问题
I'm trying to run HTMLPurifier on user input from a WYSIWYG (CK Editor) and the images are breaking.
Unfiltered Input:
<img alt="laugh" src="/lib/ckeditor/plugins/smiley/images/teeth_smile.gif" title="laugh">
After running through purifier with default settings:
<img alt=""laugh"" src="%5C" title=""laugh"">
I have tried changing the configuration settings; but I the src is never preserved. Any thoughts?
回答1:
I have a suspicion that magic_quotes could be a reason..?
Also did you try $config->set('Core.RemoveInvalidImg',true);
. Which version are you using? (Try older or newer)
回答2:
Had the same problem. This fixed it
if (get_magic_quotes_gpc()) {
function stripslashes_gpc(&$value)
{
$value = stripslashes($value);
}
array_walk_recursive($_GET, 'stripslashes_gpc');
array_walk_recursive($_POST, 'stripslashes_gpc');
array_walk_recursive($_COOKIE, 'stripslashes_gpc');
array_walk_recursive($_REQUEST, 'stripslashes_gpc');
}
回答3:
I don't know what htmlpurifier is, but the img tag you have there is perfectly legitimate (except it is unclosed) before running it. After you run it, it is doubly escaping things and that just seems like garbage. %5C is the url code for a backslash. Seems like it is trying to escape the forward slash with a backslash and then it chokes. What is this program? Can I recommend HTML Tidy?
回答4:
Coming back to an old post, I thought this little snippet might help others ending up here..
I fixed a multitude of unusual activity in my code to do with escaping characters by adding this line to my .htaccess file
php_flag magic_quotes_gpc Off
From PHP documentation "This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0" http://www.php.net/manual/en/security.magicquotes.what.php
Also, here are other ways to disable magic quotes http://www.php.net/manual/en/security.magicquotes.disabling.php
来源:https://stackoverflow.com/questions/3895826/htmlpurifier-breaking-images