Merge branch 'dev' into beta

3 files changed, 86 insertions, 16 deletions

diff --git a/lib/Minz/Configuration.php b/lib/Minz/Configuration.php
index 72e2cedc0..572b9984d 100644
--- a/lib/Minz/Configuration.php
+++ b/lib/Minz/Configuration.php
@@ -69,8 +69,24 @@ class Minz_Configuration {
 	public static function salt () {
 		return self::$salt;
 	}
-	public static function environment () {
-		return self::$environment;
+	public static function environment ($str = false) {
+		$env = self::$environment;
+
+		if ($str) {
+			switch (self::$environment) {
+			case self::SILENT:
+				$env = 'silent';
+				break;
+			case self::DEVELOPMENT:
+				$env = 'development';
+				break;
+			case self::PRODUCTION:
+			default:
+				$env = 'production';
+			}
+		}
+
+		return $env;
 	}
 	public static function baseUrl () {
 		return self::$base_url;
@@ -147,7 +163,7 @@ class Minz_Configuration {
 	public static function writeFile() {
 		$ini_array = array(
 			'general' => array(
-				'environment' => self::$environment,
+				'environment' => self::environment(true),
 				'use_url_rewriting' => self::$use_url_rewriting,
 				'salt' => self::$salt,
 				'base_url' => self::$base_url,
@@ -205,23 +221,26 @@ class Minz_Configuration {
 
 		if (isset ($general['environment'])) {
 			switch ($general['environment']) {
-			case Minz_Configuration::SILENT:
 			case 'silent':
 				self::$environment = Minz_Configuration::SILENT;
 				break;
-			case Minz_Configuration::DEVELOPMENT:
 			case 'development':
 				self::$environment = Minz_Configuration::DEVELOPMENT;
 				break;
-			case Minz_Configuration::PRODUCTION:
 			case 'production':
 				self::$environment = Minz_Configuration::PRODUCTION;
 				break;
 			default:
-				throw new Minz_BadConfigurationException (
-					'environment',
-					Minz_Exception::ERROR
-				);
+				if ($general['environment'] >= 0 &&
+					$general['environment'] <= 2) {
+					// fallback 0.7-beta
+					self::$environment = $general['environment'];
+				} else {
+					throw new Minz_BadConfigurationException (
+						'environment',
+						Minz_Exception::ERROR
+					);
+				}
 			}
 
 		}
diff --git a/lib/Minz/Error.php b/lib/Minz/Error.php
index 1ad0d313c..337ab6c0a 100644
--- a/lib/Minz/Error.php
+++ b/lib/Minz/Error.php
@@ -21,7 +21,7 @@ class Minz_Error {
 	*/
 	public static function error ($code = 404, $logs = array (), $redirect = false) {
 		$logs = self::processLogs ($logs);
-		$error_filename = APP_PATH . '/Controllers/ErrorController.php';
+		$error_filename = APP_PATH . '/Controllers/errorController.php';
 
 		if (file_exists ($error_filename)) {
 			$params = array (
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 33d7ebc32..b953f96ce 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -62,6 +62,11 @@ function small_hash ($txt) {
 	return strtr ($t, '+/', '-_');
 }
 
+function formatNumber($n, $precision = 0) {
+	return str_replace(' ', '&#8239;',	//Espace fine insécable
+		number_format($n, $precision, '.', ' '));	//number_format does not seem to be Unicode-compatible
+}
+
 function formatBytes($bytes, $precision = 2, $system = 'IEC') {
 	if ($system === 'IEC') {
 		$base = 1024;
@@ -74,7 +79,7 @@ function formatBytes($bytes, $precision = 2, $system = 'IEC') {
 	$pow = $bytes === 0 ? 0 : floor(log($bytes) / log($base));
 	$pow = min($pow, count($units) - 1);
 	$bytes /= pow($base, $pow);
-	return round($bytes, $precision) . ' ' . $units[$pow];
+	return formatNumber($bytes, $precision) . ' ' . $units[$pow];
 }
 
 function timestamptodate ($t, $hour = true) {
@@ -106,13 +111,59 @@ function html_only_entity_decode($text) {
 	return strtr($text, $htmlEntitiesOnly);
 }
 
-function sanitizeHTML($data) {
+function customSimplePie() {
+	$simplePie = new SimplePie();
+	$simplePie->set_useragent(Minz_Translate::t('freshrss') . '/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ') ' . SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION);
+	$simplePie->set_cache_location(CACHE_PATH);
+	$simplePie->set_cache_duration(1500);
+	$simplePie->strip_htmltags(array(
+		'base', 'blink', 'body', 'doctype', 'embed',
+		'font', 'form', 'frame', 'frameset', 'html',
+		'link', 'input', 'marquee', 'meta', 'noscript',
+		'object', 'param', 'plaintext', 'script', 'style',
+	));
+	$simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array(
+		'autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',
+		'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur',
+		'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless')));
+	$simplePie->add_attributes(array(
+		'img' => array('lazyload' => ''),	//http://www.w3.org/TR/resource-priorities/
+		'audio' => array('preload' => 'none'),
+		'iframe' => array('postpone' => '', 'sandbox' => 'allow-scripts allow-same-origin'),
+		'video' => array('postpone' => '', 'preload' => 'none'),
+	));
+	$simplePie->set_url_replacements(array(
+		'a' => 'href',
+		'area' => 'href',
+		'audio' => 'src',
+		'blockquote' => 'cite',
+		'del' => 'cite',
+		'form' => 'action',
+		'iframe' => 'src',
+		'img' => array(
+			'longdesc',
+			'src'
+		),
+		'input' => 'src',
+		'ins' => 'cite',
+		'q' => 'cite',
+		'source' => 'src',
+		'track' => 'src',
+		'video' => array(
+			'poster',
+			'src',
+		),
+	));
+	return $simplePie;
+}
+
+function sanitizeHTML($data, $base = '') {
 	static $simplePie = null;
 	if ($simplePie == null) {
-		$simplePie = new SimplePie();
+		$simplePie = customSimplePie();
 		$simplePie->init();
 	}
-	return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_MAYBE_HTML));
+	return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
 }
 
 /* permet de récupérer le contenu d'un article pour un flux qui n'est pas complet */
@@ -125,7 +176,7 @@ function get_content_by_parsing ($url, $path) {
 	if ($html) {
 		$doc = phpQuery::newDocument ($html);
 		$content = $doc->find ($path);
-		return sanitizeHTML($content->__toString());
+		return sanitizeHTML($content->__toString(), $url);
 	} else {
 		throw new Exception ();
 	}