From: Andrew Dolgov Date: Thu, 31 May 2012 20:07:59 +0000 (+0400) Subject: remove htmlpurifier X-Git-Tag: 1.6.0~223 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=c21a462d52bd32737c32c29b060da03b38f1c2e6;p=tt-rss.git remove htmlpurifier --- diff --git a/cache/htmlpurifier/.empty b/cache/htmlpurifier/.empty deleted file mode 100644 index e69de29b..00000000 diff --git a/debian/tt-rss-common.postinst b/debian/tt-rss-common.postinst index 9c18ebd0..d12631f3 100644 --- a/debian/tt-rss-common.postinst +++ b/debian/tt-rss-common.postinst @@ -21,10 +21,6 @@ case "$1" in install -d -m775 -gwww-data /var/lock/tt-rss fi - if [ ! -d /var/cache/tt-rss/htmlpurifier ]; then - install -d -m775 -gwww-data /var/cache/tt-rss/htmlpurifier - fi - if [ ! -d /var/cache/tt-rss/magpie ]; then install -d -m775 -gwww-data /var/cache/tt-rss/magpie fi diff --git a/include/functions.php b/include/functions.php index 13214ba6..d11d62d2 100644 --- a/include/functions.php +++ b/include/functions.php @@ -100,8 +100,6 @@ require_once 'lib/pubsubhubbub/publisher.php'; - $purifier = false; - $tz_offset = -1; $utc_tz = new DateTimeZone('UTC'); $schema_version = false; @@ -2621,36 +2619,17 @@ } function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) { - global $purifier; - if (!$owner) $owner = $_SESSION["uid"]; $res = trim($str); if (!$res) return ''; - // create global Purifier object if needed - if (!$purifier) { - require_once 'lib/htmlpurifier/library/HTMLPurifier.auto.php'; - - $config = HTMLPurifier_Config::createDefault(); - - $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title|align|hspace],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value],table,tr,td,span[class]"; - - $config->set('HTML.SafeObject', true); - @$config->set('HTML', 'Allowed', $allowed); - $config->set('Output.FlashCompat', true); - $config->set('Attr.EnableID', true); - if (!defined('MOBILE_VERSION')) { - @$config->set('Cache', 'SerializerPath', CACHE_DIR . "/htmlpurifier"); - } else { - @$config->set('Cache', 'SerializerPath', "../" . CACHE_DIR . "/htmlpurifier"); - } - - $config->set('Filter.YouTube', true); + // TODO implement better HTML tag stripping and XSS protection - $purifier = new HTMLPurifier($config); + if (function_exists('filter_var')) { + $res = filter_var($res, FILTER_SANITIZE_STRING); } - $res = $purifier->purify($res); + $res = strip_tags($str, "