From 83c8834421a5b16b54136bb3c23c3e817be967c0 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 29 Apr 2020 19:02:44 +0300
Subject: sanitize: handle picture[@srcset] elements properly, i.e. rewrite
 relative URLs

---
 include/functions.php | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/functions.php b/include/functions.php
index c223a3db8..532e48139 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1264,7 +1264,7 @@
 
 		$rewrite_base_url = $site_url ? $site_url : get_self_url_prefix();
 
-		$entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src]|//picture/source[@src])');
+		$entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src]|//picture/source[@src]|//picture/source[@srcset])');
 
 		foreach ($entries as $entry) {
 
@@ -1303,6 +1303,22 @@
 				}
 			}
 
+			if ($entry->hasAttribute('srcset')) {
+				$tokens = explode(",", $entry->getAttribute('srcset'));
+
+				for ($i = 0; $i < count($tokens); $i++) {
+					$token = trim($tokens[$i]);
+
+					list ($url, $width) = explode(" ", $token, 2);
+
+					$url = rewrite_relative_url($rewrite_base_url, $url);
+
+					$tokens[$i] = "$url $width";
+				}
+
+				$entry->setAttribute("srcset", implode(", ", $tokens));
+			}
+
 			if ($entry->hasAttribute('src') &&
 					($owner && get_pref("STRIP_IMAGES", $owner)) || $force_remove_images || $_SESSION["bw_limit"]) {
 
-- 
cgit v1.2.3