README 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546
  1. HTML Purifier Phorum Mod - Filter your HTML the Standards-Compliant Way!
  2. This Phorum mod enables HTML posting on Phorum. Under normal circumstances,
  3. this would cause a huge security risk, but because we are running
  4. HTML through HTML Purifier, output is guaranteed to be XSS free and
  5. standards-compliant.
  6. This mod requires HTML input, and previous markup languages need to be
  7. converted accordingly. Thus, it is vital that you create a 'migrate.php'
  8. file that works with your installation. If you're using the built-in
  9. BBCode formatting, simply move migrate.bbcode.php to that place; for
  10. other markup languages, consult said file for instructions on how
  11. to adapt it to your needs.
  12. -- NOTE -------------------------------------------------
  13. You can also run this module in parallel with another
  14. formatting module; this module attempts to place itself
  15. at the end of the filtering chain. However, if any
  16. previous modules produce insecure HTML (for instance,
  17. a JavaScript email obfuscator) they will get cleaned.
  18. This module will not work if 'migrate.php' is not created, and an improperly
  19. made migration file may *CORRUPT* Phorum, so please take your time to
  20. do this correctly. It should go without saying to *BACKUP YOUR DATABASE*
  21. before attempting anything here. If no migration is necessary, you can
  22. simply create a blank migrate.php file. HTML Purifier is smart and will
  23. not re-migrate already processed messages. However, the original code
  24. is irretrievably lost (we may change this in the future.)
  25. This module will not automatically migrate user signatures, because this
  26. process may take a long time. After installing the HTML Purifier module and
  27. then configuring 'migrate.php', navigate to Settings and click 'Migrate
  28. Signatures' to migrate all user signatures to HTML.
  29. All of HTML Purifier's usual functions are configurable via the mod settings
  30. page. If you require custom configuration, create config.php file in
  31. the mod directory that edits a $config variable. Be sure, also, to
  32. set $PHORUM['mod_htmlpurifier']['wysiwyg'] to TRUE if you are using a
  33. WYSIWYG editor (you can do this through a common hook or the web
  34. configuration form).
  35. Visit HTML Purifier at <http://htmlpurifier.org/>.
  36. vim: et sw=4 sts=4