diff options
| author | Andrew Dolgov <[email protected]> | 2012-10-28 12:21:21 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2012-10-28 12:21:21 +0400 |
| commit | acccafe3daee1c94064202d38fa244bd5a15c2e7 (patch) | |
| tree | 11407af73571632e239e1de01c4a7dfb7664503d /include | |
| parent | 17525d012750697283a3758b0fe00c0a6945947f (diff) | |
replace htmlpurifier with htmlawed
Diffstat (limited to 'include')
| -rw-r--r-- | include/functions.php | 31 | ||||
| -rw-r--r-- | include/sanity_check.php | 6 |
2 files changed, 3 insertions, 34 deletions
diff --git a/include/functions.php b/include/functions.php index 656664da2..f607cb3cc 100644 --- a/include/functions.php +++ b/include/functions.php @@ -111,8 +111,7 @@ ini_set('user_agent', SELF_USER_AGENT); require_once 'lib/pubsubhubbub/publisher.php'; - - $purifier = false; + require_once 'lib/htmLawed.php'; $tz_offset = -1; $utc_tz = new DateTimeZone('UTC'); @@ -2688,36 +2687,12 @@ } function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) { - global $purifier; - if (!$owner) $owner = $_SESSION["uid"]; $res = trim($str); if (!$res) return ''; - // create global Purifier object if needed - if (!$purifier) { - require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php'; - - $config = HTMLPurifier_Config::createDefault(); - - $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]"; - - $config->set('HTML.SafeObject', true); - @$config->set('HTML', 'Allowed', $allowed); - $config->set('Output.FlashCompat', true); - $config->set('Attr.EnableID', true); - if (!defined('MOBILE_VERSION')) { - @$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier"); - } else { - @$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier"); - } - - $config->set('Filter.YouTube', true); - - $purifier = new HTMLPurifier($config); - } - - $res = $purifier->purify($res); + $config = array('safe' => 1, 'deny_attribute' => 'style'); + $res = htmLawed($res, $config); if (get_pref($link, "STRIP_IMAGES", $owner)) { $res = preg_replace('/<img[^>]+>/is', '', $res); diff --git a/include/sanity_check.php b/include/sanity_check.php index bf47db8ee..8d5f52377 100644 --- a/include/sanity_check.php +++ b/include/sanity_check.php @@ -21,12 +21,6 @@ array_push($errors, "Configuration file (config.php) has incorrect version. Update it with new options from config.php-dist and set CONFIG_VERSION to the correct value."); } - $purifier_cache_dir = CACHE_DIR . "/htmlpurifier"; - - if (!is_writable($purifier_cache_dir)) { - array_push($errors, "HTMLPurifier cache directory should be writable by anyone (chmod -R 777 $purifier_cache_dir)"); - } - if (!is_writable(CACHE_DIR . "/images")) { array_push($errors, "Image cache is not writable (chmod -R 777 ".CACHE_DIR."/images)"); } |