switch ($this->attachment->mimetype) {
case 'text/plain':
$this->element('div', ['class'=>'e-content plaintext'], file_get_contents($this->attachment->getPath()));
+ break;
case 'text/html':
if (!empty($this->attachment->filename)
&& (GNUsocial::isAjax() || common_config('attachments', 'show_html'))) {
*/
protected function scrubHtmlFile(File $attachment)
{
- $path = File::path($attachment->filename);
- if (!file_exists($path) || !is_readable($path)) {
- common_log(LOG_ERR, "Missing local HTML attachment $path");
- return false;
- }
+ $path = $attachment->getPath();
$raw = file_get_contents($path);
// Normalize...
$body = preg_replace('/^.*<body[^>]*>/is', '', $body);
$body = preg_replace('/<\/body[^>]*>.*$/is', '', $body);
- require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
- $config = array('safe' => 1,
- 'deny_attribute' => 'id,style,on*',
- 'comment' => 1); // remove comments
- $scrubbed = htmLawed($body, $config);
-
- return $scrubbed;
+ require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
+ $purifier = new HTMLPurifier();
+ return $purifier->purify($body);
}
/**