From 52a3764ae406f63f7177f4cbefaf5eb23375150c Mon Sep 17 00:00:00 2001
From: Mikael Nordfeldth <mmn@hethane.se>
Date: Fri, 26 Feb 2016 14:46:26 +0100
Subject: [PATCH] Resolve relative URLs (assuming URI.Base==notice URL)

The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
---
 classes/Notice.php | 4 ++--
 lib/util.php       | 6 +++++-
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/classes/Notice.php b/classes/Notice.php
index 892f2be30e..2bae300115 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -854,8 +854,8 @@ class Notice extends Managed_DataObject
         if (mb_strlen($content)===0 && !is_null($actobj)) {
             $content = mb_strlen($actobj->content) ? $actobj->content : $actobj->summary;
         }
-        // Strip out any bad HTML from $content
-        $stored->rendered = common_purify($content);
+        // Strip out any bad HTML from $content. URI.Base is used to sort out relative URLs.
+        $stored->rendered = common_purify($content, ['URI.Base' => $stored->url ?: null]);
         $stored->content  = common_strip_html($stored->getRendered(), true, true);
         if (trim($stored->content) === '') {
             // TRANS: Error message when the plain text content of a notice has zero length.
diff --git a/lib/util.php b/lib/util.php
index f029eb429d..9f9b3f66d4 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -580,7 +580,7 @@ function common_canonical_email($email)
     return $email;
 }
 
-function common_purify($html)
+function common_purify($html, array $args=array())
 {
     require_once INSTALLDIR.'/extlib/HTMLPurifier/HTMLPurifier.auto.php';
 
@@ -588,6 +588,10 @@ function common_purify($html)
     $cfg->set('Attr.AllowedRel', ['bookmark', 'directory', 'enclosure', 'home', 'license', 'nofollow', 'payment', 'tag']);  // http://microformats.org/wiki/rel
     $cfg->set('HTML.ForbiddenAttributes', array('style'));  // id, on* etc. are already filtered by default
     $cfg->set('URI.AllowedSchemes', array_fill_keys(common_url_schemes(), true));
+    if (isset($args['URI.Base'])) {
+        $cfg->set('URI.Base', $args['URI.Base']);   // if null this is like unsetting it I presume
+        $cfg->set('URI.MakeAbsolute', !is_null($args['URI.Base']));   // if we have a URI base, convert relative URLs to absolute ones.
+    }
 
     // Remove more elements than what the default filter removes, default in GNU social are remotely
     // linked resources such as img, video, audio
-- 
2.39.5