1 files changed, 73 insertions, 11 deletions

diff --git a/include/functions.php b/include/functions.php
index 435ce24b4..4eff1149e 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -51,6 +51,7 @@
 					"hu_HU" => "Magyar (Hungarian)",
 					"it_IT" => "Italiano",
 					"ja_JP" => "日本語 (Japanese)",
+					"lv_LV" => "Latviešu",
 					"nb_NO" => "Norwegian bokmål",
 					"pl_PL" => "Polski",
 					"ru_RU" => "Русский",
@@ -109,7 +110,6 @@
 	ini_set('user_agent', SELF_USER_AGENT);
 
 	require_once 'lib/pubsubhubbub/publisher.php';
-	require_once 'lib/htmLawed.php';
 
 	$tz_offset = -1;
 	$utc_tz = new DateTimeZone('UTC');
@@ -351,6 +351,9 @@
 
 			$data = @file_get_contents($url);
 
+			$gzdecoded = gzdecode($data);
+			if ($gzdecoded) $data = $gzdecoded;
+
 			if (!$data && function_exists('error_get_last')) {
 				$error = error_get_last();
 				$fetch_last_error = $error["message"];
@@ -460,6 +463,8 @@
 			 else
 			 	$sel = "";
 
+			$v = trim($v);
+
 			print "<option value=\"$v\" $sel>$v</option>";
 		}
 		print "</select>";
@@ -473,6 +478,8 @@
 			 else
 			 	$sel = "";
 
+			$v = trim($v);
+
 			print "<option $sel value=\"$v\">".$values[$v]."</option>";
 		}
 
@@ -1939,6 +1946,8 @@
 				"c n" => "catchup_above",
 				"*n" => "article_scroll_down",
 				"*p" => "article_scroll_up",
+				"*(38)|Shift+up" => "article_scroll_up",
+				"*(40)|Shift+down" => "article_scroll_down",
 				"a *w" => "toggle_widescreen",
 				"e" => "email_article",
 				"a q" => "close_article",
@@ -2585,10 +2594,17 @@
 					$entry->setAttribute('href',
 						rewrite_relative_url($site_url, $entry->getAttribute('href')));
 
-				if ($entry->hasAttribute('src'))
-					if (preg_match('/^image.php\?i=[a-z0-9]+$/', $entry->getAttribute('src')) == 0)
-						$entry->setAttribute('src',
-							rewrite_relative_url($site_url, $entry->getAttribute('src')));
+				if ($entry->hasAttribute('src')) {
+					$src = rewrite_relative_url($site_url, $entry->getAttribute('src'));
+
+					$cached_filename = CACHE_DIR . '/images/' . sha1($src) . '.png';
+
+					if (file_exists($cached_filename)) {
+						$src = SELF_URL_PATH . '/image.php?hash=' . sha1($src);
+					}
+
+					$entry->setAttribute('src', $src);
+				}
 			}
 
 			if (strtolower($entry->nodeName) == "a") {
@@ -2596,16 +2612,62 @@
 			}
 		}
 
-		//$node = $doc->getElementsByTagName('body')->item(0);
+		$entries = $xpath->query('//iframe');
+		foreach ($entries as $entry) {
+			$entry->setAttribute('sandbox', true);
+		}
+
+		global $pluginhost;
+
+		if (isset($pluginhost)) {
+			foreach ($pluginhost->get_hooks($pluginhost::HOOK_SANITIZE) as $plugin) {
+				$doc = $plugin->hook_sanitize($doc, $site_url);
+			}
+		}
 
 		$doc->removeChild($doc->firstChild); //remove doctype
+		$doc = strip_harmful_tags($doc);
 		$res = $doc->saveHTML();
+		return $res;
+	}
 
-		$config = array('safe' => 1, 'deny_attribute' => 'style, width, height, class, id', 'comment' => 1, 'cdata' => 1, 'balance' => 0);
-		$spec = 'img=width,height';
-		$res = htmLawed($res, $config, $spec);
+	function strip_harmful_tags($doc) {
+		$entries = $doc->getElementsByTagName("*");
 
-		return $res;
+		$allowed_elements = array('a', 'address', 'audio',
+			'b', 'big', 'blockquote', 'body', 'br', 'cite',
+			'code', 'dd', 'del', 'details', 'div', 'dl',
+			'dt', 'em', 'footer', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
+			'header', 'html', 'i', 'img', 'ins', 'kbd',
+			'li', 'nav', 'ol', 'p', 'pre', 'q', 's','small',
+			'source', 'span', 'strike', 'strong', 'sub', 'summary',
+			'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead',
+			'tr', 'track', 'tt', 'u', 'ul', 'var', 'wbr', 'video' );
+
+		if ($_SESSION['hasSandbox']) array_push($allowed_elements, 'iframe');
+
+		$disallowed_attributes = array('id', 'style', 'class');
+
+		foreach ($entries as $entry) {
+			if (!in_array($entry->nodeName, $allowed_elements)) {
+				$entry->parentNode->removeChild($entry);
+			}
+
+			if ($entry->hasAttributes()) {
+				foreach (iterator_to_array($entry->attributes) as $attr) {
+
+					if (strpos($attr->nodeName, 'on') === 0) {
+						$entry->removeAttributeNode($attr);
+					}
+
+					if (in_array($attr->nodeName, $disallowed_attributes)) {
+						$entry->removeAttributeNode($attr);
+					}
+				}
+			}
+		}
+
+		return $doc;
 	}
 
 	function check_for_update($link) {
@@ -3907,7 +3969,7 @@
 	function implements_interface($class, $interface) {
 		return in_array($interface, class_implements($class));
 	}
-	
+
 	function geturl($url){
 
 		(function_exists('curl_init')) ? '' : die('cURL Must be installed for geturl function to work. Ask your host to enable it or uncomment extension=php_curl.dll in php.ini');