diff --git a/admin/themes/default/css/default.css b/admin/themes/default/css/default.css
index 3ad127ab..99ee389d 100644
--- a/admin/themes/default/css/default.css
+++ b/admin/themes/default/css/default.css
@@ -169,6 +169,7 @@ div.pluginBox {
box-sizing: border-box;
padding: 20px;
width: 70%;
+ margin-bottom: 20px;
}
div.pluginBox p {
diff --git a/admin/views/edit-page.php b/admin/views/edit-page.php
index a04858f3..aceed016 100644
--- a/admin/views/edit-page.php
+++ b/admin/views/edit-page.php
@@ -11,7 +11,7 @@
Content HTML and Markdown code supported.
-
+
vars['content'] = $implode;
// Sanitize content.
- $this->vars['content'] = Sanitize::html($implode);
+ //$this->vars['content'] = Sanitize::html($implode);
}
}
diff --git a/kernel/helpers/sanitize.class.php b/kernel/helpers/sanitize.class.php
index 2beb9e13..510c90e0 100644
--- a/kernel/helpers/sanitize.class.php
+++ b/kernel/helpers/sanitize.class.php
@@ -3,6 +3,8 @@
class Sanitize {
// new
+
+ // Convert special characters to HTML entities
public static function html($text)
{
$flags = ENT_COMPAT;
@@ -14,6 +16,18 @@ class Sanitize {
return htmlspecialchars($text, $flags, CHARSET);
}
+ // Convert special HTML entities back to characters
+ public static function htmlDecode($text)
+ {
+ $flags = ENT_COMPAT;
+
+ if(defined('ENT_HTML5')) {
+ $flags = ENT_COMPAT|ENT_HTML5;
+ }
+
+ return htmlspecialchars_decode($text, $flags);
+ }
+
public static function pathFile($path, $file)
{
$real = realpath($path.$file);
diff --git a/kernel/page.class.php b/kernel/page.class.php
index 8115a307..c638387f 100644
--- a/kernel/page.class.php
+++ b/kernel/page.class.php
@@ -16,14 +16,31 @@ class Page extends fileContent
}
// Returns the post content.
- public function content()
+ // This content is markdown parser.
+ public function content($html=true)
{
- return $this->getField('content');
+ // This content is not sanitized.
+ $content = $this->getField('content');
+
+ if($html) {
+ return $content;
+ }
+
+ return Sanitize::html($content);
}
- public function contentRaw()
+ // Returns the post content.
+ // This content is not markdown parser.
+ public function contentRaw($html=true)
{
- return $this->getField('contentRaw');
+ // This content is not sanitized.
+ $contentRaw = $this->getField('contentRaw');
+
+ if($html) {
+ return $contentRaw;
+ }
+
+ return Sanitize::html($contentRaw);
}
public function description()
diff --git a/kernel/post.class.php b/kernel/post.class.php
index 8b785563..57bcb716 100644
--- a/kernel/post.class.php
+++ b/kernel/post.class.php
@@ -16,14 +16,31 @@ class Post extends fileContent
}
// Returns the post content.
- public function content()
+ // This content is markdown parser.
+ public function content($html=true)
{
- return $this->getField('content');
+ // This content is not sanitized.
+ $content = $this->getField('content');
+
+ if($html) {
+ return $content;
+ }
+
+ return Sanitize::html($content);
}
- public function contentRaw()
+ // Returns the post content.
+ // This content is not markdown parser.
+ public function contentRaw($html=true)
{
- return $this->getField('contentRaw');
+ // This content is not sanitized.
+ $contentRaw = $this->getField('contentRaw');
+
+ if($html) {
+ return $contentRaw;
+ }
+
+ return Sanitize::html($contentRaw);
}
public function key()
diff --git a/themes/pure/php/home.php b/themes/pure/php/home.php
index 06263eb7..b7820a16 100644
--- a/themes/pure/php/home.php
+++ b/themes/pure/php/home.php
@@ -19,4 +19,4 @@
-
+
\ No newline at end of file