forked from GNUsocial/gnu-social
81ea0f8117
HTMLPurifier defangs arbitrary submitted HTML. We're using it in the OStatus plugin, but it may be valuable for other parts of the codebase (I think OEmbed might benefit, for example).
43 lines
1.1 KiB
PHP
43 lines
1.1 KiB
PHP
<?php
|
|
|
|
// must be called POST validation
|
|
|
|
/**
|
|
* Transform that supplies default values for the src and alt attributes
|
|
* in img tags, as well as prevents the img tag from being removed
|
|
* because of a missing alt tag. This needs to be registered as both
|
|
* a pre and post attribute transform.
|
|
*/
|
|
class HTMLPurifier_AttrTransform_ImgRequired extends HTMLPurifier_AttrTransform
|
|
{
|
|
|
|
public function transform($attr, $config, $context) {
|
|
|
|
$src = true;
|
|
if (!isset($attr['src'])) {
|
|
if ($config->get('Core.RemoveInvalidImg')) return $attr;
|
|
$attr['src'] = $config->get('Attr.DefaultInvalidImage');
|
|
$src = false;
|
|
}
|
|
|
|
if (!isset($attr['alt'])) {
|
|
if ($src) {
|
|
$alt = $config->get('Attr.DefaultImageAlt');
|
|
if ($alt === null) {
|
|
$attr['alt'] = basename($attr['src']);
|
|
} else {
|
|
$attr['alt'] = $alt;
|
|
}
|
|
} else {
|
|
$attr['alt'] = $config->get('Attr.DefaultInvalidImageAlt');
|
|
}
|
|
}
|
|
|
|
return $attr;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// vim: et sw=4 sts=4
|