bxslider_views_slideshow.module in BxSlider - Views slideshow integration 7

<?php

/** @file
 * Integrating BxSlider with Views Slideshow.
 */

/**
 * Implements hook_theme().
 */
function bxslider_views_slideshow_theme() {
  return array(
    'bxslider_views_slideshow_main_frame' => array(
      'variables' => array(
        'vss_id' => NULL,
        'view' => NULL,
        'settings' => NULL,
        'rows' => NULL,
      ),
      'template' => 'theme/bxslider-views-slideshow-main-frame',
      'file' => 'theme/bxslider_views_slideshow.theme.inc',
    ),
    'bxslider_views_slideshow_main_frame_row' => array(
      'variables' => array(
        'vss_id' => NULL,
        'items' => NULL,
        'count' => NULL,
        'view' => NULL,
      ),
      'template' => 'theme/bxslider-views-slideshow-main-frame-row',
      'file' => 'theme/bxslider_views_slideshow.theme.inc',
    ),
  );
}

/**
 * Gets the path to the Bxslider library.
 *
 * String @return
 *   The path to the Bxslider library js file, or FALSE if not found.
 */
function _bxslider_views_slideshow_library_path() {
  $library_path = libraries_get_path('bxslider');
  if (!empty($library_path)) {

    // Attempt to use minified version of bxslider plugin.
    $files = glob($library_path . '/jquery.bxslider.min.js');
    if ($bxslider_path = array_shift($files)) {
      return $bxslider_path;
    }
    else {
      $files = glob($library_path . '/jquery.bxslider.js');
      if ($bxslider_path = array_shift($files)) {
        return $bxslider_path;
      }
    }
  }
  return FALSE;
}

/**
 * Implements hook_help().
 */
function bxslider_views_slideshow_help($path, $arg) {
  switch ($path) {
    case 'admin/help#bxslider_views_slideshow':
      $output = '<p>' . t('Please read the README.txt file or create an issue on drupal.org.') . '</p>';
      return $output;
  }
}

/**
 * Filters HTML to prevent cross-site-scripting (XSS) vulnerabilities.
 *
 * Based on kses by Ulf Harnhammar, see http://sourceforge.net/projects/kses.
 * For examples of various XSS attacks, see: http://ha.ckers.org/xss.html.
 *
 * This code does four things:
 * - Removes characters and constructs that can trick browsers.
 * - Makes sure all HTML entities are well-formed.
 * - Makes sure all HTML tags and attributes are well-formed.
 * - Makes sure no HTML tags contain URLs with a disallowed protocol (e.g.
 *   javascript:).
 *
 * @param $string
 *   The string with raw HTML in it. It will be stripped of everything that can
 *   cause an XSS attack.
 * @param $allowed_tags
 *   An array of allowed tags.
 *
 * @return
 *   An XSS safe version of $string, or an empty string if $string is not
 *   valid UTF-8.
 *
 * @see drupal_validate_utf8()
 * @ingroup sanitization
 */
function bxslider_views_slideshow_filter_xss($string, $allowed_tags = array(
  'a',
  'em',
  'strong',
  'cite',
  'blockquote',
  'code',
  'ul',
  'ol',
  'li',
  'dl',
  'dt',
  'dd',
)) {

  // Only operate on valid UTF-8 strings. This is necessary to prevent cross
  // site scripting issues on Internet Explorer 6.
  if (!drupal_validate_utf8($string)) {
    return '';
  }

  // Store the text format.
  _filter_xss_split($allowed_tags, TRUE);

  // Remove NULL characters (ignored by some browsers).
  $string = str_replace(chr(0), '', $string);

  // Remove Netscape 4 JS entities.
  $string = preg_replace('%&\\s*\\{[^}]*(\\}\\s*;?|$)%', '', $string);

  // Defuse all HTML entities.
  // BELOW IS THE ONLY CHANGE !!!

  //$string = str_replace('&', '&amp;', $string);

  // Change back only well-formed entities in our whitelist:
  // Decimal numeric entities.
  $string = preg_replace('/&amp;#([0-9]+;)/', '&#\\1', $string);

  // Hexadecimal numeric entities.
  $string = preg_replace('/&amp;#[Xx]0*((?:[0-9A-Fa-f]{2})+;)/', '&#x\\1', $string);

  // Named entities.
  $string = preg_replace('/&amp;([A-Za-z][A-Za-z0-9]*;)/', '&\\1', $string);
  return preg_replace_callback('%
    (
    <(?=[^a-zA-Z!/])  # a lone <
    |                 # or
    <!--.*?-->        # a comment
    |                 # or
    <[^>]*(>|$)       # a string that starts with a <, up until the > or the end of the string
    |                 # or
    >                 # just a >
    )%x', '_filter_xss_split', $string);
}