为什么HTMLPurifier会截断此处的内容?我不知道,请让我知道你的想法?
很奇怪,它只是在显示PHP代码之前和之后截断,不是吗?
就好像有PHP代码一样,它只会显示并丢弃所有其他内容。 HTMLPurifiers论坛上存在相同的行为。
缩小到以下问题:
IF PHP CODE:
Truncate EVERYTHING but PHP CODE
查看:
<div class='groom_log_content'>
<fieldset class='border-fields'>
<legend class='bold'><?php echo $groom['content_name']; ?></legend>
<p class='editable_textarea fix_space' id='<?php echo $groom['content_id']; ?>'><?php echo $this->cleaner->purify($content); ?></p>
</fieldset>
</div>
配置:
<?php
require 'htmlpurifier-4.6.0/library/HTMLPurifier.auto.php'; // HTML Purifier
class Clean {
public function __construct() {
$this->config = HTMLPurifier_Config::createDefault();
$this->config->set('Attr.EnableID', true);
$this->config->set('Attr.IDPrefix', 'gc_');
$this->config->set('HTML.AllowedAttributes', '*.style,*.id,*.title,*.class,a.href,a.target,img.src,img.alt');
$this->config->set('HTML.Allowed', 'a, a.href, abbr, acronym, b, blockquote, br, button, caption, cite, code, dd, del, dfn, div, dl, dt, em, fieldset, i, img, input, ins, kbd, l
egend, li, ol, p, pre, s, span, style, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, var');
$this->def = $this->config->getHTMLDefinition(true);
$this->def->addAttribute('a', 'target', 'Enum#_blank,_self,_target,_top');
$this->fieldset = $this->def->addElement(
'fieldset',
'Block',
'Flow',
'Common',
array(null)
);
$this->legend = $this->def->addElement(
'legend',
'Block',
'Flow',
'Common',
array(null)
);
$this->input = $this->def->addElement(
'input',
'Block',
'Flow',
'Common',
array(null)
);
$this->textarea = $this->def->addElement(
'textarea',
'Block',
'Flow',
'Common',
array(null)
);
$this->button = $this->def->addElement(
'button',
'Block',
'Flow',
'Common',
array(null)
);
$this->def->addElement('fieldset', 'Form', 'Custom: (#WS?,legend,(Flow|#PCDATA)*)', 'Common');
$this->cleanse = new HTMLPurifier($this->config);
}
}
正在截断的数据库中的内容:
- The customer posts their MySQL connection string in chat with obvious errors and the agent tells them it looks correct.
5:17:52am Name: <html>
<head>
<title>Connecting to MySQL with PHP</title>
</head>
<body>
<?php
$db_host = 'localhost';
$db_user = 'user';
$db_pass = 'pass';
$conn = mysql_connect('host', 'user', 'pass', 'db');
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($conn);
?>
</body>
</html>
5:18:18am Name: is that the correct information to input so i can locate the database
5:19:13am Name: That looks to be correct.
Suggestion: Look at this line, it is the important one: $conn = mysql_connect('host', 'user', 'pass', 'db');
Though you cannot diagnose the code, you could immediately correct two issues. You must look for a valid cPanel database, database username, and address. Here, neither the database name nor the database username would be simply 'user', and if this is connecting to a database locally you would use localhost instead of the IP address.
实际输出:
<?php
$db_host = 'localhost';
$db_user = 'user';
$db_pass = 'pass';
$conn = mysql_connect('host', 'user', 'pass', 'db');
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($conn);
?>
答案 0 :(得分:1)
我认为php标签是一个红色鲱鱼:真正的问题是HTML Purifier不支持title / html / body标签,所以它做的是它提取HTML的正文部分并且只是净化它
答案 1 :(得分:-1)
我认为,数据库中的数据必须在纯化前用 htmlspecialchars()处理。
在您看来,更改
<?php echo $this->cleaner->purify($content); ?>
要
<?php echo $this->cleaner->purify(htmlspecialchars($content)); ?>
另一种解决方案是替换php标签:
$content = str_replace('<?php', '<code class="php-highlighter">', $content);
$content = str_replace('?>', '</code>', $content);
或使用CDATA转义代码
$content = str_replace('<?php', '<![CDATA[<?php', $content);
$content = str_replace('?>', '?>]]>', $content);