Enano CMS (1.1.x): comparison includes/render.php

equal deleted inserted replaced

-:71cb87b7dc3f
+:d42d46e13b36
 * Preprocesses an HTML text string prior to being sent to MySQL.
 * @param string $text
 * @param bool $strip_all_php - if true, strips all PHP regardless of user permissions. Else, strips PHP only if user level < USER_LEVEL_ADMIN. Defaults to true.
 * @param bool $sqlescape - if true, sends text through $db->escape(). Otherwise returns unescaped text. Defaults to true.
 * @param bool $reduceheadings - if true, finds HTML headings and replaces them with wikitext. Else, does not touch headings. Defaults to true.
-*/
+* @param Session_ACLPageInfo Optional permissions instance to check against, $session is used if not provided
-public static function preprocess_text($text, $strip_all_php = true, $sqlescape = true, $reduceheadings = true)
+*/
+public static function preprocess_text($text, $strip_all_php = true, $sqlescape = true, $reduceheadings = true, $perms = false)
 {
 global $db, $session, $paths, $template, $plugins; // Common objects
 $random_id = md5( time() . mt_rand() );
 $code = $plugins->setHook('render_sanitize_pre');
 foreach ( $code as $cmd )
 {
 eval($cmd);
 }
-$can_do_php = ( !$strip_all_php && $session->get_permissions('php_in_pages') );
+if ( !is_object($perms) )
-$can_do_html = $session->check_acl_scope('html_in_pages', $paths->namespace) && $session->get_permissions('html_in_pages');
+{
+$namespace = $paths->namespace;
+$perms =& $session;
+}
+else
+{
+$namespace = $perms->namespace;
+}
+$can_do_php = ( !$strip_all_php && $perms->get_permissions('php_in_pages') );
+$can_do_html = $session->check_acl_scope('html_in_pages', $namespace) && $perms->get_permissions('html_in_pages');
 if ( $can_do_html && !$can_do_php )
 {
 $text = preg_replace('#<(\?|\?php|%)(.*?)(\?|%)>#is', '&lt;\\1\\2\\3&gt;', $text);
 }

changeset 1171	d42d46e13b36
parent 1157	e154e8176700
child 1216	4125e19d3b27