From bbe6b3a78bfaae7c3435ed2f909108be642b4684 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Wed, 12 Oct 2022 13:22:27 +0200 Subject: [PATCH] Remove the htmlok and phpok embedding options Both options have grave security implications and novice users seem to ignore advice about them. In the last decades I never came across a wiki that had legitimate use of these options. If someone needs the functionality, it can easily be added back using a plugin. But I prefer to give users one less option to shoot themselves in the foot. Removal of the translations for the config strings can follow after this has been merged. --- _test/data/pages/wiki/syntax.txt | 141 ++++++++---------- .../inc/parser/parser_preformatted.test.php | 35 ----- conf/dokuwiki.php | 2 - data/pages/wiki/syntax.txt | 53 +------ inc/Parsing/Handler/Block.php | 2 - inc/Parsing/ParserMode/Html.php | 27 ---- inc/Parsing/ParserMode/Php.php | 27 ---- inc/parser/handler.php | 52 ------- inc/parser/parser.php | 2 +- inc/parser/renderer.php | 42 ------ inc/parser/xhtml.php | 68 +-------- inc/parserutils.php | 2 +- lib/plugins/config/lang/en/lang.php | 2 - .../config/settings/config.metadata.php | 2 - 14 files changed, 69 insertions(+), 388 deletions(-) delete mode 100644 inc/Parsing/ParserMode/Html.php delete mode 100644 inc/Parsing/ParserMode/Php.php diff --git a/_test/data/pages/wiki/syntax.txt b/_test/data/pages/wiki/syntax.txt index 41848728d..516798df8 100644 --- a/_test/data/pages/wiki/syntax.txt +++ b/_test/data/pages/wiki/syntax.txt @@ -1,6 +1,6 @@ ====== Formatting Syntax ====== -[[doku>DokuWiki]] supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing the //Edit this page// button at the top or bottom of the page. If you want to try something, just use the [[playground:playground|playground]] page. The simpler markup is easily accessible via [[doku>toolbar|quickbuttons]], too. +[[doku>DokuWiki]] supports some simple markup language, which tries to make the datafiles to be as readable as possible. This page contains all possible syntax you may use when editing the pages. Simply have a look at the source of this page by pressing "Edit this page". If you want to try something, just use the [[playground:playground|playground]] page. The simpler markup is easily accessible via [[doku>toolbar|quickbuttons]], too. ===== Basic Text Formatting ===== @@ -83,9 +83,14 @@ Windows shares like [[\\server\share|this]] are recognized, too. Please note tha Notes: * For security reasons direct browsing of windows shares only works in Microsoft Internet Explorer per default (and only in the "local zone"). - * For Mozilla and Firefox it can be enabled through different workaround mentioned in the [[http://kb.mozillazine.org/Links_to_local_pages_do_not_work|Mozilla Knowledge Base]]. However, there will still be a JavaScript warning about trying to open a Windows Share. To remove this warning (for all users), put the following line in ''conf/local.protected.php'': - - $lang['js']['nosmblinks'] = ''; + * For Mozilla and Firefox it can be enabled through different workaround mentioned in the [[http://kb.mozillazine.org/Links_to_local_pages_do_not_work|Mozilla Knowledge Base]]. However, there will still be a JavaScript warning about trying to open a Windows Share. To remove this warning (for all users), put the following line in ''conf/lang/en/lang.php'' (more details at [[doku>localization#changing_some_localized_texts_and_strings_in_your_installation|localization]]): + ==== Image Links ==== @@ -121,9 +126,9 @@ By using four or more dashes, you can make a horizontal line: ---- -===== Images and Other Files ===== +===== Media Files ===== -You can include external and internal [[doku>images]] with curly brackets. Optionally you can specify the size of them. +You can include external and internal [[doku>images|images, videos and audio files]] with curly brackets. Optionally you can specify the size of them. Real size: {{wiki:dokuwiki-128.png}} @@ -131,12 +136,12 @@ Resize to given width: {{wiki:dokuwiki-128.png?50}} Resize to given width and height((when the aspect ratio of the given width and height doesn't match that of the image, it will be cropped to the new ratio before resizing)): {{wiki:dokuwiki-128.png?200x50}} -Resized external image: {{http://php.net/images/php.gif?200x50}} +Resized external image:           {{https://secure.php.net/images/php.gif?200x50}} Real size: {{wiki:dokuwiki-128.png}} Resize to given width: {{wiki:dokuwiki-128.png?50}} Resize to given width and height: {{wiki:dokuwiki-128.png?200x50}} - Resized external image: {{http://php.net/images/php.gif?200x50}} + Resized external image:           {{https://secure.php.net/images/php.gif?200x50}} By using left or right whitespaces you can choose the alignment. @@ -157,10 +162,37 @@ Of course, you can add a title (displayed as a tooltip by most browsers), too. {{ wiki:dokuwiki-128.png |This is the caption}} -If you specify a filename (external or internal) that is not an image (''gif, jpeg, png''), then it will be displayed as a link instead. - For linking an image to another page see [[#Image Links]] above. +==== Supported Media Formats ==== + +DokuWiki can embed the following media formats directly. + +| Image | ''gif'', ''jpg'', ''png'' | +| Video | ''webm'', ''ogv'', ''mp4'' | +| Audio | ''ogg'', ''mp3'', ''wav'' | +| Flash | ''swf'' | + +If you specify a filename that is not a supported media format, then it will be displayed as a link instead. + +By adding ''?linkonly'' you provide a link to the media without displaying it inline + + {{wiki:dokuwiki-128.png?linkonly}} + +{{wiki:dokuwiki-128.png?linkonly}} This is just a link to the image. + +==== Fallback Formats ==== + +Unfortunately not all browsers understand all video and audio formats. To mitigate the problem, you can upload your file in different formats for maximum browser compatibility. + +For example consider this embedded mp4 video: + + {{video.mp4|A funny video}} + +When you upload a ''video.webm'' and ''video.ogv'' next to the referenced ''video.mp4'', DokuWiki will automatically add them as alternatives so that one of the three files is understood by your browser. + +Additionally DokuWiki supports a "poster" image which will be shown before the video has started. That image needs to have the same filename as the video and be either a jpg or png file. In the example above a ''video.jpg'' file would work. + ===== Lists ===== Dokuwiki supports ordered and unordered lists. To create a list item, indent your text by two spaces and use a ''*'' for unordered lists or a ''-'' for ordered ones. @@ -214,6 +246,7 @@ DokuWiki converts commonly used [[wp>emoticon]]s to their graphical equivalents. * :-| %% :-| %% * ;-) %% ;-) %% * ^_^ %% ^_^ %% + * m( %% m( %% * :?: %% :?: %% * :!: %% :!: %% * LOL %% LOL %% @@ -240,17 +273,19 @@ There are three exceptions which do not come from that pattern file: multiplicat Some times you want to mark some text to show it's a reply or comment. You can use the following syntax: - I think we should do it - - > No we shouldn't - - >> Well, I say we should - - > Really? - - >> Yes! - - >>> Then lets do it! + +I think we should do it + +> No we shouldn't + +>> Well, I say we should + +> Really? + +>> Yes! + +>>> Then lets do it! + I think we should do it @@ -296,7 +331,7 @@ As you can see, it's the cell separator before a cell which decides about the fo ^ Heading 4 | no colspan this time | | ^ Heading 5 | Row 2 Col 2 | Row 2 Col 3 | -You can have rowspans (vertically connected cells) by adding '':::'' into the cells below the one to which they should connect. +You can have rowspans (vertically connected cells) by adding ''%%:::%%'' into the cells below the one to which they should connect. ^ Heading 1 ^ Heading 2 ^ Heading 3 ^ | Row 1 Col 1 | this cell spans vertically | Row 1 Col 3 | @@ -382,11 +417,13 @@ class HelloWorldApp { } -The following language strings are currently recognized: //4cs, abap, actionscript-french, actionscript, actionscript3, ada, apache, applescript, asm, asp, autoconf, autohotkey, autoit, avisynth, awk, bash, basic4gl, bf, bibtex, blitzbasic, bnf, boo, c, c_mac, caddcl, cadlisp, cfdg, cfm, chaiscript, cil, clojure, cmake, cobol, cpp, cpp-qt, csharp, css, cuesheet, d, dcs, delphi, diff, div, dos, dot, ecmascript, eiffel, email, erlang, fo, fortran, freebasic, fsharp, gambas, genero, genie, gdb, glsl, gml, gnuplot, groovy, gettext, gwbasic, haskell, hicest, hq9plus, html, icon, idl, ini, inno, intercal, io, j, java5, java, javascript, jquery, kixtart, klonec, klonecpp, latex, lisp, locobasic, logtalk, lolcode, lotusformulas, lotusscript, lscript, lsl2, lua, m68k, magiksf, make, mapbasic, matlab, mirc, modula2, modula3, mmix, mpasm, mxml, mysql, newlisp, nsis, oberon2, objc, ocaml-brief, ocaml, oobas, oracle8, oracle11, oxygene, oz, pascal, pcre, perl, perl6, per, pf, php-brief, php, pike, pic16, pixelbender, plsql, postgresql, povray, powerbuilder, powershell, progress, prolog, properties, providex, purebasic, python, q, qbasic, rails, rebol, reg, robots, rpmspec, rsplus, ruby, sas, scala, scheme, scilab, sdlbasic, smalltalk, smarty, sql, systemverilog, tcl, teraterm, text, thinbasic, tsql, typoscript, unicon, vala, vbnet, vb, verilog, vhdl, vim, visualfoxpro, visualprolog, whitespace, winbatch, whois, xbasic, xml, xorg_conf, xpp, z80// +The following language strings are currently recognized: //4cs 6502acme 6502kickass 6502tasm 68000devpac abap actionscript3 actionscript ada aimms algol68 apache applescript apt_sources arm asm asp asymptote autoconf autohotkey autoit avisynth awk bascomavr bash basic4gl batch bf biblatex bibtex blitzbasic bnf boo caddcl cadlisp ceylon cfdg cfm chaiscript chapel cil c_loadrunner clojure c_mac cmake cobol coffeescript c cpp cpp-qt cpp-winapi csharp css cuesheet c_winapi dart dcl dcpu16 dcs delphi diff div dos dot d ecmascript eiffel email epc e erlang euphoria ezt f1 falcon fo fortran freebasic freeswitch fsharp gambas gdb genero genie gettext glsl gml gnuplot go groovy gwbasic haskell haxe hicest hq9plus html html4strict html5 icon idl ini inno intercal io ispfpanel java5 java javascript jcl j jquery julia kixtart klonec klonecpp kotlin latex lb ldif lisp llvm locobasic logtalk lolcode lotusformulas lotusscript lscript lsl2 lua m68k magiksf make mapbasic mathematica matlab mercury metapost mirc mk-61 mmix modula2 modula3 mpasm mxml mysql nagios netrexx newlisp nginx nimrod nsis oberon2 objc objeck ocaml-brief ocaml octave oobas oorexx oracle11 oracle8 oxygene oz parasail parigp pascal pcre perl6 perl per pf phix php-brief php pic16 pike pixelbender pli plsql postgresql postscript povray powerbuilder powershell proftpd progress prolog properties providex purebasic pycon pys60 python qbasic qml q racket rails rbs rebol reg rexx robots roff rpmspec rsplus ruby rust sas sass scala scheme scilab scl sdlbasic smalltalk smarty spark sparql sql sshconfig standardml stonescript swift systemverilog tclegg tcl teraterm texgraph text thinbasic tsql twig typoscript unicon upc urbi uscript vala vbnet vb vbscript vedit verilog vhdl vim visualfoxpro visualprolog whitespace whois winbatch wolfram xbasic xml xojo xorg_conf xpp yaml z80 zxbasic// + +There are additional [[doku>syntax_highlighting|advanced options]] available for syntax highlighting, such as highlighting lines or adding line numbers. ==== Downloadable Code Blocks ==== -When you use the ''%%%%'' or ''%%%%'' syntax as above, you might want to make the shown code available for download as well. You can to this by specifying a file name after language code like this: +When you use the ''%%%%'' or ''%%%%'' syntax as above, you might want to make the shown code available for download as well. You can do this by specifying a file name after language code like this: @@ -400,57 +437,6 @@ When you use the ''%%%%'' or ''%%%%'' syntax as above, you might wan If you don't want any highlighting but want a downloadable file, specify a dash (''-'') as the language code: ''%%%%''. - -===== Embedding HTML and PHP ===== - -You can embed raw HTML or PHP code into your documents by using the ''%%%%'' or ''%%%%'' tags. (Use uppercase tags if you need to enclose block level elements.) - -HTML example: - - - -This is some inline HTML - - -

And this is some block HTML

- - - - -This is some inline HTML - - -

And this is some block HTML

- - -PHP example: - - - -echo 'A logo generated by PHP:'; -echo 'PHP Logo !'; -echo '(generated inline HTML)'; - - -echo ''; -echo ''; -echo '
The same, but inside a block level element:PHP Logo !
'; - - - - -echo 'A logo generated by PHP:'; -echo 'PHP Logo !'; -echo '(inline HTML)'; - - -echo ''; -echo ''; -echo '
The same, but inside a block level element:PHP Logo !
'; - - -**Please Note**: HTML and PHP embedding is disabled by default in the configuration. If disabled, the code is displayed instead of executed. - ===== RSS/ATOM Feed Aggregation ===== [[DokuWiki]] can integrate data from external XML feeds. For parsing the XML feeds, [[http://simplepie.org/|SimplePie]] is used. All formats understood by SimplePie can be used in DokuWiki as well. You can influence the rendering by multiple additional space separated parameters: @@ -459,11 +445,14 @@ echo ''; | reverse | display the last items in the feed first | | author | show item authors names | | date | show item dates | -| description| show the item description. If [[doku>config:htmlok|HTML]] is disabled all tags will be stripped | +| description| show the item description. All HTML tags will be stripped | +| nosort | do not sort the items in the feed | | //n//[dhm] | refresh period, where d=days, h=hours, m=minutes. (e.g. 12h = 12 hours). | The refresh period defaults to 4 hours. Any value below 10 minutes will be treated as 10 minutes. [[wiki:DokuWiki]] will generally try to supply a cached version of a page, obviously this is inappropriate when the page contains dynamic external content. The parameter tells [[wiki:DokuWiki]] to re-render the page if it is more than //refresh period// since the page was last rendered. +By default the feed will be sorted by date, newest items first. You can sort it by oldest first using the ''reverse'' parameter, or display the feed as is with ''nosort''. + **Example:** {{rss>http://slashdot.org/index.rss 5 author date 1h }} diff --git a/_test/tests/inc/parser/parser_preformatted.test.php b/_test/tests/inc/parser/parser_preformatted.test.php index ad99f2916..546b4551f 100644 --- a/_test/tests/inc/parser/parser_preformatted.test.php +++ b/_test/tests/inc/parser/parser_preformatted.test.php @@ -182,41 +182,6 @@ class TestOfDoku_Parser_Preformatted extends TestOfDoku_Parser { $this->assertEquals(array_map('stripbyteindex',$this->H->calls),$calls); } - // test for php - function testPHP() { - - $this->P->addMode('php',new Php()); - $this->P->parse('Foo testing Bar'); - $calls = array ( - array('document_start',array()), - array('p_open',array()), - array('cdata',array("\n".'Foo ')), - array('php',array('testing')), - array('cdata',array(' Bar')), - array('p_close',array()), - array('document_end',array()), - ); - $this->assertEquals(array_map('stripbyteindex',$this->H->calls),$calls); - } - - // test with for HTML - function testHTML() { - - $this->P->addMode('html',new Html()); - $this->P->parse('Foo testing Bar'); - $calls = array ( - array('document_start',array()), - array('p_open',array()), - array('cdata',array("\n".'Foo ')), - array('html',array('testing')), - array('cdata',array(' Bar')), - array('p_close',array()), - array('document_end',array()), - ); - $this->assertEquals(array_map('stripbyteindex',$this->H->calls),$calls); - } - - function testPreformattedPlusHeaderAndEol() { // Note that EOL must come after preformatted! diff --git a/conf/dokuwiki.php b/conf/dokuwiki.php index bfb1ed7c5..83371f0ce 100644 --- a/conf/dokuwiki.php +++ b/conf/dokuwiki.php @@ -81,8 +81,6 @@ $conf['iexssprotect']= 1; // check for JavaScript and HTML in upl /* Editing Settings */ $conf['usedraft'] = 1; //automatically save a draft while editing (0|1) -$conf['htmlok'] = 0; //may raw HTML be embedded? This may break layout and XHTML validity 0|1 -$conf['phpok'] = 0; //may PHP code be embedded? Never do this on the internet! 0|1 $conf['locktime'] = 15*60; //maximum age for lockfiles (defaults to 15 minutes) $conf['cachetime'] = 60*60*24; //maximum age for cachefile in seconds (defaults to a day) diff --git a/data/pages/wiki/syntax.txt b/data/pages/wiki/syntax.txt index f1e7e38f4..516798df8 100644 --- a/data/pages/wiki/syntax.txt +++ b/data/pages/wiki/syntax.txt @@ -437,57 +437,6 @@ When you use the ''%%%%'' or ''%%%%'' syntax as above, you might wan If you don't want any highlighting but want a downloadable file, specify a dash (''-'') as the language code: ''%%%%''. - -===== Embedding HTML and PHP ===== - -You can embed raw HTML or PHP code into your documents by using the ''%%%%'' or ''%%%%'' tags. (Use uppercase tags if you need to enclose block level elements.) - -HTML example: - - - -This is some inline HTML - - -

And this is some block HTML

- - - - -This is some inline HTML - - -

And this is some block HTML

- - -PHP example: - - - -echo 'The PHP version: '; -echo phpversion(); -echo ' (generated inline HTML)'; - - -echo ''; -echo ''; -echo '
The same, but inside a block level element:'.phpversion().'
'; - - - - -echo 'The PHP version: '; -echo phpversion(); -echo ' (inline HTML)'; - - -echo ''; -echo ''; -echo '
The same, but inside a block level element:'.phpversion().'
'; - - -**Please Note**: HTML and PHP embedding is disabled by default in the configuration. If disabled, the code is displayed instead of executed. - ===== RSS/ATOM Feed Aggregation ===== [[DokuWiki]] can integrate data from external XML feeds. For parsing the XML feeds, [[http://simplepie.org/|SimplePie]] is used. All formats understood by SimplePie can be used in DokuWiki as well. You can influence the rendering by multiple additional space separated parameters: @@ -496,7 +445,7 @@ echo ''; | reverse | display the last items in the feed first | | author | show item authors names | | date | show item dates | -| description| show the item description. If [[doku>config:htmlok|HTML]] is disabled all tags will be stripped | +| description| show the item description. All HTML tags will be stripped | | nosort | do not sort the items in the feed | | //n//[dhm] | refresh period, where d=days, h=hours, m=minutes. (e.g. 12h = 12 hours). | diff --git a/inc/Parsing/Handler/Block.php b/inc/Parsing/Handler/Block.php index 4cfa686d4..586810438 100644 --- a/inc/Parsing/Handler/Block.php +++ b/inc/Parsing/Handler/Block.php @@ -20,7 +20,6 @@ class Block 'table_open','tablerow_open','tablecell_open','tableheader_open','tablethead_open', 'quote_open', 'code','file','hr','preformatted','rss', - 'htmlblock','phpblock', 'footnote_open', ); @@ -30,7 +29,6 @@ class Block 'table_close','tablerow_close','tablecell_close','tableheader_close','tablethead_close', 'quote_close', 'code','file','hr','preformatted','rss', - 'htmlblock','phpblock', 'footnote_close', ); diff --git a/inc/Parsing/ParserMode/Html.php b/inc/Parsing/ParserMode/Html.php deleted file mode 100644 index f5b63ef09..000000000 --- a/inc/Parsing/ParserMode/Html.php +++ /dev/null @@ -1,27 +0,0 @@ -Lexer->addEntryPattern('(?=.*)', $mode, 'html'); - $this->Lexer->addEntryPattern('(?=.*)', $mode, 'htmlblock'); - } - - /** @inheritdoc */ - public function postConnect() - { - $this->Lexer->addExitPattern('', 'html'); - $this->Lexer->addExitPattern('', 'htmlblock'); - } - - /** @inheritdoc */ - public function getSort() - { - return 190; - } -} diff --git a/inc/Parsing/ParserMode/Php.php b/inc/Parsing/ParserMode/Php.php deleted file mode 100644 index 914648b51..000000000 --- a/inc/Parsing/ParserMode/Php.php +++ /dev/null @@ -1,27 +0,0 @@ -Lexer->addEntryPattern('(?=.*)', $mode, 'php'); - $this->Lexer->addEntryPattern('(?=.*)', $mode, 'phpblock'); - } - - /** @inheritdoc */ - public function postConnect() - { - $this->Lexer->addExitPattern('', 'php'); - $this->Lexer->addExitPattern('', 'phpblock'); - } - - /** @inheritdoc */ - public function getSort() - { - return 180; - } -} diff --git a/inc/parser/handler.php b/inc/parser/handler.php index a3609609c..3562e6192 100644 --- a/inc/parser/handler.php +++ b/inc/parser/handler.php @@ -539,58 +539,6 @@ class Doku_Handler { return true; } - /** - * @param string $match matched syntax - * @param int $state a LEXER_STATE_* constant - * @param int $pos byte position in the original source file - * @return bool mode handled? - */ - public function php($match, $state, $pos) { - if ( $state == DOKU_LEXER_UNMATCHED ) { - $this->addCall('php', array($match), $pos); - } - return true; - } - - /** - * @param string $match matched syntax - * @param int $state a LEXER_STATE_* constant - * @param int $pos byte position in the original source file - * @return bool mode handled? - */ - public function phpblock($match, $state, $pos) { - if ( $state == DOKU_LEXER_UNMATCHED ) { - $this->addCall('phpblock', array($match), $pos); - } - return true; - } - - /** - * @param string $match matched syntax - * @param int $state a LEXER_STATE_* constant - * @param int $pos byte position in the original source file - * @return bool mode handled? - */ - public function html($match, $state, $pos) { - if ( $state == DOKU_LEXER_UNMATCHED ) { - $this->addCall('html', array($match), $pos); - } - return true; - } - - /** - * @param string $match matched syntax - * @param int $state a LEXER_STATE_* constant - * @param int $pos byte position in the original source file - * @return bool mode handled? - */ - public function htmlblock($match, $state, $pos) { - if ( $state == DOKU_LEXER_UNMATCHED ) { - $this->addCall('htmlblock', array($match), $pos); - } - return true; - } - /** * @param string $match matched syntax * @param int $state a LEXER_STATE_* constant diff --git a/inc/parser/parser.php b/inc/parser/parser.php index aee82f01d..77f47e3ac 100644 --- a/inc/parser/parser.php +++ b/inc/parser/parser.php @@ -34,7 +34,7 @@ $PARSER_MODES = array( // modes which have a start and end token but inside which // no other modes should be applied - 'protected' => array('preformatted', 'code', 'file', 'php', 'html', 'htmlblock', 'phpblock'), + 'protected' => array('preformatted', 'code', 'file'), // inside this mode no wiki markup should be applied but lineendings // and whitespace isn't preserved diff --git a/inc/parser/renderer.php b/inc/parser/renderer.php index c2055d647..d1e1bb5b8 100644 --- a/inc/parser/renderer.php +++ b/inc/parser/renderer.php @@ -389,48 +389,6 @@ abstract class Doku_Renderer extends Plugin { $this->cdata($text); } - /** - * Output inline PHP code - * - * If $conf['phpok'] is true this should evaluate the given code and append the result - * to $doc - * - * @param string $text The PHP code - */ - public function php($text) { - } - - /** - * Output block level PHP code - * - * If $conf['phpok'] is true this should evaluate the given code and append the result - * to $doc - * - * @param string $text The PHP code - */ - public function phpblock($text) { - } - - /** - * Output raw inline HTML - * - * If $conf['htmlok'] is true this should add the code as is to $doc - * - * @param string $text The HTML - */ - public function html($text) { - } - - /** - * Output raw block-level HTML - * - * If $conf['htmlok'] is true this should add the code as is to $doc - * - * @param string $text The HTML - */ - public function htmlblock($text) { - } - /** * Output preformatted text * diff --git a/inc/parser/xhtml.php b/inc/parser/xhtml.php index 5899320cf..72b0576cb 100644 --- a/inc/parser/xhtml.php +++ b/inc/parser/xhtml.php @@ -543,68 +543,6 @@ class Doku_Renderer_xhtml extends Doku_Renderer { $this->doc .= $this->_xmlEntities($text); } - /** - * Execute PHP code if allowed - * - * @param string $text PHP code that is either executed or printed - * @param string $wrapper html element to wrap result if $conf['phpok'] is okff - * - * @author Andreas Gohr - */ - public function php($text, $wrapper = 'code') { - global $conf; - - if($conf['phpok']) { - ob_start(); - eval($text); - $this->doc .= ob_get_contents(); - ob_end_clean(); - } else { - $this->doc .= p_xhtml_cached_geshi($text, 'php', $wrapper); - } - } - - /** - * Output block level PHP code - * - * If $conf['phpok'] is true this should evaluate the given code and append the result - * to $doc - * - * @param string $text The PHP code - */ - public function phpblock($text) { - $this->php($text, 'pre'); - } - - /** - * Insert HTML if allowed - * - * @param string $text html text - * @param string $wrapper html element to wrap result if $conf['htmlok'] is okff - * - * @author Andreas Gohr - */ - public function html($text, $wrapper = 'code') { - global $conf; - - if($conf['htmlok']) { - $this->doc .= $text; - } else { - $this->doc .= p_xhtml_cached_geshi($text, 'html4strict', $wrapper); - } - } - - /** - * Output raw block-level HTML - * - * If $conf['htmlok'] is true this should add the code as is to $doc - * - * @param string $text The HTML - */ - public function htmlblock($text) { - $this->html($text, 'pre'); - } - /** * Start a block quote */ @@ -1368,11 +1306,7 @@ class Doku_Renderer_xhtml extends Doku_Renderer { } if($params['details']) { $this->doc .= '
'; - if($conf['htmlok']) { - $this->doc .= $item->get_description(); - } else { - $this->doc .= strip_tags($item->get_description()); - } + $this->doc .= strip_tags($item->get_description()); $this->doc .= '
'; } diff --git a/inc/parserutils.php b/inc/parserutils.php index edcce9a08..c303c00a5 100644 --- a/inc/parserutils.php +++ b/inc/parserutils.php @@ -580,7 +580,7 @@ function p_get_parsermodes(){ // add default modes $std_modes = array('listblock','preformatted','notoc','nocache', 'header','table','linebreak','footnote','hr', - 'unformatted','php','html','code','file','quote', + 'unformatted','code','file','quote', 'internallink','rss','media','externallink', 'emaillink','windowssharelink','eol'); if($conf['typography']){ diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php index 3acfd90b5..69d273cf9 100644 --- a/lib/plugins/config/lang/en/lang.php +++ b/lib/plugins/config/lang/en/lang.php @@ -119,8 +119,6 @@ $lang['iexssprotect']= 'Check uploaded files for possibly malicious JavaScript o /* Editing Settings */ $lang['usedraft'] = 'Automatically save a draft while editing'; -$lang['htmlok'] = 'Allow embedded HTML'; -$lang['phpok'] = 'Allow embedded PHP'; $lang['locktime'] = 'Maximum age for lock files (sec)'; $lang['cachetime'] = 'Maximum age for cache (sec)'; diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index f8373ad6e..3e94c073d 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -171,8 +171,6 @@ $meta['iexssprotect']= array('onoff','_caution' => 'security'); $meta['_editing'] = array('fieldset'); $meta['usedraft'] = array('onoff'); -$meta['htmlok'] = array('onoff','_caution' => 'security'); -$meta['phpok'] = array('onoff','_caution' => 'security'); $meta['locktime'] = array('numeric'); $meta['cachetime'] = array('numeric');