diff options
| author | Andrew Dolgov <[email protected]> | 2020-04-29 19:02:44 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2020-04-29 19:02:44 +0300 |
| commit | 83c8834421a5b16b54136bb3c23c3e817be967c0 (patch) | |
| tree | 335a488c066edbe83648a004cdc2f6bdcde575e5 | |
| parent | 4a00f96733b010947557a0ddb4f2319f5348743c (diff) | |
sanitize: handle picture[@srcset] elements properly, i.e. rewrite relative URLs
| -rw-r--r-- | include/functions.php | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/include/functions.php b/include/functions.php index c223a3db8..532e48139 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1264,7 +1264,7 @@ $rewrite_base_url = $site_url ? $site_url : get_self_url_prefix(); - $entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src]|//picture/source[@src])'); + $entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src]|//picture/source[@src]|//picture/source[@srcset])'); foreach ($entries as $entry) { @@ -1303,6 +1303,22 @@ } } + if ($entry->hasAttribute('srcset')) { + $tokens = explode(",", $entry->getAttribute('srcset')); + + for ($i = 0; $i < count($tokens); $i++) { + $token = trim($tokens[$i]); + + list ($url, $width) = explode(" ", $token, 2); + + $url = rewrite_relative_url($rewrite_base_url, $url); + + $tokens[$i] = "$url $width"; + } + + $entry->setAttribute("srcset", implode(", ", $tokens)); + } + if ($entry->hasAttribute('src') && ($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) { |