From 68b3de5b371e9435b2fcd20887f278a86c2d7488 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 15 Sep 2016 23:23:10 +0200
Subject: [PATCH] NEW ckeditor accept a parameter to disable all html filtering

---
 htdocs/core/class/doleditor.class.php | 17 +++++++++++------
 htdocs/websites/index.php             |  2 +-
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/htdocs/core/class/doleditor.class.php b/htdocs/core/class/doleditor.class.php
index 3bfcf9b781e..bca9555f379 100644
--- a/htdocs/core/class/doleditor.class.php
+++ b/htdocs/core/class/doleditor.class.php
@@ -140,21 +140,25 @@ class DolEditor
      *	Output edit area inside the HTML stream.
      *	Output depends on this->tool (fckeditor, ckeditor, textarea, ...)
      *
-     *  @param	int		$noprint    1=Return HTML string instead of printing it to output
-     *  @param	string	$morejs		Add more js. For example: ".on( \'saveSnapshot\', function(e) { alert(\'ee\'); });"
+     *  @param	int		$noprint             1=Return HTML string instead of printing it to output
+     *  @param	string	$morejs		         Add more js. For example: ".on( \'saveSnapshot\', function(e) { alert(\'ee\'); });"
+     *  @param  boolean $disallowAnyContent  Disallow to use any content. true=restrict to a predefined list of allowed elements.
      *  @return	void|string
      */
-    function Create($noprint=0,$morejs='')
+    function Create($noprint=0,$morejs='',$disallowAnyContent=true)
     {
     	global $conf,$langs;
 
     	$fullpage=False;
-    	$disallowAnyContent=empty($conf->global->FCKEDITOR_ALLOW_ANY_CONTENT); // Only predefined list of html tags are allowed
-    	
+    	if (isset($conf->global->FCKEDITOR_ALLOW_ANY_CONTENT))
+    	{
+    	   $disallowAnyContent=empty($conf->global->FCKEDITOR_ALLOW_ANY_CONTENT);      // Only predefined list of html tags are allowed
+    	}
+
     	$found=0;
 		$out='';
 
-        if ($this->tool == 'fckeditor')
+        if ($this->tool == 'fckeditor') // not used anymore
         {
             $found=1;
             $this->editor->Create();
@@ -179,6 +183,7 @@ class DolEditor
 
             	$htmlencode_force=preg_match('/_encoded$/',$this->toolbarname)?'true':'false';
 
+            	$out.= '<!-- Output ckeditor $disallowAnyContent='.$disallowAnyContent.' toolbarname='.$this->toolbarname.' -->'."\n";
             	$out.= '<script type="text/javascript">
             			$(document).ready(function () {
                             /* if (CKEDITOR.loadFullCore) CKEDITOR.loadFullCore(); */
diff --git a/htdocs/websites/index.php b/htdocs/websites/index.php
index 4cb10ed0de6..fce7a96bc30 100644
--- a/htdocs/websites/index.php
+++ b/htdocs/websites/index.php
@@ -904,7 +904,7 @@ if ($action == 'editcontent')
     
     require_once DOL_DOCUMENT_ROOT.'/core/class/doleditor.class.php';
     $doleditor=new DolEditor('PAGE_CONTENT',$contentforedit,'',500,'Full','',true,true,true,5,60);
-    $doleditor->Create();
+    $doleditor->Create(0, '', false);
 }
 
 print '</div></form>';
-- 
GitLab