summaryrefslogtreecommitdiff
path: root/include/functions.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/functions.php')
-rw-r--r--include/functions.php31
1 files changed, 3 insertions, 28 deletions
diff --git a/include/functions.php b/include/functions.php
index 656664da2..f607cb3cc 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -111,8 +111,7 @@
ini_set('user_agent', SELF_USER_AGENT);
require_once 'lib/pubsubhubbub/publisher.php';
-
- $purifier = false;
+ require_once 'lib/htmLawed.php';
$tz_offset = -1;
$utc_tz = new DateTimeZone('UTC');
@@ -2688,36 +2687,12 @@
}
function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
- global $purifier;
-
if (!$owner) $owner = $_SESSION["uid"];
$res = trim($str); if (!$res) return '';
- // create global Purifier object if needed
- if (!$purifier) {
- require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php';
-
- $config = HTMLPurifier_Config::createDefault();
-
- $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]";
-
- $config->set('HTML.SafeObject', true);
- @$config->set('HTML', 'Allowed', $allowed);
- $config->set('Output.FlashCompat', true);
- $config->set('Attr.EnableID', true);
- if (!defined('MOBILE_VERSION')) {
- @$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier");
- } else {
- @$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier");
- }
-
- $config->set('Filter.YouTube', true);
-
- $purifier = new HTMLPurifier($config);
- }
-
- $res = $purifier->purify($res);
+ $config = array('safe' => 1, 'deny_attribute' => 'style');
+ $res = htmLawed($res, $config);
if (get_pref($link, "STRIP_IMAGES", $owner)) {
$res = preg_replace('/<img[^>]+>/is', '', $res);
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 01:20:57 +0000