summaryrefslogtreecommitdiff
path: root/classes/sanitizer.php
diff options
context:
space:
mode:
Diffstat (limited to 'classes/sanitizer.php')
-rw-r--r--classes/sanitizer.php10
1 files changed, 8 insertions, 2 deletions
diff --git a/classes/sanitizer.php b/classes/sanitizer.php
index 52feb5e28..07766dc16 100644
--- a/classes/sanitizer.php
+++ b/classes/sanitizer.php
@@ -49,6 +49,10 @@ class Sanitizer {
return false;
}
+ private static function is_prefix_https() {
+ return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
+ }
+
public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
if (!$owner && isset($_SESSION["uid"]))
@@ -60,7 +64,9 @@ class Sanitizer {
$doc->loadHTML('<?xml encoding="UTF-8">' . $res);
$xpath = new DOMXPath($doc);
- $rewrite_base_url = $site_url ? $site_url : get_self_url_prefix();
+ // is it a good idea to possibly rewrite urls to our own prefix?
+ // $rewrite_base_url = $site_url ? $site_url : Config::get_self_url();
+ $rewrite_base_url = $site_url ? $site_url : "http://domain.invalid/";
$entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])');
@@ -125,7 +131,7 @@ class Sanitizer {
if (!self::iframe_whitelisted($entry)) {
$entry->setAttribute('sandbox', 'allow-scripts');
} else {
- if (is_prefix_https()) {
+ if (self::is_prefix_https()) {
$entry->setAttribute("src",
str_replace("http://", "https://",
$entry->getAttribute("src")));
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-20 06:09:07 +0000