use common_purify to purify HTML, one function to rule them all

author Mikael Nordfeldth <mmn@hethane.se>

Tue, 17 Feb 2015 23:14:28 +0000 (00:14 +0100)

committer Mikael Nordfeldth <mmn@hethane.se>

Tue, 17 Feb 2015 23:14:28 +0000 (00:14 +0100)
author Mikael Nordfeldth <mmn@hethane.se>
Tue, 17 Feb 2015 23:14:28 +0000 (00:14 +0100)
committer Mikael Nordfeldth <mmn@hethane.se>
Tue, 17 Feb 2015 23:14:28 +0000 (00:14 +0100)
diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php

index 26c960fa0429b9e1d176713cd4e65e60be43ddfa..abc7fd6a96a13d63c3fd2881dbda0103bbb7885f 100644 (file)
--- a/actions/apitimelineuser.php
+++ b/actions/apitimelineuser.php
@@ -405,7 +405,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
  
          // Get (safe!) HTML and text versions of the content
  
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
          $content = common_strip_html($rendered);
  
          $shortened = $this->auth_user->shortenLinks($content);
@@ -504,13 +504,4 @@ class ApiTimelineUserAction extends ApiBareAuthAction
  
          return $saved;
      }
-
-    function purify($content)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-        return htmLawed($content, $config);
-    }
  }
diff --git a/lib/activityimporter.php b/lib/activityimporter.php

index 4e13419ae7482ccd0aed3eac7ffad9e15e6ca789..5bef4cfb072475e66cdaf73d1b4b4267107f78ed 100644 (file)
--- a/lib/activityimporter.php
+++ b/lib/activityimporter.php
@@ -213,7 +213,7 @@ class ActivityImporter extends QueueHandler
  
          // Get (safe!) HTML and text versions of the content
  
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
          $content = common_strip_html($rendered);
  
          $shortened = $user->shortenLinks($content);
@@ -338,15 +338,4 @@ class ActivityImporter extends QueueHandler
  
          return array($groups, $replies);
      }
-
-
-    function purify($content)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-
-        return htmLawed($content, $config);
-    }
  }
diff --git a/plugins/Blog/classes/Blog_entry.php b/plugins/Blog/classes/Blog_entry.php

index 1f585dce4ff854c15b5b1c5ac8d0f7cebbd89671..6b82a0fdd12751e0885a5045897b7caaf86d78de 100644 (file)
--- a/plugins/Blog/classes/Blog_entry.php
+++ b/plugins/Blog/classes/Blog_entry.php
@@ -117,10 +117,10 @@ class Blog_entry extends Managed_DataObject
          $be->id         = (string) new UUID();
          $be->profile_id = $profile->id;
          $be->title      = $title; // Note: not HTML-protected
-        $be->content    = self::purify($content);
+        $be->content    = common_purify($content);
  
          if (array_key_exists('summary', $options)) {
-            $be->summary = self::purify($options['summary']);
+            $be->summary = common_purify($options['summary']);
          } else {
              // Already purified
              $be->summary = self::summarize($be->content);
@@ -241,18 +241,4 @@ class Blog_entry extends Managed_DataObject
  
          return $obj;
      }
-
-    /**
-     * Clean up input HTML
-     */
-    static function purify($html)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-        $pure = htmLawed($html, $config);
-
-        return $pure;
-    }
  }
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php

index 79098c64048ed31705b54ecfb94259619dad826d..4be4e5112f67f5a4e8464e425135b5bd6b744c05 100644 (file)
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -621,7 +621,7 @@ class Ostatus_profile extends Managed_DataObject
  
          // Get (safe!) HTML and text versions of the content
  
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
          $content = common_strip_html($rendered);
  
          $shortened = common_shorten_links($content);
@@ -788,7 +788,7 @@ class Ostatus_profile extends Managed_DataObject
  
          // Get (safe!) HTML and text versions of the content
  
-        $rendered = $this->purify($sourceContent);
+        $rendered = common_purify($sourceContent);
          $content = common_strip_html($rendered);
  
          $shortened = common_shorten_links($content);
@@ -914,17 +914,6 @@ class Ostatus_profile extends Managed_DataObject
          return $saved;
      }
  
-    /**
-     * Clean up HTML
-     */
-    protected function purify($html)
-    {
-        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
-        $config = array('safe' => 1,
-                        'deny_attribute' => 'id,style,on*');
-        return htmLawed($html, $config);
-    }
-
      /**
       * Filters a list of recipient ID URIs to just those for local delivery.
       * @param Profile local profile of sender
author	Mikael Nordfeldth <mmn@hethane.se>
	Tue, 17 Feb 2015 23:14:28 +0000 (00:14 +0100)
committer	Mikael Nordfeldth <mmn@hethane.se>
	Tue, 17 Feb 2015 23:14:28 +0000 (00:14 +0100)
actions/apitimelineuser.php		patch \| blob \| history
lib/activityimporter.php		patch \| blob \| history
plugins/Blog/classes/Blog_entry.php		patch \| blob \| history
plugins/OStatus/classes/Ostatus_profile.php		patch \| blob \| history