diff options
Diffstat (limited to 'classes/sanitizer.php')
-rw-r--r-- | classes/sanitizer.php | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/classes/sanitizer.php b/classes/sanitizer.php index 9f3bfada0..5a054c3b0 100644 --- a/classes/sanitizer.php +++ b/classes/sanitizer.php @@ -54,7 +54,9 @@ class Sanitizer { } public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { - if (!$owner) $owner = $_SESSION["uid"]; + + if (!$owner && isset($_SESSION["uid"])) + $owner = $_SESSION["uid"]; $res = trim($str); if (!$res) return ''; @@ -97,7 +99,7 @@ class Sanitizer { } if ($entry->hasAttribute('src') && - ($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) { + ($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || ($_SESSION["bw_limit"] ?? false)) { $p = $doc->createElement('p'); @@ -147,7 +149,7 @@ class Sanitizer { 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time', 'tr', 'track', 'tt', 'u', 'ul', 'var', 'wbr', 'video', 'xml:namespace' ); - if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe'; + if ($_SESSION['hasSandbox'] ?? false) $allowed_elements[] = 'iframe'; $disallowed_attributes = array('id', 'style', 'class', 'width', 'height', 'allow'); @@ -186,16 +188,16 @@ class Sanitizer { $text = $child->textContent; while (($pos = mb_stripos($text, $word)) !== false) { - $fragment->appendChild(new DomText(mb_substr($text, 0, $pos))); - $word = mb_substr($text, $pos, mb_strlen($word)); + $fragment->appendChild(new DOMText(mb_substr($text, 0, (int)$pos))); + $word = mb_substr($text, (int)$pos, mb_strlen($word)); $highlight = $doc->createElement('span'); - $highlight->appendChild(new DomText($word)); + $highlight->appendChild(new DOMText($word)); $highlight->setAttribute('class', 'highlight'); $fragment->appendChild($highlight); $text = mb_substr($text, $pos + mb_strlen($word)); } - if (!empty($text)) $fragment->appendChild(new DomText($text)); + if (!empty($text)) $fragment->appendChild(new DOMText($text)); $child->parentNode->replaceChild($fragment, $child); } |