diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/activity.php | 9 | ||||
-rw-r--r-- | lib/attachmentlist.php | 66 | ||||
-rw-r--r-- | lib/language.php | 15 | ||||
-rw-r--r-- | lib/noticelist.php | 3 | ||||
-rw-r--r-- | lib/userprofile.php | 3 |
5 files changed, 81 insertions, 15 deletions
diff --git a/lib/activity.php b/lib/activity.php index c67d090f7..23cf50f70 100644 --- a/lib/activity.php +++ b/lib/activity.php @@ -458,11 +458,14 @@ class ActivityUtils // slavishly following http://atompub.org/rfc4287.html#rfc.section.4.1.3.3 if (empty($type) || $type == 'text') { - return $contentEl->textContent; + // Plain text source -- let's turn it into HTML! + return htmlspecialchars($contentEl->textContent); } else if ($type == 'html') { - $text = $contentEl->textContent; - return htmlspecialchars_decode($text, ENT_QUOTES); + // The XML text decoding gives us an HTML string ready to roll. + return $contentEl->textContent; } else if ($type == 'xhtml') { + // Embedded XHTML; we have to pull it out of the document tree, + // then serialize it back out to an HTML fragment string. $divEl = ActivityUtils::child($contentEl, 'div', 'http://www.w3.org/1999/xhtml'); if (empty($divEl)) { return null; diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php index 51ceca857..13dafd13e 100644 --- a/lib/attachmentlist.php +++ b/lib/attachmentlist.php @@ -248,9 +248,7 @@ class Attachment extends AttachmentListItem $this->out->elementStart('div', array('id' => 'attachment_view', 'class' => 'hentry')); $this->out->elementStart('div', 'entry-title'); - $this->out->elementStart('a', $this->linkAttr()); - $this->out->element('span', null, $this->linkTitle()); - $this->out->elementEnd('a'); + $this->out->element('a', $this->linkAttr(), $this->linkTitle()); $this->out->elementEnd('div'); $this->out->elementStart('div', 'entry-content'); @@ -296,7 +294,7 @@ class Attachment extends AttachmentListItem } function linkAttr() { - return array('class' => 'external', 'href' => $this->attachment->url); + return array('rel' => 'external', 'href' => $this->attachment->url); } function linkTitle() { @@ -332,6 +330,13 @@ class Attachment extends AttachmentListItem $this->out->element('param', array('name' => 'autoStart', 'value' => 1)); $this->out->elementEnd('object'); break; + + case 'text/html': + if ($this->attachment->filename) { + // Locally-uploaded HTML. Scrub and display inline. + $this->showHtmlFile($this->attachment); + } + break; } } } else { @@ -358,5 +363,58 @@ class Attachment extends AttachmentListItem } } } + + protected function showHtmlFile(File $attachment) + { + $body = $this->scrubHtmlFile($attachment); + if ($body) { + $this->out->raw($body); + } + } + + /** + * @return mixed false on failure, HTML fragment string on success + */ + protected function scrubHtmlFile(File $attachment) + { + $path = File::path($attachment->filename); + if (!file_exists($path) || !is_readable($path)) { + common_log(LOG_ERR, "Missing local HTML attachment $path"); + return false; + } + $raw = file_get_contents($path); + + // Normalize... + $dom = new DOMDocument(); + if(!$dom->loadHTML($raw)) { + common_log(LOG_ERR, "Bad HTML in local HTML attachment $path"); + return false; + } + + // Remove <script>s or htmlawed will dump their contents into output! + // Note: removing child nodes while iterating seems to mess things up, + // hence the double loop. + $scripts = array(); + foreach ($dom->getElementsByTagName('script') as $script) { + $scripts[] = $script; + } + foreach ($scripts as $script) { + common_log(LOG_DEBUG, $script->textContent); + $script->parentNode->removeChild($script); + } + + // Trim out everything outside the body... + $body = $dom->saveHTML(); + $body = preg_replace('/^.*<body[^>]*>/is', '', $body); + $body = preg_replace('/<\/body[^>]*>.*$/is', '', $body); + + require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php'; + $config = array('safe' => 1, + 'deny_attribute' => 'id,style,on*', + 'comment' => 1); // remove comments + $scrubbed = htmLawed($body, $config); + + return $scrubbed; + } } diff --git a/lib/language.php b/lib/language.php index 64b59e739..76c788025 100644 --- a/lib/language.php +++ b/lib/language.php @@ -202,16 +202,19 @@ function _mdomain($backtrace) static $cached; $path = $backtrace[0]['file']; if (!isset($cached[$path])) { + $final = 'statusnet'; // assume default domain if (DIRECTORY_SEPARATOR !== '/') { $path = strtr($path, DIRECTORY_SEPARATOR, '/'); } - $cut = strpos($path, '/plugins/') + 9; - $cut2 = strpos($path, '/', $cut); - if ($cut && $cut2) { - $cached[$path] = substr($path, $cut, $cut2 - $cut); - } else { - return null; + $cut = strpos($path, '/plugins/'); + if ($cut) { + $cut += strlen('/plugins/'); + $cut2 = strpos($path, '/', $cut); + if ($cut && $cut2) { + $final = substr($path, $cut, $cut2 - $cut); + } } + $cached[$path] = $final; } return $cached[$path]; } diff --git a/lib/noticelist.php b/lib/noticelist.php index 811b7e4f1..0d4cd4dd9 100644 --- a/lib/noticelist.php +++ b/lib/noticelist.php @@ -443,7 +443,8 @@ class NoticeListItem extends Widget $name); } else { $xstr = new XMLStringer(false); - $xstr->elementStart('a', array('href' => $url)); + $xstr->elementStart('a', array('href' => $url, + 'rel' => 'external')); $xstr->element('abbr', array('class' => 'geo', 'title' => $latlon), $name); diff --git a/lib/userprofile.php b/lib/userprofile.php index 2c3b1ea45..ca060842b 100644 --- a/lib/userprofile.php +++ b/lib/userprofile.php @@ -71,7 +71,8 @@ class UserProfile extends Widget { if (Event::handle('StartProfilePageProfileSection', array(&$this->out, $this->profile))) { - $this->out->elementStart('div', 'entity_profile vcard author'); + $this->out->elementStart('div', array('id' => 'i', + 'class' => 'entity_profile vcard author')); $this->out->element('h2', null, _('User profile')); if (Event::handle('StartProfilePageProfileElements', array(&$this->out, $this->profile))) { |