aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-02-01 17:50:49 -0800
committerFriendika <info@friendika.com>2011-02-01 17:50:49 -0800
commitbafae56b39d018dd2ef778399fd753302e0ab8c3 (patch)
tree21ab3f3c914f2187e2f577bc5ee414c985448e4e
parent968e8bb9c4a1183483e487a1c1ac557fa9c21ad0 (diff)
downloadvolse-hubzilla-bafae56b39d018dd2ef778399fd753302e0ab8c3.tar.gz
volse-hubzilla-bafae56b39d018dd2ef778399fd753302e0ab8c3.tar.bz2
volse-hubzilla-bafae56b39d018dd2ef778399fd753302e0ab8c3.zip
make sure content is unaltered
-rw-r--r--include/items.php33
1 files changed, 18 insertions, 15 deletions
diff --git a/include/items.php b/include/items.php
index d06cc30cd..d091e4c03 100644
--- a/include/items.php
+++ b/include/items.php
@@ -388,7 +388,8 @@ function get_atom_elements($feed,$item) {
$have_real_body = true;
$res['body'] = $rawenv[0]['data'];
$res['body'] = str_replace(array(' ',"\t","\r","\n"), array('','','',''),$res['body']);
- $res['body'] = base64url_decode($res['body']);
+ // make sure nobody is trying to sneak some html tags by us
+ $res['body'] = notags(base64url_decode($res['body']));
$res['realbody'] = true;
}
@@ -407,27 +408,29 @@ function get_atom_elements($feed,$item) {
// html.
- if((! $have_real_body) || (strpos($res['body'],'<')) || (strpos($res['body'],'>'))) {
+ if(! $have_real_body) {
+ if((strpos($res['body'],'<')) || (strpos($res['body'],'>'))) {
- $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
- '[youtube]$1[/youtube]', $res['body']);
+ $res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
+ '[youtube]$1[/youtube]', $res['body']);
- $res['body'] = oembed_html2bbcode($res['body']);
+ $res['body'] = oembed_html2bbcode($res['body']);
- $config = HTMLPurifier_Config::createDefault();
- $config->set('Cache.DefinitionImpl', null);
+ $config = HTMLPurifier_Config::createDefault();
+ $config->set('Cache.DefinitionImpl', null);
- // we shouldn't need a whitelist, because the bbcode converter
- // will strip out any unsupported tags.
- // $config->set('HTML.Allowed', 'p,b,a[href],i');
+ // we shouldn't need a whitelist, because the bbcode converter
+ // will strip out any unsupported tags.
+ // $config->set('HTML.Allowed', 'p,b,a[href],i');
- $purifier = new HTMLPurifier($config);
- $res['body'] = $purifier->purify($res['body']);
+ $purifier = new HTMLPurifier($config);
+ $res['body'] = $purifier->purify($res['body']);
- $res['body'] = html2bbcode($res['body']);
+ $res['body'] = html2bbcode($res['body']);
+ }
+ else
+ $res['body'] = escape_tags($res['body']);
}
- else
- $res['body'] = escape_tags($res['body']);
$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');