Added support for basic HTML (+ Textile) formating and a WYSIWYG editor.

admin/bm.php

 		if (!get_magic_quotes_gpc()) {	
 			$_POST["title"] = addslashes($_POST["title"]);
 			$_POST["description"] = addslashes($_POST["description"]);
-		}	
+		}
+		
+		$textile = new Textile();
 		
-		$_POST["title"] = strip_tags($_POST["title"]);
-		$_POST["description"] = strip_tags($_POST["description"]);
+		$_POST["title"] = $textile->TextileThis(removeBadTags($_POST["title"]));
+		$_POST["description"] = $textile->TextileThis(removeBadTags($_POST["description"]));
 		
 		if ($tumble->addPost($_POST)) {
-			//header("Location: ".$conf->urlGelato."/admin/index.php?added=true");
-			//die();
 			$input = array("{type}");
 			$output = array("1");
 			

admin/comments.php

 	
 if(isset($_POST["btnAdd"]))	{		
 	unset($_POST["btnAdd"]);
-	$_POST["username"] = strip_tags($_POST["username"]);
-	$_POST["email"] = strip_tags($_POST["email"]);	
-	$_POST["web"] = strip_tags($_POST["web"]);
+	
+	$textile = new Textile();
+	
+	$_POST["username"] = $textile->TextileThis(removeBadTags($_POST["username"]));
+	$_POST["email"] = $textile->TextileThis(removeBadTags($_POST["email"]));
+	$_POST["web"] = $textile->TextileThis(removeBadTags($_POST["web"]));
 		
 	if (isset($_POST["id_comment"])) {
 		if ($isAdmin) {

admin/index.php

 		if (!get_magic_quotes_gpc()) {	
 			$_POST["title"] = addslashes($_POST["title"]);
 			$_POST["description"] = addslashes($_POST["description"]);
-		}	
+		}		
 		
-		$_POST["title"] = strip_tags($_POST["title"]);
-		$_POST["description"] = strip_tags($_POST["description"]);
+		$textile = new Textile();
 		
+		$_POST["title"] = $textile->TextileThis(removeBadTags($_POST["title"]));
+		$_POST["description"] = $textile->TextileThis(removeBadTags($_POST["description"]));
 		
 		if (isset($_POST["id_post"])) {
 			$tumble->modifyPost($_POST, $_POST["id_post"]);
 		Lightbox.fileLoadingImage = "css/images/loading.gif";
 		Lightbox.fileBottomNavCloseImage = "css/images/closelabel.gif";		
 		</script>
+<?php
+		if($conf->richText) {
+?>
+        	<script src="<?php echo $conf->urlGelato;?>/admin/scripts/nicEdit.js" type="text/javascript"></script>
+			<script type="text/javascript">
+                 bkLib.onDomLoaded(nicEditors.allTextAreas);
+            </script>
+<?php
+		}
+?>
 		<style type="text/css" media="screen">	
 			@import "<?php echo $conf->urlGelato;?>/admin/css/style.css";
 			@import "<?php echo $conf->urlGelato;?>/admin/css/lightbox.css";
 					if ($tumble->contarRegistros()>0) {				
 						while($register = mysql_fetch_array($rs)) {			
 							$formatedDate = gmdate("M d", strtotime($register["date"])+transform_offset($conf->offsetTime));
-							$permalink = $conf->urlGelato."/index.php/post/".$register["id_post"]."/";							
-							
-							$textile = new Textile();				
-							$register["description"] = $textile->TextileThis($register["description"]);
+							$permalink = $conf->urlGelato."/index.php/post/".$register["id_post"]."/";
 							
 							$register["title"] = stripslashes($register["title"]);
 							$register["description"] = stripslashes($register["description"]);

api.php

 <?php
 	header("Content-type: text/xml; charset=utf-8");	
 	
-	require(dirname(__FILE__)."/config.php");
-	include("classes/configuration.class.php");
-	include("classes/gelato.class.php");
-	include("classes/textile.class.php");
 	$isFeed = true;
 	$tumble = new gelato();
 	$conf = new configuration();
 	
 	if (isset($_GET["action"]) && $_GET["action"] == "read") {
 		if (isset($_GET["start"])) { $start = $_GET["start"]; } else { $start = 0; }
-		if (isset($_GET["num"])) { $num = $_GET["num"]; } else { $num = 20; }
-		if (isset($_GET["type"])) { $type = $_GET["type"]; } else { $type = null; }
-		if ($num > 50) { $num = 50; }		
+		if (isset($_GET["total"])) { $total = $_GET["total"]; } else { $total = 20; }
+		if (isset($_GET["type"])) { $hasType = true; } else { $hasType = false; }
+		if ($total > 50) { $total = 50; }		
 ?>		
 		<tumblelog name="<?php echo $_SESSION["user_login"];?>" timezone="<?php echo $conf->offsetCity;?>" title="<?php echo $conf->title;?>"><?php echo $conf->description;?></tumblelog>	
 
 <?php
-		switch ($type) {
+		switch ($hasType) {
 			case "post":
 				$_GET["type"] = "1";
 				break;
 				$_GET["type"] = "7";
 				break;								
 		}
-		$rs = $tumble->getPosts($num, $start);
+		$rs = $tumble->getPosts($total, $start);
 		if ($tumble->contarRegistros()>0) {
 ?>
-			<posts start="<?php echo $start; ?>" total="<?php echo $num; ?>">
-<?php/*
+			<posts start="<?php echo $start; ?>" total="<?php echo $total; ?>">
+<?php 
 			while($register = mysql_fetch_array($rs)) {
-				
-				$textile = new Textile();				
-				$register["description"] = $textile->TextileThis($register["description"]);
+				$desc = $register["description"];
+				$url = $conf->urlGelato."/index.php?post=".$register["id_post"];
+				$formatedDate = gmdate("D, d M Y H:i:s", strtotime($register["date"])+transform_offset($conf->offsetTime));
 				
 				switch ($register["type"]) {
 					case "1":
-						$tit = ($register["title"]=="") ? strip_tags($register["description"]) : $register["title"];
-						$desc = $register["description"];
+
+						$tit = ($register["title"]=="") ? $register["description"] : $register["title"];
+?>
+						
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="regular" date="<?php echo $formatedDate;?>">
+							<regular-title><?php echo $tit;?></regular-title>
+							<regular-body><?php echo $desc;?></regular-body>
+						</post>
+<?php						
 						break;
 					case "2":
-						$tit = ($register["description"]=="") ? "Photo" : strip_tags($register["description"]);
-						$desc = "<img src=\"".$register["url"]."\"/>";
+						$tit = ($register["description"]=="") ? "Photo" : $register["description"];
+?>
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="photo" date="<?php echo $formatedDate;?>">
+<?php
+							$photoPath = str_replace("../", $conf->urlGelato."/", $register["url"]);
+?>
+                            <photo-caption><?php echo $tit;?></photo-caption>
+                            <photo-url><?php echo $photoPath;?></photo-url>                            
+                        </post>
+<?php
 						break;
-					case "3":
-						$tit = "\"".strip_tags($register["description"])."\"";
-						$tmpStr = ($register["title"]!="") ? "<br /><br /> - <em>".$register["title"]."</em>" : "";
-						$desc = "\"".$register["description"]."\"".$tmpStr;
+					case "3":						
+?>
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="quote" date="<?php echo $formatedDate;?>">
+							<quote-text><?php echo $desc; ?></quote-text>
+							<quote-source><?php echo $register["title"]; ?></quote-source>
+						</post>
+<?php
 						break;
 					case "4":
 						$tit = ($register["title"]=="") ? $register["url"] : $register["title"];
-						$tmpStr = ($register["description"]!="") ? "<br /><br /> - <em>".$register["description"]."</em>" : "";
-						$desc = "<a href=\"".$register["url"]."\">".$tit."</a>".$tmpStr;
+?>
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="link" date="<?php echo $formatedDate;?>">
+                            <link-text><?php echo $tit; ?></link-text>
+                            <link-url><?php echo $register["url"]; ?></link-url>
+                        </post>
+<?php
 						break;
 					case "5":
 						$lines = explode("\n", $register["description"]);
 						$line = $lines[0];
 						$tit = ($register["title"]=="") ? $line : $register["title"];
 						$desc = $tumble->formatConversation($register["description"]);
+?>
+						<post id="<?php echo $register["id_post"]; ?>" url="<?php echo $url;?>" type="conversation" date="<?php echo $formatedDate;?>">
+                            <conversation-title><?php echo $tit; ?></conversation-title>
+                            <conversation-text><?php echo $register["description"]; ?></conversation-text>
+                            <?php echo $tumble->formatApiConversation($register["description"]); ?>
+                        </post>
+<?php
 						break;
+/*
 					case "6":
-						$tit = ($register["description"]=="") ? "Video" : strip_tags($register["description"]);
+						$tit = ($register["description"]=="") ? "Video" : $register["description"];
 						$desc = $tumble->getVideoPlayer($register["url"]);
 						break;
 					case "7":
-						$tit = ($register["description"]=="") ? "MP3" : strip_tags($register["description"]);
+						$tit = ($register["description"]=="") ? "MP3" : $register["description"];
 						$desc = $tumble->getMp3Player($register["url"]);
 						break;
+*/
 				}
 				$url = $conf->urlGelato."/index.php/post/".$register["id_post"]."/";
-				$formatedDate = gmdate("D, d M Y H:i:s \G\M\T", strtotime($register["date"])+transform_offset($conf->offsetTime));
-?>
-
-				<item>
-					<title><?php echo $tit;?></title>
-					<description><![CDATA[<?php echo $desc;?>]]></description>
-					<link><?php echo $url;?></link>
-					<guid isPermaLink="true"><?php echo $conf->urlGelato."/index.php/post/".$register["id_post"]."/";?></guid>				
-					<pubDate><?php echo $formatedDate;?></pubDate>				
-				</item>
-
-<?php	
+				$formatedDate = gmdate("D, d M Y H:i:s", strtotime($register["date"])+transform_offset($conf->offsetTime));
 			}		
-*/?>
+ 
+?>
 				</posts>
 <?php	
 		}

classes/functions.php

 	}
 	
 	function codeName() {
-		return "cioccolato RC1";
+		return "vaniglia RC1";
 	}
 	
 	function beginsWith($str, $sub) {
 	    }
 	    return $value;
 	}
+	
+	function removeBadTags($source) {
+		$validTags ='<p><ul><li><a><abbr><acronym><blockquote><code><pre><em><i><strike><s><strong><b><br><span><div><img>';
+		$source = strip_tags($source, $validTags);
+		return preg_replace('/<(.*?)>/ie', "'<'.removeBadAtributes('\\1').'>'", $source);
+	}
+	
+	function removeBadAtributes($sourceTag)
+	{
+		$badAtributes = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|onmousemove|onmouseout|onkeypress|onkeydown|onkeyup|class';
+		$sourceTag = stripslashes($sourceTag);
+		$sourceTag = preg_replace("/$badAtributes/i", "niceTry", $sourceTag);
+		return $sourceTag;
+	}
 ?>

classes/gelato.class.php

 		return $formatedText;
 	}
 	
+	function formatApiConversation($text) {
+		$formatedText = "";
+		
+		$lines = explode("\n", $text);
+		
+		foreach ($lines as $line) {
+			$pos = strpos($line, ":") + 1;
+			
+			$name = substr($line, 0, $pos-1);
+			$label = substr($line, 0, $pos);
+			$desc = substr($line, $pos, strlen($line));
+			
+			$formatedText .= "<conversation-line name=\"".$name."\" label=\"".$label."\">".$desc."</conversation-line>\n";
+		}
+		
+		return $formatedText;
+	}
+	
 	function saveMP3($remoteFileName) {
 		if (getMP3File($remoteFileName)) {
 			return true;

classes/mysql_connection.class.php

 		  
 		 $cols .= "$llave,"; 
 		 
-		 $valor = htmlspecialchars($valor,ENT_QUOTES);
-		 
 		 $tipo_col = $this->obtenerTipoCampo($tabla, $llave);  // obtiene el tipo de campo
 		 if (!$tipo_col) return false;  // error!
 		 
 		foreach ($datos as $llave=>$valor) {
 			$sql .= " $llave=";
 			
-			$valor = htmlspecialchars($valor,ENT_QUOTES);
-			
 			$tipo_col = $this->obtenerTipoCampo($tabla, $llave);  // obtiene el tipo de campo
 			if (!$tipo_col) return false;  // error!
 			

index.php

                                 
 								$conversation = $register["description"];
 								
-								$textile = new Textile();				
-								$register["description"] = $textile->TextileThis($register["description"]);
+								$register["description"] = $register["description"];
 
                                 $register["title"] = stripslashes($register["title"]);
                                 $register["description"] = stripslashes($register["description"]);
                 
 				$conversation = $register["description"];
 				
-				$textile = new Textile();				
-				$register["description"] = $textile->TextileThis($register["description"]);
+				$register["description"] = $register["description"];
 				
 				$register["title"] = stripslashes($register["title"]);
                 $register["description"] = stripslashes($register["description"]);
 					$template->precargarPlantillaConBloque($input, $output, "template_comments", "comments");
 
 					while($rowComment = mysql_fetch_assoc($rsComments)) {
-						/*echo "<pre>";
-						print_r($rowComment);
-						echo "</pre>";*/
 						$commentAuthor = ($rowComment["web"]=="") ? $rowComment["username"] : "<a href=\"".$rowComment["web"]."\" rel=\"external\">".$rowComment["username"]."</a>";
 						$input = array("{Id_Comment}", "{Comment_Author}", "{Date}", "{Comment}");
 						$output = array($rowComment["id_comment"], $commentAuthor, gmdate("d.m.y", strtotime($rowComment["comment_date"])+transform_offset($conf->offsetTime)), $rowComment["content"]);

notice.txt

 == CREDITS==
-Gelato developers and designers (in chronological order):
+gelato CMS developers and designers (in chronological order):
 
 Pedro Santana [ http://www.pecesama.net/weblog/ ]
 Jorge Condomi [ http://www.raven.com.ar/ ]
 = COPYRIGHT NOTICES =
 This product includes code and libraries developed by third parties, which are governed by different licenses.  These components, and their licenses, are listed below.
 
+= NicEdit - Micro Inline WYSIWYG =
+Copyright 2007 Brian Kirchoff, http://nicedit.com/
+NicEdit available under MIT license.
+
 = jQuery =
 Copyright (c) 2007 John Resig, http://jquery.com
 jQuery is available under a dual licensed the MIT and GPL licenses.

rss.php

 
 <?php
 	include("classes/gelato.class.php");
-	include("classes/textile.class.php");
 	$tumble = new gelato();
 	$rs = $tumble->getPosts("20");
 	if ($tumble->contarRegistros()>0) {		
 
 		while($register = mysql_fetch_array($rs)) {
-			$textile = new Textile();				
-			$register["description"] = $textile->TextileThis($register["description"]);
+			$register["description"] = $register["description"];
 			
 			switch ($register["type"]) {
 				case "1":
-					$tit = ($register["title"]=="") ? strip_tags($register["description"]) : $register["title"];
+					$tit = ($register["title"]=="") ? $register["description"] : $register["title"];
 					$desc = $register["description"];
 					break;
 				case "2":
 					$photoPath = str_replace("../", $conf->urlGelato."/", $register["url"]);
-					$tit = ($register["description"]=="") ? "Photo" : strip_tags($register["description"]);
+					$tit = ($register["description"]=="") ? "Photo" : $register["description"];
 					$desc = "<img src=\"".$photoPath."\"/>";
 					break;
 				case "3":
-					$tit = "\"".strip_tags($register["description"])."\"";
+					$tit = "\"".$register["description"]."\"";
 					$tmpStr = ($register["title"]!="") ? "<br /><br /> - <em>".$register["title"]."</em>" : "";
 					$desc = "\"".$register["description"]."\"".$tmpStr;
 					break;
 					$desc = $tumble->formatConversation($register["description"]);
 					break;
 				case "6":
-					$tit = ($register["description"]=="") ? "Video" : strip_tags($register["description"]);
+					$tit = ($register["description"]=="") ? "Video" : $register["description"];
 					$desc = $tumble->getVideoPlayer($register["url"]);
 					break;
 				case "7":
-					$tit = ($register["description"]=="") ? "MP3" : strip_tags($register["description"]);
+					$tit = ($register["description"]=="") ? "MP3" : $register["description"];
 					$desc = $tumble->getMp3Player($register["url"]);
 					break;
 			}
-			$tit = htmlspecialchars($tit);
-			$url = htmlspecialchars($url);
+			$tit = strip_tags($tit);
+			//$url = htmlspecialchars($url);
 			$strEnd=($conf->urlFriendly) ? "/" : "";
 			$url = $conf->urlGelato.($conf->urlFriendly?"/post/":"/index.php?post=").$register["id_post"].$strEnd;
 			$formatedDate = gmdate("r", strtotime($register["date"])+transform_offset($conf->offsetTime));