Merge remote-tracking branch 'upstream/master' into social-master

[quix0rs-gnu-social.git] / lib / attachmentlistitem.php

diff --git a/lib/attachmentlistitem.php b/lib/attachmentlistitem.php
index 28ce9900b88392a8c0c74228ed27a52ebf337853..dc46a81fe731a2f9143f2db2a52b559a26090eec 100644 (file)
--- a/lib/attachmentlistitem.php
+++ b/lib/attachmentlistitem.php
@@ -171,6 +171,7 @@ class AttachmentListItem extends Widget
                     switch ($this->attachment->mimetype) {
                     case 'text/plain':
                         $this->element('div', ['class'=>'e-content plaintext'], file_get_contents($this->attachment->getPath()));
+                        break;
                     case 'text/html':
                         if (!empty($this->attachment->filename)
                                 && (GNUsocial::isAjax() || common_config('attachments', 'show_html'))) {
@@ -225,7 +226,7 @@ class AttachmentListItem extends Widget
             $scripts[] = $script;
         }
         foreach ($scripts as $script) {
-            common_log(LOG_DEBUG, $script->textContent);
+            common_debug($script->textContent);
             $script->parentNode->removeChild($script);
         }
 
@@ -234,13 +235,9 @@ class AttachmentListItem extends Widget
         $body = preg_replace('/^.*<body[^>]*>/is', '', $body);
         $body = preg_replace('/<\/body[^>]*>.*$/is', '', $body);
 
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*',
-                        'comment' => 1); // remove comments
-        $scrubbed = htmLawed($body, $config);
-
-        return $scrubbed;
+        require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
+        $purifier = new HTMLPurifier();
+        return $purifier->purify($body);
     }
 
     /**