From 0deaf6c50c0a02dd307b797729adbaf2a973db07 Mon Sep 17 00:00:00 2001 From: Mikael Nordfeldth Date: Wed, 18 Feb 2015 00:14:28 +0100 Subject: [PATCH] use common_purify to purify HTML, one function to rule them all --- actions/apitimelineuser.php | 11 +---------- lib/activityimporter.php | 13 +------------ plugins/Blog/classes/Blog_entry.php | 18 ++---------------- plugins/OStatus/classes/Ostatus_profile.php | 15 ++------------- 4 files changed, 6 insertions(+), 51 deletions(-) diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index 26c960fa04..abc7fd6a96 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -405,7 +405,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction // Get (safe!) HTML and text versions of the content - $rendered = $this->purify($sourceContent); + $rendered = common_purify($sourceContent); $content = common_strip_html($rendered); $shortened = $this->auth_user->shortenLinks($content); @@ -504,13 +504,4 @@ class ApiTimelineUserAction extends ApiBareAuthAction return $saved; } - - function purify($content) - { - require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; - - $config = array('safe' => 1, - 'deny_attribute' => 'id,style,on*'); - return htmLawed($content, $config); - } } diff --git a/lib/activityimporter.php b/lib/activityimporter.php index 4e13419ae7..5bef4cfb07 100644 --- a/lib/activityimporter.php +++ b/lib/activityimporter.php @@ -213,7 +213,7 @@ class ActivityImporter extends QueueHandler // Get (safe!) HTML and text versions of the content - $rendered = $this->purify($sourceContent); + $rendered = common_purify($sourceContent); $content = common_strip_html($rendered); $shortened = $user->shortenLinks($content); @@ -338,15 +338,4 @@ class ActivityImporter extends QueueHandler return array($groups, $replies); } - - - function purify($content) - { - require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; - - $config = array('safe' => 1, - 'deny_attribute' => 'id,style,on*'); - - return htmLawed($content, $config); - } } diff --git a/plugins/Blog/classes/Blog_entry.php b/plugins/Blog/classes/Blog_entry.php index 1f585dce4f..6b82a0fdd1 100644 --- a/plugins/Blog/classes/Blog_entry.php +++ b/plugins/Blog/classes/Blog_entry.php @@ -117,10 +117,10 @@ class Blog_entry extends Managed_DataObject $be->id = (string) new UUID(); $be->profile_id = $profile->id; $be->title = $title; // Note: not HTML-protected - $be->content = self::purify($content); + $be->content = common_purify($content); if (array_key_exists('summary', $options)) { - $be->summary = self::purify($options['summary']); + $be->summary = common_purify($options['summary']); } else { // Already purified $be->summary = self::summarize($be->content); @@ -241,18 +241,4 @@ class Blog_entry extends Managed_DataObject return $obj; } - - /** - * Clean up input HTML - */ - static function purify($html) - { - require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; - - $config = array('safe' => 1, - 'deny_attribute' => 'id,style,on*'); - $pure = htmLawed($html, $config); - - return $pure; - } } diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index 79098c6404..4be4e5112f 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -621,7 +621,7 @@ class Ostatus_profile extends Managed_DataObject // Get (safe!) HTML and text versions of the content - $rendered = $this->purify($sourceContent); + $rendered = common_purify($sourceContent); $content = common_strip_html($rendered); $shortened = common_shorten_links($content); @@ -788,7 +788,7 @@ class Ostatus_profile extends Managed_DataObject // Get (safe!) HTML and text versions of the content - $rendered = $this->purify($sourceContent); + $rendered = common_purify($sourceContent); $content = common_strip_html($rendered); $shortened = common_shorten_links($content); @@ -914,17 +914,6 @@ class Ostatus_profile extends Managed_DataObject return $saved; } - /** - * Clean up HTML - */ - protected function purify($html) - { - require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; - $config = array('safe' => 1, - 'deny_attribute' => 'id,style,on*'); - return htmLawed($html, $config); - } - /** * Filters a list of recipient ID URIs to just those for local delivery. * @param Profile local profile of sender -- 2.39.5