--- a/wp/wp-includes/SimplePie/Sanitize.php Tue Oct 22 16:11:46 2019 +0200
+++ b/wp/wp-includes/SimplePie/Sanitize.php Tue Dec 15 13:49:49 2020 +0100
@@ -5,7 +5,7 @@
* A PHP-Based RSS and Atom Feed Framework.
* Takes the hard work out of managing a complete RSS/Atom solution.
*
- * Copyright (c) 2004-2012, Ryan Parman, Geoffrey Sneddon, Ryan McCue, and contributors
+ * Copyright (c) 2004-2016, Ryan Parman, Sam Sneddon, Ryan McCue, and contributors
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without modification, are
@@ -33,10 +33,9 @@
* POSSIBILITY OF SUCH DAMAGE.
*
* @package SimplePie
- * @version 1.3.1
- * @copyright 2004-2012 Ryan Parman, Geoffrey Sneddon, Ryan McCue
+ * @copyright 2004-2016 Ryan Parman, Sam Sneddon, Ryan McCue
* @author Ryan Parman
- * @author Geoffrey Sneddon
+ * @author Sam Sneddon
* @author Ryan McCue
* @link http://simplepie.org/ SimplePie
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
@@ -61,7 +60,8 @@
var $image_handler = '';
var $strip_htmltags = array('base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style');
var $encode_instead_of_strip = false;
- var $strip_attributes = array('bgsound', 'class', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc');
+ var $strip_attributes = array('bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc');
+ var $add_attributes = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none'));
var $strip_comments = false;
var $output_encoding = 'UTF-8';
var $enable_cache = true;
@@ -160,7 +160,7 @@
$this->encode_instead_of_strip = (bool) $encode;
}
- public function strip_attributes($attribs = array('bgsound', 'class', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'))
+ public function strip_attributes($attribs = array('bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'))
{
if ($attribs)
{
@@ -179,6 +179,25 @@
}
}
+ public function add_attributes($attribs = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none')))
+ {
+ if ($attribs)
+ {
+ if (is_array($attribs))
+ {
+ $this->add_attributes = $attribs;
+ }
+ else
+ {
+ $this->add_attributes = explode(',', $attribs);
+ }
+ }
+ else
+ {
+ $this->add_attributes = false;
+ }
+ }
+
public function strip_comments($strip = false)
{
$this->strip_comments = (bool) $strip;
@@ -249,21 +268,22 @@
if (!class_exists('DOMDocument'))
{
- $this->registry->call('Misc', 'error', array('DOMDocument not found, unable to use sanitizer', E_USER_WARNING, __FILE__, __LINE__));
- return '';
+ throw new SimplePie_Exception('DOMDocument not found, unable to use sanitizer');
}
$document = new DOMDocument();
$document->encoding = 'UTF-8';
+
$data = $this->preprocess($data, $type);
set_error_handler(array('SimplePie_Misc', 'silence_errors'));
$document->loadHTML($data);
restore_error_handler();
+ $xpath = new DOMXPath($document);
+
// Strip comments
if ($this->strip_comments)
{
- $xpath = new DOMXPath($document);
$comments = $xpath->query('//comment()');
foreach ($comments as $comment)
@@ -279,7 +299,7 @@
{
foreach ($this->strip_htmltags as $tag)
{
- $this->strip_tag($tag, $document, $type);
+ $this->strip_tag($tag, $document, $xpath, $type);
}
}
@@ -287,7 +307,15 @@
{
foreach ($this->strip_attributes as $attrib)
{
- $this->strip_attr($attrib, $document);
+ $this->strip_attr($attrib, $xpath);
+ }
+ }
+
+ if ($this->add_attributes)
+ {
+ foreach ($this->add_attributes as $tag => $valuePairs)
+ {
+ $this->add_attr($tag, $valuePairs, $document);
}
}
@@ -326,7 +354,7 @@
}
else
{
- trigger_error("$this->cache_location is not writeable. Make sure you've set the correct relative or absolute path, and that the location is server-writable.", E_USER_WARNING);
+ trigger_error("$this->cache_location is not writable. Make sure you've set the correct relative or absolute path, and that the location is server-writable.", E_USER_WARNING);
}
}
}
@@ -334,19 +362,10 @@
}
}
- // Remove the DOCTYPE
- // Seems to cause segfaulting if we don't do this
- if ($document->firstChild instanceof DOMDocumentType)
- {
- $document->removeChild($document->firstChild);
- }
-
- // Move everything from the body to the root
- $real_body = $document->getElementsByTagName('body')->item(0)->childNodes->item(0);
- $document->replaceChild($real_body, $document->firstChild);
-
+ // Get content node
+ $div = $document->getElementsByTagName('body')->item(0)->firstChild;
// Finally, convert to a HTML string
- $data = trim($document->saveHTML());
+ $data = trim($document->saveHTML($div));
if ($this->remove_div)
{
@@ -384,6 +403,7 @@
protected function preprocess($html, $type)
{
$ret = '';
+ $html = preg_replace('%</?(?:html|body)[^>]*?'.'>%is', '', $html);
if ($type & ~SIMPLEPIE_CONSTRUCT_XHTML)
{
// Atom XHTML constructs are wrapped with a div by default
@@ -456,9 +476,8 @@
}
}
- protected function strip_tag($tag, $document, $type)
+ protected function strip_tag($tag, $document, $xpath, $type)
{
- $xpath = new DOMXPath($document);
$elements = $xpath->query('body//' . $tag);
if ($this->encode_instead_of_strip)
{
@@ -541,9 +560,8 @@
}
}
- protected function strip_attr($attrib, $document)
+ protected function strip_attr($attrib, $xpath)
{
- $xpath = new DOMXPath($document);
$elements = $xpath->query('//*[@' . $attrib . ']');
foreach ($elements as $element)
@@ -551,4 +569,16 @@
$element->removeAttribute($attrib);
}
}
+
+ protected function add_attr($tag, $valuePairs, $document)
+ {
+ $elements = $document->getElementsByTagName($tag);
+ foreach ($elements as $element)
+ {
+ foreach ($valuePairs as $attrib => $value)
+ {
+ $element->setAttribute($attrib, $value);
+ }
+ }
+ }
}