diff options
| author | Brion Vibber <brion@pobox.com> | 2010-03-17 16:41:01 -0700 |
|---|---|---|
| committer | Brion Vibber <brion@pobox.com> | 2010-03-17 16:41:01 -0700 |
| commit | 5d1295f233327d0a7f8dfdc2557ecaa923006a64 (patch) | |
| tree | 3bcc7bbfce38452edf48f769f2a41adc07af8e31 /lib | |
| parent | 3255f9d9cfb2425466f22dab68bccae86fad8ccd (diff) | |
| parent | d8a533274fa6354072a2acb66bd1574ecaec2c02 (diff) | |
Merge branch 'ostatus-crop' into 0.9.x
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/attachmentlist.php | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php index dc6709d67..13dafd13e 100644 --- a/lib/attachmentlist.php +++ b/lib/attachmentlist.php @@ -330,6 +330,13 @@ class Attachment extends AttachmentListItem $this->out->element('param', array('name' => 'autoStart', 'value' => 1)); $this->out->elementEnd('object'); break; + + case 'text/html': + if ($this->attachment->filename) { + // Locally-uploaded HTML. Scrub and display inline. + $this->showHtmlFile($this->attachment); + } + break; } } } else { @@ -356,5 +363,58 @@ class Attachment extends AttachmentListItem } } } + + protected function showHtmlFile(File $attachment) + { + $body = $this->scrubHtmlFile($attachment); + if ($body) { + $this->out->raw($body); + } + } + + /** + * @return mixed false on failure, HTML fragment string on success + */ + protected function scrubHtmlFile(File $attachment) + { + $path = File::path($attachment->filename); + if (!file_exists($path) || !is_readable($path)) { + common_log(LOG_ERR, "Missing local HTML attachment $path"); + return false; + } + $raw = file_get_contents($path); + + // Normalize... + $dom = new DOMDocument(); + if(!$dom->loadHTML($raw)) { + common_log(LOG_ERR, "Bad HTML in local HTML attachment $path"); + return false; + } + + // Remove <script>s or htmlawed will dump their contents into output! + // Note: removing child nodes while iterating seems to mess things up, + // hence the double loop. + $scripts = array(); + foreach ($dom->getElementsByTagName('script') as $script) { + $scripts[] = $script; + } + foreach ($scripts as $script) { + common_log(LOG_DEBUG, $script->textContent); + $script->parentNode->removeChild($script); + } + + // Trim out everything outside the body... + $body = $dom->saveHTML(); + $body = preg_replace('/^.*<body[^>]*>/is', '', $body); + $body = preg_replace('/<\/body[^>]*>.*$/is', '', $body); + + require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; + $config = array('safe' => 1, + 'deny_attribute' => 'id,style,on*', + 'comment' => 1); // remove comments + $scrubbed = htmLawed($body, $config); + + return $scrubbed; + } } |