$be = new Blog_entry();
$be->id = (string) new UUID();
$be->profile_id = $profile->id;
- $be->title = htmlspecialchars($title);
- $be->content = $content;
+ $be->title = $title; // Note: not HTML-protected
+ $be->content = self::purify($content);
if (array_key_exists('summary', $options)) {
- $be->summary = $options['summary'];
+ $be->summary = self::purify($options['summary']);
} else {
+ // Already purified
$be->summary = self::summarize($content);
}
XMLStringer::estring('a', array('href' => $url,
'class' => 'blog-entry'),
_('More...'));
- $content = html_entity_decode(strip_tags($text), ENT_QUOTES, 'UTF-8');
-
+ $content = html_entity_decode(strip_tags($be->summary), ENT_QUOTES, 'UTF-8');
} else {
- $options['rendered'] = $be->content . ' ' .
- XMLStringer::estring('a', array('href' => $url,
- 'class' => 'blog-entry'),
- _('More...'));
+ $options['rendered'] = $be->content;
+ $content = html_entity_decode(strip_tags($be->content), ENT_QUOTES, 'UTF-8');
}
return $obj;
}
+
+ /**
+ * Clean up input HTML
+ */
+ static function purify($html)
+ {
+ require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
+ $config = array('safe' => 1,
+ 'deny_attribute' => 'id,style,on*');
+ return htmLawed($html, $config);
+ }
}
$out->elementEnd('h4');
if (!empty($entry->summary)) {
- $out->element('div', 'blog-entry-summary', $entry->summary);
+ $out->elementStart('div', 'blog-entry-summary');
+ $out->raw($entry->summary);
+ $out->elementEnd('div');
} else {
// XXX: hide content initially; click More... for full text.
- $out->element('div', 'blog-entry-content', $entry->content);
+ $out->elementStart('div', 'blog-entry-content');
+ $out->raw($entry->content);
+ $out->elementEnd('div');
}
}
}
projects / quix0rs-gnu-social.git / commitdiff