From bc6aba67bbe023c461a47bdf7c0c81d061ca6b5a Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 22 Jan 2014 21:34:59 +0100
Subject: Bug récupération flux tronqués
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Corrige https://github.com/marienfressinaud/FreshRSS/issues/381
---
 lib/lib_rss.php | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 50 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 33d7ebc32..ba5b01112 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -106,13 +106,59 @@ function html_only_entity_decode($text) {
 	return strtr($text, $htmlEntitiesOnly);
 }
 
-function sanitizeHTML($data) {
+function customSimplePie() {
+	$simplePie = new SimplePie();
+	$simplePie->set_useragent(Minz_Translate::t('freshrss') . '/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ') ' . SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION);
+	$simplePie->set_cache_location(CACHE_PATH);
+	$simplePie->set_cache_duration(1500);
+	$simplePie->strip_htmltags(array(
+		'base', 'blink', 'body', 'doctype', 'embed',
+		'font', 'form', 'frame', 'frameset', 'html',
+		'input', 'marquee', 'meta', 'noscript',
+		'object', 'param', 'plaintext', 'script', 'style',
+	));
+	$simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array(
+		'autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup',
+		'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur',
+		'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless')));
+	$simplePie->add_attributes(array(
+		'img' => array('lazyload' => ''),	//http://www.w3.org/TR/resource-priorities/
+		'audio' => array('preload' => 'none'),
+		'iframe' => array('postpone' => '', 'sandbox' => 'allow-scripts allow-same-origin'),
+		'video' => array('postpone' => '', 'preload' => 'none'),
+	));
+	$simplePie->set_url_replacements(array(
+		'a' => 'href',
+		'area' => 'href',
+		'audio' => 'src',
+		'blockquote' => 'cite',
+		'del' => 'cite',
+		'form' => 'action',
+		'iframe' => 'src',
+		'img' => array(
+			'longdesc',
+			'src'
+		),
+		'input' => 'src',
+		'ins' => 'cite',
+		'q' => 'cite',
+		'source' => 'src',
+		'track' => 'src',
+		'video' => array(
+			'poster',
+			'src',
+		),
+	));
+	return $simplePie;
+}
+
+function sanitizeHTML($data, $base = '') {
 	static $simplePie = null;
 	if ($simplePie == null) {
-		$simplePie = new SimplePie();
+		$simplePie = customSimplePie();
 		$simplePie->init();
 	}
-	return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_MAYBE_HTML));
+	return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
 }
 
 /* permet de récupérer le contenu d'un article pour un flux qui n'est pas complet */
@@ -125,7 +171,7 @@ function get_content_by_parsing ($url, $path) {
 	if ($html) {
 		$doc = phpQuery::newDocument ($html);
 		$content = $doc->find ($path);
-		return sanitizeHTML($content->__toString());
+		return sanitizeHTML($content->__toString(), $url);
 	} else {
 		throw new Exception ();
 	}
-- 
cgit v1.2.3