From: Mikael Nordfeldth <mmn@hethane.se>
Date: Sun, 17 Dec 2017 17:32:23 +0000 (+0100)
Subject: Merge remote-tracking branch 'gnuio/master' into nightly
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=ec98fd0c438f5b8f8e5eeee893ad84f121b7249f;p=quix0rs-gnu-social.git

Merge remote-tracking branch 'gnuio/master' into nightly
---

ec98fd0c438f5b8f8e5eeee893ad84f121b7249f
diff --cc lib/util.php
index 2273ef5053,9c32d74433..6ab5d7ae85
--- a/lib/util.php
+++ b/lib/util.php
@@@ -595,24 -594,12 +595,28 @@@ function common_purify($html, array $ar
      require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
  
      $cfg = HTMLPurifier_Config::createDefault();
 -    $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']);  // http://microformats.org/wiki/rel
 +    /**
 +     * rel values that should be avoided since they can be used to infer
 +     * information about the _current_ page, not the h-entry:
 +     *
 +     *      directory, home, license, payment
 +     *
 +     * Source: http://microformats.org/wiki/rel
 +     */
 +    $cfg->set('Attr.AllowedRel', ['bookmark', 'enclosure', 'nofollow', 'tag', 'noreferrer']);
      $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
      $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
 +    if (isset($args['URI.Base'])) {
 +        $cfg->set('URI.Base', $args['URI.Base']);   // if null this is like unsetting it I presume
 +        $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base']));   // if we have a URI base, convert relative URLs to absolute ones.
 +    }
+     if (common_config('cache', 'dir')) {
+         $cfg->set('Cache.SerializerPath', common_config('cache', 'dir'));
+     }
++    // if you don't want to use the default cache dir for htmlpurifier, set it specifically as $config['htmlpurifier']['Cache.SerializerPath'] = '/tmp'; or something.
 +    foreach (common_config('htmlpurifier') as $key=>$val) {
 +        $cfg->set($key, $val);
 +    }
  
      // Remove more elements than what the default filter removes, default in GNU social are remotely
      // linked resources such as img, video, audio