p_xhtml_cached_geshi($text, 'php', $wrapper);
}
}
/**
* Output block level PHP code
*
* If $conf['phpok'] is true this should evaluate the given code and append the result
* to $doc
*
* @param string $text The PHP code
*/
public function phpblock($text) {
$this->php($text, 'pre');
}
/**
* Insert HTML if allowed
*
* @param string $text html text
* @param string $wrapper html element to wrap result if $conf['htmlok'] is okff
*
* @author Andreas Gohr <andi@splitbrain.org>
*/
public function html($text, $wrapper = 'code') {
global $conf;
if($conf['htmlok']) {
$this->doc .= $text;
} else {
$this->doc .= p_xhtml_cached_geshi($text, 'html4strict', $wrapper);
}
}
/**
* Output raw block-level HTML
*
* If $conf['htmlok'] is true this should add the code as is to $doc
*
* @param string $text The HTML
*/
public function htmlblock($text) {
$this->html($text, 'pre');
}
/**
* Start a block quote
*/
@ -1368,11 +1306,7 @@ class Doku_Renderer_xhtml extends Doku_Renderer {
}
if($params['details']) {
$this->doc .= '<div class="detail">';
if($conf['htmlok']) {
$this->doc .= $item->get_description();
} else {
$this->doc .= strip_tags($item->get_description());
}
$this->doc .= strip_tags($item->get_description());
$this->doc .= '</div>';
}

2
inc/parserutils.php
View File

@ -580,7 +580,7 @@ function p_get_parsermodes(){
// add default modes
$std_modes = array('listblock','preformatted','notoc','nocache',
'header','table','linebreak','footnote','hr',
'unformatted','php','html','code','file','quote',
'unformatted','code','file','quote',
'internallink','rss','media','externallink',
'emaillink','windowssharelink','eol');
if($conf['typography']){

2
lib/plugins/config/lang/en/lang.php
View File

@ -119,8 +119,6 @@ $lang['iexssprotect']= 'Check uploaded files for possibly malicious JavaScript o
/* Editing Settings */
$lang['usedraft'] = 'Automatically save a draft while editing';
$lang['htmlok'] = 'Allow embedded HTML';
$lang['phpok'] = 'Allow embedded PHP';
$lang['locktime'] = 'Maximum age for lock files (sec)';
$lang['cachetime'] = 'Maximum age for cache (sec)';

2
lib/plugins/config/settings/config.metadata.php
View File

@ -171,8 +171,6 @@ $meta['iexssprotect']= array('onoff','_caution' => 'security');
$meta['_editing'] = array('fieldset');
$meta['usedraft'] = array('onoff');
$meta['htmlok'] = array('onoff','_caution' => 'security');
$meta['phpok'] = array('onoff','_caution' => 'security');
$meta['locktime'] = array('numeric');
$meta['cachetime'] = array('numeric');