function _saferpermissions_text_format_is_forbidden in Safer Permissions 7

Decides if a text format is safe for anonymous.

Parameters

string $name: Machine name of the text format.

Return value

bool Returns FALSE if the text format is safe, TRUE otherwise.

1 call to _saferpermissions_text_format_is_forbidden()

saferpermissions_saferpermissions_anonymous_permission_ban_info in ./saferpermissions.module: Implements hook_saferpermissions_anonymous_permission_ban_info().

File

./saferpermissions.module, line 239: Disallows unwanted permissions for anonymous.

Code

function _saferpermissions_text_format_is_forbidden($name) {
  $filters = filter_list_format($name);

  // Display any HTML as plain text.
  if ($filters['filter_html_escape']->status) {
    return FALSE;
  }

  // Limit allowed HTML tags.
  if ($filters['filter_html']->status) {

    // Make sure that malicious HTML tags are not enabled.
    $allowed_html = $filters['filter_html']->settings['allowed_html'];
    $malicious_tags = array(
      'iframe',
      'script',
      'style',
      'link',
      'object',
      'embed',
    );
    foreach ($malicious_tags as $malicious_tag) {
      if (strpos($allowed_html, "<{$malicious_tag}>") !== FALSE) {
        return TRUE;
      }
    }
    return FALSE;
  }

  // HTML Purifier.
  if (isset($filters['htmlpurifier_basic']) && $filters['htmlpurifier_basic']->status) {
    return FALSE;
  }
  return TRUE;
}

You are here

function _saferpermissions_text_format_is_forbidden in Safer Permissions 7

Parameters

Return value

File

Code

API Navigation