HTMLPurifier Breaking Images

瘦欲@ 提交于 2020-01-02 08:02:35

问题


I'm trying to run HTMLPurifier on user input from a WYSIWYG (CK Editor) and the images are breaking.

Unfiltered Input:

<img alt="laugh" src="/lib/ckeditor/plugins/smiley/images/teeth_smile.gif" title="laugh">

After running through purifier with default settings:

<img alt="&quot;laugh&quot;" src="%5C" title="&quot;laugh&quot;">

I have tried changing the configuration settings; but I the src is never preserved. Any thoughts?


回答1:


I have a suspicion that magic_quotes could be a reason..?

Also did you try $config->set('Core.RemoveInvalidImg',true);. Which version are you using? (Try older or newer)




回答2:


Had the same problem. This fixed it

if (get_magic_quotes_gpc()) {
function stripslashes_gpc(&$value)
{
    $value = stripslashes($value);
}
array_walk_recursive($_GET, 'stripslashes_gpc');
array_walk_recursive($_POST, 'stripslashes_gpc');
array_walk_recursive($_COOKIE, 'stripslashes_gpc');
array_walk_recursive($_REQUEST, 'stripslashes_gpc');

}




回答3:


I don't know what htmlpurifier is, but the img tag you have there is perfectly legitimate (except it is unclosed) before running it. After you run it, it is doubly escaping things and that just seems like garbage. %5C is the url code for a backslash. Seems like it is trying to escape the forward slash with a backslash and then it chokes. What is this program? Can I recommend HTML Tidy?




回答4:


Coming back to an old post, I thought this little snippet might help others ending up here..

I fixed a multitude of unusual activity in my code to do with escaping characters by adding this line to my .htaccess file

php_flag magic_quotes_gpc Off

From PHP documentation "This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0" http://www.php.net/manual/en/security.magicquotes.what.php

Also, here are other ways to disable magic quotes http://www.php.net/manual/en/security.magicquotes.disabling.php



来源:https://stackoverflow.com/questions/3895826/htmlpurifier-breaking-images

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!