Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x

Conflicts:
	lib/attachmentlist.php

diff --cc index.php
Simple merge

diff --cc lib/attachmentlist.php
index 13dafd13e4818e2102f366efa9e0c73e7adf54d4,fe38281af92b94e52924a36ffece8cf82824e65a..d29a5fa2fdb344cd5c56611ba589da53cefb8d74
--- 1/lib/attachmentlist.php
--- 2/lib/attachmentlist.php
+++ b/lib/attachmentlist.php
@@@ -330,13 -332,8 +330,17 @@@ class Attachment extends AttachmentList
                      $this->out->element('param', array('name' => 'autoStart', 'value' => 1));
                      $this->out->elementEnd('object');
                      break;
-                     break;
 +
 +                case 'text/html':
 +                    if ($this->attachment->filename) {
 +                        // Locally-uploaded HTML. Scrub and display inline.
 +                        $this->showHtmlFile($this->attachment);
++                        break;
 +                    }
++                    // Fall through to default
++
+                 default:
+                     $this->showFallback();
                  }
              }
          } else {
@@@ -364,57 -361,18 +368,71 @@@
          }
      }
  
 +    protected function showHtmlFile(File $attachment)
 +    {
 +        $body = $this->scrubHtmlFile($attachment);
 +        if ($body) {
 +            $this->out->raw($body);
 +        }
 +    }
 +
 +    /**
 +     * @return mixed false on failure, HTML fragment string on success
 +     */
 +    protected function scrubHtmlFile(File $attachment)
 +    {
 +        $path = File::path($attachment->filename);
 +        if (!file_exists($path) || !is_readable($path)) {
 +            common_log(LOG_ERR, "Missing local HTML attachment $path");
 +            return false;
 +        }
 +        $raw = file_get_contents($path);
 +
 +        // Normalize...
 +        $dom = new DOMDocument();
 +        if(!$dom->loadHTML($raw)) {
 +            common_log(LOG_ERR, "Bad HTML in local HTML attachment $path");
 +            return false;
 +        }
 +
 +        // Remove <script>s or htmlawed will dump their contents into output!
 +        // Note: removing child nodes while iterating seems to mess things up,
 +        // hence the double loop.
 +        $scripts = array();
 +        foreach ($dom->getElementsByTagName('script') as $script) {
 +            $scripts[] = $script;
 +        }
 +        foreach ($scripts as $script) {
 +            common_log(LOG_DEBUG, $script->textContent);
 +            $script->parentNode->removeChild($script);
 +        }
 +
 +        // Trim out everything outside the body...
 +        $body = $dom->saveHTML();
 +        $body = preg_replace('/^.*<body[^>]*>/is', '', $body);
 +        $body = preg_replace('/<\/body[^>]*>.*$/is', '', $body);
 +
 +        require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
 +        $config = array('safe' => 1,
 +                        'deny_attribute' => 'id,style,on*',
 +                        'comment' => 1); // remove comments
 +        $scrubbed = htmLawed($body, $config);
 +
 +        return $scrubbed;
 +    }
++
+     function showFallback()
+     {
+         // If we don't know how to display an attachment inline, we probably
+         // shouldn't have gotten to this point.
+         //
+         // But, here we are... displaying details on a file or remote URL
+         // either on the main view or in an ajax-loaded lightbox. As a lesser
+         // of several evils, we'll try redirecting to the actual target via
+         // client-side JS.
+ 
+         common_log(LOG_ERR, "Empty or unknown type for file id {$this->attachment->id}; falling back to client-side redirect.");
+         $this->out->raw('<script>window.location = ' . json_encode($this->attachment->url) . ';</script>');
+     }
  }
  

diff --cc plugins/OStatus/classes/Ostatus_profile.php
Simple merge