mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2025-12-16 06:55:57 +00:00
replace htmlpurifier with htmlawed
This commit is contained in:
Andrew Dolgov
@@ -111,8 +111,7 @@
|
||||
ini_set('user_agent', SELF_USER_AGENT);
|
||||
|
||||
require_once 'lib/pubsubhubbub/publisher.php';
|
||||
|
||||
$purifier = false;
|
||||
require_once 'lib/htmLawed.php';
|
||||
|
||||
$tz_offset = -1;
|
||||
$utc_tz = new DateTimeZone('UTC');
|
||||
@@ -2688,36 +2687,12 @@
|
||||
}
|
||||
|
||||
function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
|
||||
global $purifier;
|
||||
|
||||
if (!$owner) $owner = $_SESSION["uid"];
|
||||
|
||||
$res = trim($str); if (!$res) return '';
|
||||
|
||||
// create global Purifier object if needed
|
||||
if (!$purifier) {
|
||||
require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php';
|
||||
|
||||
$config = HTMLPurifier_Config::createDefault();
|
||||
|
||||
$allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]";
|
||||
|
||||
$config->set('HTML.SafeObject', true);
|
||||
@$config->set('HTML', 'Allowed', $allowed);
|
||||
$config->set('Output.FlashCompat', true);
|
||||
$config->set('Attr.EnableID', true);
|
||||
if (!defined('MOBILE_VERSION')) {
|
||||
@$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier");
|
||||
} else {
|
||||
@$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier");
|
||||
}
|
||||
|
||||
$config->set('Filter.YouTube', true);
|
||||
|
||||
$purifier = new HTMLPurifier($config);
|
||||
}
|
||||
|
||||
$res = $purifier->purify($res);
|
||||
$config = array('safe' => 1, 'deny_attribute' => 'style');
|
||||
$res = htmLawed($res, $config);
|
||||
|
||||
if (get_pref($link, "STRIP_IMAGES", $owner)) {
|
||||
$res = preg_replace('/<img[^>]+>/is', '', $res);
|
||||
|
||||
Reference in New Issue
Block a user