Patch to use sfXssSafePlugin with symfony 1.2

Posted on by Kévin Dunglas

HTML Purifier is a awesome PHP filter library designed to secure and add standard compliance to HTML. In websites including user generated content, this library allow to have mutlimedia pages including image, text formating and YouTube videos in a secure and SEO proof way thanks to rich text editors like Tiny MCE or FCK Editor and HTML purifier.

A plugin called sfXssSafePlugin is designed to integrate this library as an escapement strategy in symfony. If you have tried it with symfony 1.2 you can see this message:

HTML Purifier autoloader registrar is not compatible
with non-static object methods due to PHP Bug #44144;
Please do not use HTMLPurifier.autoload.php (or any
file that includes this file); instead, place the code:
spl_autoload_register(array(‘HTMLPurifier_Bootstrap’, ‘autoload’))
after your own autoloaders.

There are also some strict standards and constants compatibility problems. I’ve just wrote a patch to get this plugin working with symfony 1.2.

  1. Install sfXssSafePlugin like described in its README file
  2. Download my patch in the plugin’s folder
  3. Go into the plugin’s folder and run patch lib/helper/XssSafeHelper.php < XssSafeHelper.php.patch
  4. Edit your application configuration file (ie: apps/frontend/config/frontendConfiguration.class.php) and add the following code into the configure() method: 
    require_once(sfConfig::get('sf_plugins_dir').'/sfXssSafePlugin/lib/vendor/htmlpurifier/HTMLPurifier/Bootstrap.php');
spl_autoload_register(array('HTMLPurifier_Bootstrap', 'autoload'));

It’s done ! I’ve submitted this patch to the plugin’s author. I hope it will be upstream soon 🙂

Related posts:

  1. Tag Suggestion for symfony
  2. DunglasTorControlBundle, TorControl Symfony integration
  3. API Platform 2.5: revamped Admin, new API testing tool, Next.js and Quasar app generators, PATCH and JSON Schema support, improved OpenAPI and GraphQL support
  4. DunglasAngularCsrfBundle: protect your Symfony / AngularJS apps against CSRF attacks

8 thoughts on “Patch to use sfXssSafePlugin with symfony 1.2

  1. Good evening, Dear editor!

    My name is Alexandra i live in United States and I am Analyst.

    You wrote a excellent issue, I am added it to my Browser rss feed reader.

    piece of your topic interesting for my website members.

    I want post your article to my site.

    Can i to do that, if I add a url to your popular personal blog ?

    I found your good text in the google ..

    Looks like your finest wordpress blog have two millions users at your very good blog now, interesting success for every journalist.

    Reply
  3. Pingback: Daily Digest for 2009-02-02 | Pedro Trindade

  7. I enjoy you because of every one of your labor on this blog. My niece delights in carrying out research and it is easy to understand why. All of us notice all relating to the compelling means you create insightful solutions on your website and as well improve contribution from some others about this area of interest then our own simple princess has always been starting to learn so much. Take pleasure in the remaining portion of the year. You’re the one carrying out a stunning job.

    Reply

Leave a Reply