summaryrefslogtreecommitdiff
path: root/lib/attachmentlist.php
diff options
context:
space:
mode:
authorBrion Vibber <brion@pobox.com>2010-03-25 14:15:54 -0700
committerBrion Vibber <brion@pobox.com>2010-03-25 14:15:54 -0700
commitc11064a5398db824f2623c5763b3fdfdf8ae3c39 (patch)
tree86663a25bea567c4e0962cb3e63a79f7f82af891 /lib/attachmentlist.php
parent7fc8b6af4ae9a784b797d4f7aef49c820bb10bdf (diff)
Updated 'more' anchor for attachments to do an XHR GET
Conflicts: lib/attachmentlist.php plugins/OStatus/classes/Ostatus_profile.php Merge tried to delete things that it seems it shouldn't, very confusing order. Hope rest of the cherry-picking isn't a problem.
Diffstat (limited to 'lib/attachmentlist.php')
-rw-r--r--lib/attachmentlist.php53
1 files changed, 53 insertions, 0 deletions
diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php
index b503bfb45..c6261dea5 100644
--- a/lib/attachmentlist.php
+++ b/lib/attachmentlist.php
@@ -359,6 +359,59 @@ class Attachment extends AttachmentListItem
}
}
+ protected function showHtmlFile(File $attachment)
+ {
+ $body = $this->scrubHtmlFile($attachment);
+ if ($body) {
+ $this->out->raw($body);
+ }
+ }
+
+ /**
+ * @return mixed false on failure, HTML fragment string on success
+ */
+ protected function scrubHtmlFile(File $attachment)
+ {
+ $path = File::path($attachment->filename);
+ if (!file_exists($path) || !is_readable($path)) {
+ common_log(LOG_ERR, "Missing local HTML attachment $path");
+ return false;
+ }
+ $raw = file_get_contents($path);
+
+ // Normalize...
+ $dom = new DOMDocument();
+ if(!$dom->loadHTML($raw)) {
+ common_log(LOG_ERR, "Bad HTML in local HTML attachment $path");
+ return false;
+ }
+
+ // Remove <script>s or htmlawed will dump their contents into output!
+ // Note: removing child nodes while iterating seems to mess things up,
+ // hence the double loop.
+ $scripts = array();
+ foreach ($dom->getElementsByTagName('script') as $script) {
+ $scripts[] = $script;
+ }
+ foreach ($scripts as $script) {
+ common_log(LOG_DEBUG, $script->textContent);
+ $script->parentNode->removeChild($script);
+ }
+
+ // Trim out everything outside the body...
+ $body = $dom->saveHTML();
+ $body = preg_replace('/^.*<body[^>]*>/is', '', $body);
+ $body = preg_replace('/<\/body[^>]*>.*$/is', '', $body);
+
+ require_once INSTALLDIR.'/extlib/htmLawed/htmLawed.php';
+ $config = array('safe' => 1,
+ 'deny_attribute' => 'id,style,on*',
+ 'comment' => 1); // remove comments
+ $scrubbed = htmLawed($body, $config);
+
+ return $scrubbed;
+ }
+
function showFallback()
{
// If we don't know how to display an attachment inline, we probably