diff --git a/modules/comment/comment.controller.php b/modules/comment/comment.controller.php
index 45cc35706..83c854e44 100644
--- a/modules/comment/comment.controller.php
+++ b/modules/comment/comment.controller.php
@@ -677,23 +677,26 @@ class CommentController extends Comment
}
// if use editor of nohtml, Remove HTML tags from the contents.
- if(!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
+ if (!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
{
$obj->content = EditorModel::converter($obj, 'comment');
}
// remove iframe and script if not a top administrator on the session.
- if($logged_info->is_admin != 'Y')
+ if ($logged_info->is_admin !== 'Y')
{
- $obj->content = removeHackTag($obj->content);
+ $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
+ }
+ if (config('db.master.charset') !== 'utf8mb4')
+ {
+ $obj->content = utf8_mbencode($obj->content);
}
- $obj->content = utf8_mbencode($obj->content);
+ // Set other flags.
if (isset($obj->notify_message) && $obj->notify_message !== 'Y')
{
$obj->notify_message = 'N';
}
-
if (isset($obj->is_secret) && $obj->is_secret !== 'Y')
{
$obj->is_secret = 'N';
@@ -1042,11 +1045,14 @@ class CommentController extends Comment
// remove iframe and script if not a top administrator on the session
$logged_info = Context::get('logged_info');
- if($logged_info->is_admin != 'Y')
+ if ($logged_info->is_admin !== 'Y')
{
- $obj->content = removeHackTag($obj->content);
+ $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
+ }
+ if (config('db.master.charset') !== 'utf8mb4')
+ {
+ $obj->content = utf8_mbencode($obj->content);
}
- $obj->content = utf8_mbencode($obj->content);
// begin transaction
$oDB = DB::getInstance();
diff --git a/modules/communication/communication.controller.php b/modules/communication/communication.controller.php
index 4064fb333..72ff49fa9 100644
--- a/modules/communication/communication.controller.php
+++ b/modules/communication/communication.controller.php
@@ -184,9 +184,12 @@ class CommunicationController extends communication
{
// Encode the title and content.
$title = escape($title, false);
- $content = removeHackTag($content);
- $title = utf8_mbencode($title);
- $content = utf8_mbencode($content);
+ $content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$content);
+ if (config('db.master.charset') !== 'utf8mb4')
+ {
+ $title = utf8_mbencode($title);
+ $content = utf8_mbencode($content);
+ }
$message_srl = $temp_srl ?: getNextSequence();
$related_srl = getNextSequence();
@@ -309,7 +312,7 @@ class CommunicationController extends communication
$mail_content = vsprintf('From: %s
%s
%s
%s', [
$sender->nick_name,
- utf8_mbencode(removeHackTag($content)),
+ utf8_mbencode(Rhymix\Framework\Filters\HTMLFilter::clean((string)$content)),
Context::getSiteTitle(),
$view_url, $view_url,
]);
diff --git a/modules/document/document.controller.php b/modules/document/document.controller.php
index 42e98a181..9b3cc0618 100644
--- a/modules/document/document.controller.php
+++ b/modules/document/document.controller.php
@@ -811,24 +811,31 @@ class DocumentController extends Document
}
// if use editor of nohtml, Remove HTML tags from the contents.
- if(!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
+ if (!$manual_inserted || isset($obj->allow_html) || isset($obj->use_html))
{
$obj->content = EditorModel::converter($obj, 'document');
}
// Remove iframe and script if not a top adminisrator in the session.
- if($logged_info->is_admin != 'Y')
+ if ($logged_info->is_admin !== 'Y')
{
- $obj->content = removeHackTag($obj->content);
+ $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
+ }
+
+ // Fix encoding of non-BMP UTF-8 characters.
+ if (config('db.master.charset') !== 'utf8mb4')
+ {
+ $obj->title = utf8_mbencode($obj->title);
+ $obj->content = utf8_mbencode($obj->content);
}
// An error appears if both log-in info and user name don't exist.
- if(!$logged_info->member_srl && !$obj->nick_name) return new BaseObject(-1, 'msg_invalid_request');
-
- // Fix encoding of non-BMP UTF-8 characters.
- $obj->title = utf8_mbencode($obj->title);
- $obj->content = utf8_mbencode($obj->content);
+ if (!$logged_info->member_srl && !$obj->nick_name)
+ {
+ return new BaseObject(-1, 'msg_invalid_request');
+ }
+ // Set lang_code to the current user's language
$obj->lang_code = Context::getLangType();
// begin transaction
@@ -1167,14 +1174,17 @@ class DocumentController extends Document
}
// Remove iframe and script if not a top adminisrator in the session.
- if($logged_info->is_admin != 'Y')
+ if ($logged_info->is_admin !== 'Y')
{
- $obj->content = removeHackTag($obj->content);
+ $obj->content = Rhymix\Framework\Filters\HTMLFilter::clean((string)$obj->content);
}
// Fix encoding of non-BMP UTF-8 characters.
- $obj->title = utf8_mbencode($obj->title);
- $obj->content = utf8_mbencode($obj->content);
+ if (config('db.master.charset') !== 'utf8mb4')
+ {
+ $obj->title = utf8_mbencode($obj->title);
+ $obj->content = utf8_mbencode($obj->content);
+ }
// Begin transaction
$oDB = DB::getInstance();
diff --git a/modules/document/document.view.php b/modules/document/document.view.php
index 73f6a7086..415293993 100644
--- a/modules/document/document.view.php
+++ b/modules/document/document.view.php
@@ -55,11 +55,10 @@ class DocumentView extends Document
throw new Rhymix\Framework\Exceptions\SecurityViolation;
}
- $content = Context::get('content');
-
- if(Context::get('logged_info')->is_admin != 'Y')
+ $content = (string)Context::get('content');
+ if (Context::get('logged_info')->is_admin !== 'Y')
{
- $content = removeHackTag($content);
+ $content = Rhymix\Framework\Filters\HTMLFilter::clean($content);
}
// Editor converter