remove htmlpurifier

include/functions.php

@@ -100,8 +100,6 @@
 
 	require_once 'lib/pubsubhubbub/publisher.php';
 
-	$purifier = false;
-
 	$tz_offset = -1;
 	$utc_tz = new DateTimeZone('UTC');
 	$schema_version = false;
@@ -2621,36 +2619,17 @@
 	}
 
 	function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
-		global $purifier;
-
 		if (!$owner) $owner = $_SESSION["uid"];
 
 		$res = trim($str); if (!$res) return '';
 
-		// create global Purifier object if needed
-		if (!$purifier) {
-			require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php';
+		// TODO implement better HTML tag stripping and XSS protection
 
-			$config = HTMLPurifier_Config::createDefault();
-
-			$allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]";
-
-			$config->set('HTML.SafeObject', true);
-			@$config->set('HTML', 'Allowed', $allowed);
-			$config->set('Output.FlashCompat', true);
-			$config->set('Attr.EnableID', true);
-			if (!defined('MOBILE_VERSION')) {
-				@$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier");
-			} else {
-				@$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier");
-			}
-
-			$config->set('Filter.YouTube', true);
-
-			$purifier = new HTMLPurifier($config);
+		if (function_exists('filter_var')) {
+			$res = filter_var($res, FILTER_SANITIZE_STRING);
 		}
 
-		$res = $purifier->purify($res);
+		$res = strip_tags($str, "<p><a><i><em><b><strong><code><pre><blockquote><br><img><ul><ol><li><h1><h2><h3><h4><s><object><param><table><tr><td><span>");
 
 		if (get_pref($link, "STRIP_IMAGES", $owner)) {
 			$res = preg_replace('/<img[^>]+>/is', '', $res);