diff options
author | Andrew Dolgov <[email protected]> | 2012-06-01 00:07:59 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-06-01 00:07:59 +0400 |
commit | c21a462d52bd32737c32c29b060da03b38f1c2e6 (patch) | |
tree | 83b1b0a5e5451b6c4b6556886e6b590da24ca12f /include | |
parent | 65dd90f2bae0f10aa8c4404df622d287e48b2544 (diff) |
remove htmlpurifier
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 29 | ||||
-rw-r--r-- | include/sanity_check.php | 6 |
2 files changed, 4 insertions, 31 deletions
diff --git a/include/functions.php b/include/functions.php index 13214ba6e..d11d62d22 100644 --- a/include/functions.php +++ b/include/functions.php @@ -100,8 +100,6 @@ require_once 'lib/pubsubhubbub/publisher.php'; - $purifier = false; - $tz_offset = -1; $utc_tz = new DateTimeZone('UTC'); $schema_version = false; @@ -2621,36 +2619,17 @@ } function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) { - global $purifier; - if (!$owner) $owner = $_SESSION["uid"]; $res = trim($str); if (!$res) return ''; - // create global Purifier object if needed - if (!$purifier) { - require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php'; - - $config = HTMLPurifier_Config::createDefault(); - - $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]"; - - $config->set('HTML.SafeObject', true); - @$config->set('HTML', 'Allowed', $allowed); - $config->set('Output.FlashCompat', true); - $config->set('Attr.EnableID', true); - if (!defined('MOBILE_VERSION')) { - @$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier"); - } else { - @$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier"); - } - - $config->set('Filter.YouTube', true); + // TODO implement better HTML tag stripping and XSS protection - $purifier = new HTMLPurifier($config); + if (function_exists('filter_var')) { + $res = filter_var($res, FILTER_SANITIZE_STRING); } - $res = $purifier->purify($res); + $res = strip_tags($str, "<p><a><i><em><b><strong><code><pre><blockquote><br><img><ul><ol><li><h1><h2><h3><h4><s><object><param><table><tr><td><span>"); if (get_pref($link, "STRIP_IMAGES", $owner)) { $res = preg_replace('/<img[^>]+>/is', '', $res); diff --git a/include/sanity_check.php b/include/sanity_check.php index 11da85921..2195945be 100644 --- a/include/sanity_check.php +++ b/include/sanity_check.php @@ -23,12 +23,6 @@ $array_push($errors, "Configuration file (config.php) has incorrect version. Update it with new options from config.php-dist and set CONFIG_VERSION to the correct value."); } - $purifier_cache_dir = CACHE_DIR . "/htmlpurifier"; - - if (!is_writable($purifier_cache_dir)) { - array_push($errors, "HTMLPurifier cache directory should be writable by anyone (chmod -R 777 $purifier_cache_dir)"); - } - if (!is_writable(CACHE_DIR . "/images")) { array_push($errors, "Image cache is not writable (chmod -R 777 ".CACHE_DIR."/images)"); } |