Use HTMLPurifier from composer instead of packages #21432
Conversation
|
(Standard links)
|
CRM/Core/ClassLoader.php
Outdated
| else { | ||
| $file = dirname(__FILE__) . '/../../packages/IDS/vendors/htmlpurifier/HTMLPurifier/Bootstrap.php'; | ||
| } | ||
| $file = dirname(__FILE__) . '/../../vendor/ezyang/htmlpurifier/library/HTMLPurifier/Bootstrap.php'; |
There was a problem hiding this comment.
I'm wondering why we do this at all. Why not just rely on the composer autoloader?
CRM/Core/IDS.php
Outdated
| @@ -110,7 +110,7 @@ public static function createBaseConfig() { | |||
| 'filter_type' => 'xml', | |||
| 'filter_path' => "{$pkgs}/IDS/default_filter.xml", | |||
| 'tmp_path' => $tmpDir, | |||
| 'HTML_Purifier_Path' => $pkgs . '/IDS/vendors/htmlpurifier/HTMLPurifier.auto.php', | |||
| 'HTML_Purifier_Path' => '[civicrm.root]/vendor/ezyang/htmlpurifier/library/HTMLPurifier.auto.php', | |||
There was a problem hiding this comment.
Ditto, couldn't we just leave this blank and let the autoloader do its thing?
There was a problem hiding this comment.
@colemanw no I don't believe so because the IDS doesn't really understand things in composer land
Also this needs to use the ['civicrm.vendor'] path and also that will just print literal ['civicrm.root'] not the calculated path I believe.
There was a problem hiding this comment.
OK cool. The ['civicrm.vendor'] must be new since the last time this was attempted. I was just copying the code from there.
I don't think it will print the literal string because of this:
|
@seamuslee001 I've updated this to use |
|
I'm trying to test this out, and while I'm able to get IDS itself to trigger on bot-like urls, I can't get htmlpurifier to do anything. In particular it seems to only be used if you have and then core civi seems to compile a config but seems to be looking for ids_arguments in the menu.xml files and there aren't any that I see, and when I debug the $init config it generates it doesn't contain "html": Line 66 in 4def3d9 So then this never happens: I haven't checked for conflicts yet with the mentioned drupal module, but I'm wondering if I'm even testing this correctly. If I am doing it correctly, then if there were to be conflicts with the module, it seems like we could just remove any mention of HTMLPurifier if it's not being used anyway. |
|
Interesting indeed. Tangentially, last time @seamuslee001 and I spoke about it we wanted to try getting rid of the |
|
Did some more testing with Drupal 7, leaving IDS aside for the moment:
Would like to see how this works in drupal 8 world. Will try to check that tomorrow. |
|
It's a little difficult to test civi composer.json changes with drupal 8/9 because composer doesn't notice local changes in subpackages, so I had to kind of fake it and require it manually at the top level, so an upgrade experience might not be exactly the same but I can't think how it would be too different. On the plus side there's only one way to install the drupal htmlpurifier module with drupal 8. It all seems ok both with and without the module on both the drupal and civi sides, and doing upgrades. The IDS stuff is a mystery to me how it ever worked triggered a call to htmlpurifier. I notice universe only has ids_arguments for the civicase extensions but only for json so again it wouldn't trigger htmlpurifier there. Putting merge-ready if @seamuslee001 has any comments. |
demeritcowboy
added
the
merge ready
Overview
Switches to using composer for this library
Depends on civicrm/civicrm-packages#331
Technical Details
Last time we tried this it didn't go so well. But @seamuslee001 thinks this time it might be different.
See https://lab.civicrm.org/dev/core/issues/976
and #14277