aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc/poche/Poche.class.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/poche/Poche.class.php')
-rwxr-xr-xinc/poche/Poche.class.php20
1 files changed, 14 insertions, 6 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 3a4e78d6..811895dc 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -373,9 +373,7 @@ class Poche
373 $body = $content['rss']['channel']['item']['description']; 373 $body = $content['rss']['channel']['item']['description'];
374 374
375 // clean content from prevent xss attack 375 // clean content from prevent xss attack
376 $config = HTMLPurifier_Config::createDefault(); 376 $purifier = $this->getPurifier();
377 $config->set('Cache.SerializerPath', CACHE);
378 $purifier = new HTMLPurifier($config);
379 $title = $purifier->purify($title); 377 $title = $purifier->purify($title);
380 $body = $purifier->purify($body); 378 $body = $purifier->purify($body);
381 379
@@ -920,9 +918,7 @@ class Poche
920 Tools::logm('Fetching next batch of articles...'); 918 Tools::logm('Fetching next batch of articles...');
921 $items = $this->store->retrieveUnfetchedEntries($this->user->getId(), IMPORT_LIMIT); 919 $items = $this->store->retrieveUnfetchedEntries($this->user->getId(), IMPORT_LIMIT);
922 920
923 $config = HTMLPurifier_Config::createDefault(); 921 $purifier = $this->getPurifier();
924 $config->set('Cache.SerializerPath', CACHE);
925 $purifier = new HTMLPurifier($config);
926 922
927 foreach ($items as $item) { 923 foreach ($items as $item) {
928 $url = new Url(base64_encode($item['url'])); 924 $url = new Url(base64_encode($item['url']));
@@ -1064,4 +1060,16 @@ class Poche
1064 $this->messages->add('s', _('Cache deleted.')); 1060 $this->messages->add('s', _('Cache deleted.'));
1065 Tools::redirect(); 1061 Tools::redirect();
1066 } 1062 }
1063
1064 /**
1065 * return new purifier object with actual config
1066 */
1067 protected function getPurifier() {
1068 $config = HTMLPurifier_Config::createDefault();
1069 $config->set('Cache.SerializerPath', CACHE);
1070 $config->set('HTML.SafeIframe', true);
1071 $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config);
1072
1073 return new HTMLPurifier($config);
1074 }
1067} 1075}