error with empty content by import fixed. Also youtube and vimeo videos are allowd...

[github/wallabag/wallabag.git] / inc / poche / Poche.class.php

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 3a4e78d6ae64013b3700adc962659a218d5581da..811895dcacf5312666c98ae73262168506abea4c 100755 (executable)
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -373,9 +373,7 @@ class Poche
                 $body = $content['rss']['channel']['item']['description'];
 
                 // clean content from prevent xss attack
-                $config = HTMLPurifier_Config::createDefault();
-                $config->set('Cache.SerializerPath', CACHE);
-                $purifier = new HTMLPurifier($config);
+                $purifier = $this->getPurifier();
                 $title = $purifier->purify($title);
                 $body = $purifier->purify($body);
 
@@ -920,9 +918,7 @@ class Poche
           Tools::logm('Fetching next batch of articles...');
           $items = $this->store->retrieveUnfetchedEntries($this->user->getId(), IMPORT_LIMIT);
 
-          $config = HTMLPurifier_Config::createDefault();
-          $config->set('Cache.SerializerPath', CACHE);
-          $purifier = new HTMLPurifier($config);
+          $purifier = $this->getPurifier();
 
           foreach ($items as $item) {
             $url = new Url(base64_encode($item['url']));
@@ -1064,4 +1060,16 @@ class Poche
         $this->messages->add('s', _('Cache deleted.'));
         Tools::redirect();
     }
+
+    /**
+     * return new purifier object with actual config
+     */
+    protected function getPurifier() {
+      $config = HTMLPurifier_Config::createDefault();\r
+      $config->set('Cache.SerializerPath', CACHE);\r
+      $config->set('HTML.SafeIframe', true);\r
+      $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config);
+\r
+      return new HTMLPurifier($config);
+    }
 }