summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/activity.php9
-rw-r--r--lib/attachmentlist.php66
-rw-r--r--lib/language.php15
-rw-r--r--lib/noticelist.php3
-rw-r--r--lib/userprofile.php3
5 files changed, 81 insertions, 15 deletions
diff --git a/lib/activity.php b/lib/activity.php
index c67d090f7..23cf50f70 100644
--- a/lib/activity.php
+++ b/lib/activity.php
@@ -458,11 +458,14 @@ class ActivityUtils
// slavishly following http://atompub.org/rfc4287.html#rfc.section.4.1.3.3
if (empty($type) || $type == 'text') {
- return $contentEl->textContent;
+ // Plain text source -- let's turn it into HTML!
+ return htmlspecialchars($contentEl->textContent);
} else if ($type == 'html') {
- $text = $contentEl->textContent;
- return htmlspecialchars_decode($text, ENT_QUOTES);
+ // The XML text decoding gives us an HTML string ready to roll.
+ return $contentEl->textContent;
} else if ($type == 'xhtml') {
+ // Embedded XHTML; we have to pull it out of the document tree,
+ // then serialize it back out to an HTML fragment string.
$divEl = ActivityUtils::child($contentEl, 'div', 'http://www.w3.org/1999/xhtml');
if (empty($divEl)) {
return null;
diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php
index 51ceca857..13dafd13e 100644
--- a/lib/attachmentlist.php
+++ b/lib/attachmentlist.php
@@ -248,9 +248,7 @@ class Attachment extends AttachmentListItem
$this->out->elementStart('div', array('id' => 'attachment_view',
'class' => 'hentry'));
$this->out->elementStart('div', 'entry-title');
- $this->out->elementStart('a', $this->linkAttr());
- $this->out->element('span', null, $this->linkTitle());
- $this->out->elementEnd('a');
+ $this->out->element('a', $this->linkAttr(), $this->linkTitle());
$this->out->elementEnd('div');
$this->out->elementStart('div', 'entry-content');
@@ -296,7 +294,7 @@ class Attachment extends AttachmentListItem
}
function linkAttr() {
- return array('class' => 'external', 'href' => $this->attachment->url);
+ return array('rel' => 'external', 'href' => $this->attachment->url);
}
function linkTitle() {
@@ -332,6 +330,13 @@ class Attachment extends AttachmentListItem
$this->out->element('param', array('name' => 'autoStart', 'value' => 1));
$this->out->elementEnd('object');
break;
+
+ case 'text/html':
+ if ($this->attachment->filename) {
+ // Locally-uploaded HTML. Scrub and display inline.
+ $this->showHtmlFile($this->attachment);
+ }
+ break;
}
}
} else {
@@ -358,5 +363,58 @@ class Attachment extends AttachmentListItem
}
}
}
+
+ protected function showHtmlFile(File $attachment)
+ {
+ $body = $this->scrubHtmlFile($attachment);
+ if ($body) {
+ $this->out->raw($body);
+ }
+ }
+
+ /**
+ * @return mixed false on failure, HTML fragment string on success
+ */
+ protected function scrubHtmlFile(File $attachment)
+ {
+ $path = File::path($attachment->filename);
+ if (!file_exists($path) || !is_readable($path)) {
+ common_log(LOG_ERR, "Missing local HTML attachment $path");
+ return false;
+ }
+ $raw = file_get_contents($path);
+
+ // Normalize...
+ $dom = new DOMDocument();
+ if(!$dom->loadHTML($raw)) {
+ common_log(LOG_ERR, "Bad HTML in local HTML attachment $path");
+ return false;
+ }
+
+ // Remove <script>s or htmlawed will dump their contents into output!
+ // Note: removing child nodes while iterating seems to mess things up,
+ // hence the double loop.
+ $scripts = array();
+ foreach ($dom->getElementsByTagName('script') as $script) {
+ $scripts[] = $script;
+ }
+ foreach ($scripts as $script) {
+ common_log(LOG_DEBUG, $script->textContent);
+ $script->parentNode->removeChild($script);
+ }
+
+ // Trim out everything outside the body...
+ $body = $dom->saveHTML();
+ $body = preg_replace('/^.*<body[^>]*>/is', '', $body);
+ $body = preg_replace('/<\/body[^>]*>.*$/is', '', $body);
+
+ require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
+ $config = array('safe' => 1,
+ 'deny_attribute' => 'id,style,on*',
+ 'comment' => 1); // remove comments
+ $scrubbed = htmLawed($body, $config);
+
+ return $scrubbed;
+ }
}
diff --git a/lib/language.php b/lib/language.php
index 64b59e739..76c788025 100644
--- a/lib/language.php
+++ b/lib/language.php
@@ -202,16 +202,19 @@ function _mdomain($backtrace)
static $cached;
$path = $backtrace[0]['file'];
if (!isset($cached[$path])) {
+ $final = 'statusnet'; // assume default domain
if (DIRECTORY_SEPARATOR !== '/') {
$path = strtr($path, DIRECTORY_SEPARATOR, '/');
}
- $cut = strpos($path, '/plugins/') + 9;
- $cut2 = strpos($path, '/', $cut);
- if ($cut && $cut2) {
- $cached[$path] = substr($path, $cut, $cut2 - $cut);
- } else {
- return null;
+ $cut = strpos($path, '/plugins/');
+ if ($cut) {
+ $cut += strlen('/plugins/');
+ $cut2 = strpos($path, '/', $cut);
+ if ($cut && $cut2) {
+ $final = substr($path, $cut, $cut2 - $cut);
+ }
}
+ $cached[$path] = $final;
}
return $cached[$path];
}
diff --git a/lib/noticelist.php b/lib/noticelist.php
index 811b7e4f1..0d4cd4dd9 100644
--- a/lib/noticelist.php
+++ b/lib/noticelist.php
@@ -443,7 +443,8 @@ class NoticeListItem extends Widget
$name);
} else {
$xstr = new XMLStringer(false);
- $xstr->elementStart('a', array('href' => $url));
+ $xstr->elementStart('a', array('href' => $url,
+ 'rel' => 'external'));
$xstr->element('abbr', array('class' => 'geo',
'title' => $latlon),
$name);
diff --git a/lib/userprofile.php b/lib/userprofile.php
index 2c3b1ea45..ca060842b 100644
--- a/lib/userprofile.php
+++ b/lib/userprofile.php
@@ -71,7 +71,8 @@ class UserProfile extends Widget
{
if (Event::handle('StartProfilePageProfileSection', array(&$this->out, $this->profile))) {
- $this->out->elementStart('div', 'entity_profile vcard author');
+ $this->out->elementStart('div', array('id' => 'i',
+ 'class' => 'entity_profile vcard author'));
$this->out->element('h2', null, _('User profile'));
if (Event::handle('StartProfilePageProfileElements', array(&$this->out, $this->profile))) {