From 0deaf6c50c0a02dd307b797729adbaf2a973db07 Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Wed, 18 Feb 2015 00:14:28 +0100
Subject: [PATCH] use common_purify to purify HTML, one function to rule them
 all

---
 actions/apitimelineuser.php                 | 11 +----------
 lib/activityimporter.php                    | 13 +------------
 plugins/Blog/classes/Blog_entry.php         | 18 ++----------------
 plugins/OStatus/classes/Ostatus_profile.php | 15 ++-------------
 4 files changed, 6 insertions(+), 51 deletions(-)

diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php
index 26c960fa04..abc7fd6a96 100644
--- a/actions/apitimelineuser.php
+++ b/actions/apitimelineuser.php
@@ -405,7 +405,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
 
         // Get (safe!) HTML and text versions of the content
 
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
         $content = common_strip_html($rendered);
 
         $shortened = $this->auth_user->shortenLinks($content);
@@ -504,13 +504,4 @@ class ApiTimelineUserAction extends ApiBareAuthAction
 
         return $saved;
     }
-
-    function purify($content)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-        return htmLawed($content, $config);
-    }
 }
diff --git a/lib/activityimporter.php b/lib/activityimporter.php
index 4e13419ae7..5bef4cfb07 100644
--- a/lib/activityimporter.php
+++ b/lib/activityimporter.php
@@ -213,7 +213,7 @@ class ActivityImporter extends QueueHandler
 
         // Get (safe!) HTML and text versions of the content
 
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
         $content = common_strip_html($rendered);
 
         $shortened = $user->shortenLinks($content);
@@ -338,15 +338,4 @@ class ActivityImporter extends QueueHandler
 
         return array($groups, $replies);
     }
-
-
-    function purify($content)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-
-        return htmLawed($content, $config);
-    }
 }
diff --git a/plugins/Blog/classes/Blog_entry.php b/plugins/Blog/classes/Blog_entry.php
index 1f585dce4f..6b82a0fdd1 100644
--- a/plugins/Blog/classes/Blog_entry.php
+++ b/plugins/Blog/classes/Blog_entry.php
@@ -117,10 +117,10 @@ class Blog_entry extends Managed_DataObject
         $be->id         = (string) new UUID();
         $be->profile_id = $profile->id;
         $be->title      = $title; // Note: not HTML-protected
-        $be->content    = self::purify($content);
+        $be->content    = common_purify($content);
 
         if (array_key_exists('summary', $options)) {
-            $be->summary = self::purify($options['summary']);
+            $be->summary = common_purify($options['summary']);
         } else {
             // Already purified
             $be->summary = self::summarize($be->content);
@@ -241,18 +241,4 @@ class Blog_entry extends Managed_DataObject
 
         return $obj;
     }
-
-    /**
-     * Clean up input HTML
-     */
-    static function purify($html)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-        $pure = htmLawed($html, $config);
-
-        return $pure;
-    }
 }
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index 79098c6404..4be4e5112f 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -621,7 +621,7 @@ class Ostatus_profile extends Managed_DataObject
 
         // Get (safe!) HTML and text versions of the content
 
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
         $content = common_strip_html($rendered);
 
         $shortened = common_shorten_links($content);
@@ -788,7 +788,7 @@ class Ostatus_profile extends Managed_DataObject
 
         // Get (safe!) HTML and text versions of the content
 
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
         $content = common_strip_html($rendered);
 
         $shortened = common_shorten_links($content);
@@ -914,17 +914,6 @@ class Ostatus_profile extends Managed_DataObject
         return $saved;
     }
 
-    /**
-     * Clean up HTML
-     */
-    protected function purify($html)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-        return htmLawed($html, $config);
-    }
-
     /**
      * Filters a list of recipient ID URIs to just those for local delivery.
      * @param Profile local profile of sender