Bug 20083: Information disclosure when (mis)using the MARC Preview feature
[koha.git] / C4 / Scrubber.pm
blob8c9a1ccd7ceee9671e96c94d4fa20fcfc82634bd
1 package C4::Scrubber;
3 # Copyright Liblime 2008
4 # Parts copyright sys-tech.net 2011
5 # Copyright PTFS Europe 2011
7 # This file is part of Koha.
9 # Koha is free software; you can redistribute it and/or modify it
10 # under the terms of the GNU General Public License as published by
11 # the Free Software Foundation; either version 3 of the License, or
12 # (at your option) any later version.
14 # Koha is distributed in the hope that it will be useful, but
15 # WITHOUT ANY WARRANTY; without even the implied warranty of
16 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 # GNU General Public License for more details.
19 # You should have received a copy of the GNU General Public License
20 # along with Koha; if not, see <http://www.gnu.org/licenses>.
22 use strict;
23 use warnings;
24 use Carp;
25 use HTML::Scrubber;
27 use C4::Context;
28 use C4::Debug;
32 my %scrubbertypes = (
33 default => {}, # place holder, default settings are below as fallbacks in call to constructor
34 tag => {}, # uses defaults
35 comment => { allow => [qw( br b i em big small strong )], },
36 staff => {
37 default => [ 1 => { '*' => 1 } ],
38 comment => 1,
43 sub new {
44 shift; # ignore our class we are wrapper
45 my $type = (@_) ? shift : 'default';
46 if ( !exists $scrubbertypes{$type} ) {
47 croak "New called with unrecognized type '$type'";
49 $debug and carp "Building new Scrubber of type '$type'";
50 my $settings = $scrubbertypes{$type};
51 my $scrubber = HTML::Scrubber->new(
52 allow => exists $settings->{allow} ? $settings->{allow} : [],
53 rules => exists $settings->{rules} ? $settings->{rules} : [],
54 default => exists $settings->{default} ? $settings->{default} : [ 0 => { '*' => 0 } ],
55 comment => exists $settings->{comment} ? $settings->{comment} : 0,
56 process => 0,
58 return $scrubber;
63 __END__
65 =head1 C4::Sanitize
67 Standardized wrapper with settings for building HTML::Scrubber tailored to various koha inputs.
68 More verbose debugging messages are sent in the presence of non-zero $ENV{"DEBUG"}.
70 The default is to scrub everything, leaving no markup at all. This is compatible with the expectations
71 for Tags.
73 =head2 TODO: Add real perldoc
75 =cut