From 0f859c6f321af6dfaea66e04cde705ba97e6b5be Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Fri, 11 Apr 2014 17:21:54 +0300 Subject: error with empty content by import fixed. Also youtube and vimeo videos are allowd in content now. --- inc/poche/Poche.class.php | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 3a4e78d6..811895dc 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -373,9 +373,7 @@ class Poche $body = $content['rss']['channel']['item']['description']; // clean content from prevent xss attack - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.SerializerPath', CACHE); - $purifier = new HTMLPurifier($config); + $purifier = $this->getPurifier(); $title = $purifier->purify($title); $body = $purifier->purify($body); @@ -920,9 +918,7 @@ class Poche Tools::logm('Fetching next batch of articles...'); $items = $this->store->retrieveUnfetchedEntries($this->user->getId(), IMPORT_LIMIT); - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.SerializerPath', CACHE); - $purifier = new HTMLPurifier($config); + $purifier = $this->getPurifier(); foreach ($items as $item) { $url = new Url(base64_encode($item['url'])); @@ -1064,4 +1060,16 @@ class Poche $this->messages->add('s', _('Cache deleted.')); Tools::redirect(); } + + /** + * return new purifier object with actual config + */ + protected function getPurifier() { + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.SerializerPath', CACHE); + $config->set('HTML.SafeIframe', true); + $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config); + + return new HTMLPurifier($config); + } } -- cgit v1.2.3