eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

use common_purify to purify HTML, one function to rule them all

Browse Source
This commit is contained in:
Mikael Nordfeldth 2015-02-18 00:14:28 +01:00
parent 3dce6d9f6a
commit 0deaf6c50c
4 changed files with 6 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
actions/apitimelineuser.php
View File

@ -405,7 +405,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
// Get (safe!) HTML and text versions of the content // Get (safe!) HTML and text versions of the content
$rendered = $this->purify($sourceContent); $rendered = common_purify($sourceContent);
$content = common_strip_html($rendered); $content = common_strip_html($rendered);
$shortened = $this->auth_user->shortenLinks($content); $shortened = $this->auth_user->shortenLinks($content);
@ -504,13 +504,4 @@ class ApiTimelineUserAction extends ApiBareAuthAction
return $saved; return $saved;
} }
function purify($content)
{
require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
$config = array('safe' => 1,
'deny_attribute' => 'id,style,on*');
return htmLawed($content, $config);
}
} }

13
lib/activityimporter.php
View File

@ -213,7 +213,7 @@ class ActivityImporter extends QueueHandler
// Get (safe!) HTML and text versions of the content // Get (safe!) HTML and text versions of the content
$rendered = $this->purify($sourceContent); $rendered = common_purify($sourceContent);
$content = common_strip_html($rendered); $content = common_strip_html($rendered);
$shortened = $user->shortenLinks($content); $shortened = $user->shortenLinks($content);
@ -338,15 +338,4 @@ class ActivityImporter extends QueueHandler
return array($groups, $replies); return array($groups, $replies);
} }
function purify($content)
{
require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
$config = array('safe' => 1,
'deny_attribute' => 'id,style,on*');
return htmLawed($content, $config);
}
} }

18
plugins/Blog/classes/Blog_entry.php
View File

@ -117,10 +117,10 @@ class Blog_entry extends Managed_DataObject
$be->id = (string) new UUID(); $be->id = (string) new UUID();
$be->profile_id = $profile->id; $be->profile_id = $profile->id;
$be->title = $title; // Note: not HTML-protected $be->title = $title; // Note: not HTML-protected
$be->content = self::purify($content); $be->content = common_purify($content);
if (array_key_exists('summary', $options)) { if (array_key_exists('summary', $options)) {
$be->summary = self::purify($options['summary']); $be->summary = common_purify($options['summary']);
} else { } else {
// Already purified // Already purified
$be->summary = self::summarize($be->content); $be->summary = self::summarize($be->content);
@ -241,18 +241,4 @@ class Blog_entry extends Managed_DataObject
return $obj; return $obj;
} }
/**
* Clean up input HTML
*/
static function purify($html)
{
require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
$config = array('safe' => 1,
'deny_attribute' => 'id,style,on*');
$pure = htmLawed($html, $config);
return $pure;
}
} }

15
plugins/OStatus/classes/Ostatus_profile.php
View File

@ -621,7 +621,7 @@ class Ostatus_profile extends Managed_DataObject
// Get (safe!) HTML and text versions of the content // Get (safe!) HTML and text versions of the content
$rendered = $this->purify($sourceContent); $rendered = common_purify($sourceContent);
$content = common_strip_html($rendered); $content = common_strip_html($rendered);
$shortened = common_shorten_links($content); $shortened = common_shorten_links($content);
@ -788,7 +788,7 @@ class Ostatus_profile extends Managed_DataObject
// Get (safe!) HTML and text versions of the content // Get (safe!) HTML and text versions of the content
$rendered = $this->purify($sourceContent); $rendered = common_purify($sourceContent);
$content = common_strip_html($rendered); $content = common_strip_html($rendered);
$shortened = common_shorten_links($content); $shortened = common_shorten_links($content);
@ -914,17 +914,6 @@ class Ostatus_profile extends Managed_DataObject
return $saved; return $saved;
} }
/**
* Clean up HTML
*/
protected function purify($html)
{
require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
$config = array('safe' => 1,
'deny_attribute' => 'id,style,on*');
return htmLawed($html, $config);
}
/** /**
* Filters a list of recipient ID URIs to just those for local delivery. * Filters a list of recipient ID URIs to just those for local delivery.
* @param Profile local profile of sender * @param Profile local profile of sender