diff options
Diffstat (limited to 'classes/sanitizer.php')
-rw-r--r-- | classes/sanitizer.php | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/classes/sanitizer.php b/classes/sanitizer.php index 52feb5e28..07766dc16 100644 --- a/classes/sanitizer.php +++ b/classes/sanitizer.php @@ -49,6 +49,10 @@ class Sanitizer { return false; } + private static function is_prefix_https() { + return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https'; + } + public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { if (!$owner && isset($_SESSION["uid"])) @@ -60,7 +64,9 @@ class Sanitizer { $doc->loadHTML('<?xml encoding="UTF-8">' . $res); $xpath = new DOMXPath($doc); - $rewrite_base_url = $site_url ? $site_url : get_self_url_prefix(); + // is it a good idea to possibly rewrite urls to our own prefix? + // $rewrite_base_url = $site_url ? $site_url : Config::get_self_url(); + $rewrite_base_url = $site_url ? $site_url : "http://domain.invalid/"; $entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])'); @@ -125,7 +131,7 @@ class Sanitizer { if (!self::iframe_whitelisted($entry)) { $entry->setAttribute('sandbox', 'allow-scripts'); } else { - if (is_prefix_https()) { + if (self::is_prefix_https()) { $entry->setAttribute("src", str_replace("http://", "https://", $entry->getAttribute("src"))); |