From c21a462d52bd32737c32c29b060da03b38f1c2e6 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Fri, 1 Jun 2012 00:07:59 +0400
Subject: remove htmlpurifier

---
 include/functions.php    | 29 ++++-------------------------
 include/sanity_check.php |  6 ------
 2 files changed, 4 insertions(+), 31 deletions(-)

(limited to 'include')

diff --git a/include/functions.php b/include/functions.php
index 13214ba6e..d11d62d22 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -100,8 +100,6 @@
 
 	require_once 'lib/pubsubhubbub/publisher.php';
 
-	$purifier = false;
-
 	$tz_offset = -1;
 	$utc_tz = new DateTimeZone('UTC');
 	$schema_version = false;
@@ -2621,36 +2619,17 @@
 	}
 
 	function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
-		global $purifier;
-
 		if (!$owner) $owner = $_SESSION["uid"];
 
 		$res = trim($str); if (!$res) return '';
 
-		// create global Purifier object if needed
-		if (!$purifier) {
-			require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php';
-
-			$config = HTMLPurifier_Config::createDefault();
-
-			$allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]";
-
-			$config->set('HTML.SafeObject', true);
-			@$config->set('HTML', 'Allowed', $allowed);
-			$config->set('Output.FlashCompat', true);
-			$config->set('Attr.EnableID', true);
-			if (!defined('MOBILE_VERSION')) {
-				@$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier");
-			} else {
-				@$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier");
-			}
-
-			$config->set('Filter.YouTube', true);
+		// TODO implement better HTML tag stripping and XSS protection
 
-			$purifier = new HTMLPurifier($config);
+		if (function_exists('filter_var')) {
+			$res = filter_var($res, FILTER_SANITIZE_STRING);
 		}
 
-		$res = $purifier->purify($res);
+		$res = strip_tags($str, "<p><a><i><em><b><strong><code><pre><blockquote><br><img><ul><ol><li><h1><h2><h3><h4><s><object><param><table><tr><td><span>");
 
 		if (get_pref($link, "STRIP_IMAGES", $owner)) {
 			$res = preg_replace('/<img[^>]+>/is', '', $res);
diff --git a/include/sanity_check.php b/include/sanity_check.php
index 11da85921..2195945be 100644
--- a/include/sanity_check.php
+++ b/include/sanity_check.php
@@ -23,12 +23,6 @@
 				$array_push($errors, "Configuration file (config.php) has incorrect version. Update it with new options from config.php-dist and set CONFIG_VERSION to the correct value.");
 			}
 
-			$purifier_cache_dir = CACHE_DIR . "/htmlpurifier";
-
-			if (!is_writable($purifier_cache_dir)) {
-				array_push($errors, "HTMLPurifier cache directory should be writable by anyone (chmod -R 777 $purifier_cache_dir)");
-			}
-
 			if (!is_writable(CACHE_DIR . "/images")) {
 				array_push($errors, "Image cache is not writable (chmod -R 777 ".CACHE_DIR."/images)");
 			}
-- 
cgit v1.2.3