Edit File by line
/home/zeestwma/redstone.../wp-inclu.../SimplePi.../src
File: Sanitize.php
<?php
[0] Fix | Delete
[1] Fix | Delete
// SPDX-FileCopyrightText: 2004-2023 Ryan Parman, Sam Sneddon, Ryan McCue
[2] Fix | Delete
// SPDX-License-Identifier: BSD-3-Clause
[3] Fix | Delete
[4] Fix | Delete
declare(strict_types=1);
[5] Fix | Delete
[6] Fix | Delete
namespace SimplePie;
[7] Fix | Delete
[8] Fix | Delete
use DOMDocument;
[9] Fix | Delete
use DOMXPath;
[10] Fix | Delete
use InvalidArgumentException;
[11] Fix | Delete
use Psr\Http\Client\ClientInterface;
[12] Fix | Delete
use Psr\Http\Message\RequestFactoryInterface;
[13] Fix | Delete
use Psr\Http\Message\UriFactoryInterface;
[14] Fix | Delete
use SimplePie\Cache\Base;
[15] Fix | Delete
use SimplePie\Cache\BaseDataCache;
[16] Fix | Delete
use SimplePie\Cache\CallableNameFilter;
[17] Fix | Delete
use SimplePie\Cache\DataCache;
[18] Fix | Delete
use SimplePie\Cache\NameFilter;
[19] Fix | Delete
use SimplePie\HTTP\Client;
[20] Fix | Delete
use SimplePie\HTTP\ClientException;
[21] Fix | Delete
use SimplePie\HTTP\FileClient;
[22] Fix | Delete
use SimplePie\HTTP\Psr18Client;
[23] Fix | Delete
[24] Fix | Delete
/**
[25] Fix | Delete
* Used for data cleanup and post-processing
[26] Fix | Delete
*
[27] Fix | Delete
*
[28] Fix | Delete
* This class can be overloaded with {@see \SimplePie\SimplePie::set_sanitize_class()}
[29] Fix | Delete
*
[30] Fix | Delete
* @todo Move to using an actual HTML parser (this will allow tags to be properly stripped, and to switch between HTML and XHTML), this will also make it easier to shorten a string while preserving HTML tags
[31] Fix | Delete
*/
[32] Fix | Delete
class Sanitize implements RegistryAware
[33] Fix | Delete
{
[34] Fix | Delete
// Private vars
[35] Fix | Delete
/** @var string */
[36] Fix | Delete
public $base = '';
[37] Fix | Delete
[38] Fix | Delete
// Options
[39] Fix | Delete
/** @var bool */
[40] Fix | Delete
public $remove_div = true;
[41] Fix | Delete
/** @var string */
[42] Fix | Delete
public $image_handler = '';
[43] Fix | Delete
/** @var string[] */
[44] Fix | Delete
public $strip_htmltags = ['base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style'];
[45] Fix | Delete
/** @var bool */
[46] Fix | Delete
public $encode_instead_of_strip = false;
[47] Fix | Delete
/** @var string[] */
[48] Fix | Delete
public $strip_attributes = ['bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'];
[49] Fix | Delete
/** @var string[] */
[50] Fix | Delete
public $rename_attributes = [];
[51] Fix | Delete
/** @var array<string, array<string, string>> */
[52] Fix | Delete
public $add_attributes = ['audio' => ['preload' => 'none'], 'iframe' => ['sandbox' => 'allow-scripts allow-same-origin'], 'video' => ['preload' => 'none']];
[53] Fix | Delete
/** @var bool */
[54] Fix | Delete
public $strip_comments = false;
[55] Fix | Delete
/** @var string */
[56] Fix | Delete
public $output_encoding = 'UTF-8';
[57] Fix | Delete
/** @var bool */
[58] Fix | Delete
public $enable_cache = true;
[59] Fix | Delete
/** @var string */
[60] Fix | Delete
public $cache_location = './cache';
[61] Fix | Delete
/** @var string&(callable(string): string) */
[62] Fix | Delete
public $cache_name_function = 'md5';
[63] Fix | Delete
[64] Fix | Delete
/**
[65] Fix | Delete
* @var NameFilter
[66] Fix | Delete
*/
[67] Fix | Delete
private $cache_namefilter;
[68] Fix | Delete
/** @var int */
[69] Fix | Delete
public $timeout = 10;
[70] Fix | Delete
/** @var string */
[71] Fix | Delete
public $useragent = '';
[72] Fix | Delete
/** @var bool */
[73] Fix | Delete
public $force_fsockopen = false;
[74] Fix | Delete
/** @var array<string, string|string[]> */
[75] Fix | Delete
public $replace_url_attributes = [];
[76] Fix | Delete
/**
[77] Fix | Delete
* @var array<int, mixed> Custom curl options
[78] Fix | Delete
* @see SimplePie::set_curl_options()
[79] Fix | Delete
*/
[80] Fix | Delete
private $curl_options = [];
[81] Fix | Delete
[82] Fix | Delete
/** @var Registry */
[83] Fix | Delete
public $registry;
[84] Fix | Delete
[85] Fix | Delete
/**
[86] Fix | Delete
* @var DataCache|null
[87] Fix | Delete
*/
[88] Fix | Delete
private $cache = null;
[89] Fix | Delete
[90] Fix | Delete
/**
[91] Fix | Delete
* @var int Cache duration (in seconds)
[92] Fix | Delete
*/
[93] Fix | Delete
private $cache_duration = 3600;
[94] Fix | Delete
[95] Fix | Delete
/**
[96] Fix | Delete
* List of domains for which to force HTTPS.
[97] Fix | Delete
* @see \SimplePie\Sanitize::set_https_domains()
[98] Fix | Delete
* Array is a tree split at DNS levels. Example:
[99] Fix | Delete
* array('biz' => true, 'com' => array('example' => true), 'net' => array('example' => array('www' => true)))
[100] Fix | Delete
* @var true|array<string, true|array<string, true|array<string, array<string, true|array<string, true|array<string, true>>>>>>
[101] Fix | Delete
*/
[102] Fix | Delete
public $https_domains = [];
[103] Fix | Delete
[104] Fix | Delete
/**
[105] Fix | Delete
* @var Client|null
[106] Fix | Delete
*/
[107] Fix | Delete
private $http_client = null;
[108] Fix | Delete
[109] Fix | Delete
public function __construct()
[110] Fix | Delete
{
[111] Fix | Delete
// Set defaults
[112] Fix | Delete
$this->set_url_replacements(null);
[113] Fix | Delete
}
[114] Fix | Delete
[115] Fix | Delete
/**
[116] Fix | Delete
* @return void
[117] Fix | Delete
*/
[118] Fix | Delete
public function remove_div(bool $enable = true)
[119] Fix | Delete
{
[120] Fix | Delete
$this->remove_div = (bool) $enable;
[121] Fix | Delete
}
[122] Fix | Delete
[123] Fix | Delete
/**
[124] Fix | Delete
* @param string|false $page
[125] Fix | Delete
* @return void
[126] Fix | Delete
*/
[127] Fix | Delete
public function set_image_handler($page = false)
[128] Fix | Delete
{
[129] Fix | Delete
if ($page) {
[130] Fix | Delete
$this->image_handler = (string) $page;
[131] Fix | Delete
} else {
[132] Fix | Delete
$this->image_handler = '';
[133] Fix | Delete
}
[134] Fix | Delete
}
[135] Fix | Delete
[136] Fix | Delete
/**
[137] Fix | Delete
* @return void
[138] Fix | Delete
*/
[139] Fix | Delete
public function set_registry(\SimplePie\Registry $registry)
[140] Fix | Delete
{
[141] Fix | Delete
$this->registry = $registry;
[142] Fix | Delete
}
[143] Fix | Delete
[144] Fix | Delete
/**
[145] Fix | Delete
* @param (string&(callable(string): string))|NameFilter $cache_name_function
[146] Fix | Delete
* @param class-string<Cache> $cache_class
[147] Fix | Delete
* @return void
[148] Fix | Delete
*/
[149] Fix | Delete
public function pass_cache_data(bool $enable_cache = true, string $cache_location = './cache', $cache_name_function = 'md5', string $cache_class = Cache::class, ?DataCache $cache = null)
[150] Fix | Delete
{
[151] Fix | Delete
$this->enable_cache = $enable_cache;
[152] Fix | Delete
[153] Fix | Delete
if ($cache_location) {
[154] Fix | Delete
$this->cache_location = $cache_location;
[155] Fix | Delete
}
[156] Fix | Delete
[157] Fix | Delete
// @phpstan-ignore-next-line Enforce PHPDoc type.
[158] Fix | Delete
if (!is_string($cache_name_function) && !$cache_name_function instanceof NameFilter) {
[159] Fix | Delete
throw new InvalidArgumentException(sprintf(
[160] Fix | Delete
'%s(): Argument #3 ($cache_name_function) must be of type %s',
[161] Fix | Delete
__METHOD__,
[162] Fix | Delete
NameFilter::class
[163] Fix | Delete
), 1);
[164] Fix | Delete
}
[165] Fix | Delete
[166] Fix | Delete
// BC: $cache_name_function could be a callable as string
[167] Fix | Delete
if (is_string($cache_name_function)) {
[168] Fix | Delete
// trigger_error(sprintf('Providing $cache_name_function as string in "%s()" is deprecated since SimplePie 1.8.0, provide as "%s" instead.', __METHOD__, NameFilter::class), \E_USER_DEPRECATED);
[169] Fix | Delete
$this->cache_name_function = $cache_name_function;
[170] Fix | Delete
[171] Fix | Delete
$cache_name_function = new CallableNameFilter($cache_name_function);
[172] Fix | Delete
}
[173] Fix | Delete
[174] Fix | Delete
$this->cache_namefilter = $cache_name_function;
[175] Fix | Delete
[176] Fix | Delete
if ($cache !== null) {
[177] Fix | Delete
$this->cache = $cache;
[178] Fix | Delete
}
[179] Fix | Delete
}
[180] Fix | Delete
[181] Fix | Delete
/**
[182] Fix | Delete
* Set a PSR-18 client and PSR-17 factories
[183] Fix | Delete
*
[184] Fix | Delete
* Allows you to use your own HTTP client implementations.
[185] Fix | Delete
*/
[186] Fix | Delete
final public function set_http_client(
[187] Fix | Delete
ClientInterface $http_client,
[188] Fix | Delete
RequestFactoryInterface $request_factory,
[189] Fix | Delete
UriFactoryInterface $uri_factory
[190] Fix | Delete
): void {
[191] Fix | Delete
$this->http_client = new Psr18Client($http_client, $request_factory, $uri_factory);
[192] Fix | Delete
}
[193] Fix | Delete
[194] Fix | Delete
/**
[195] Fix | Delete
* @deprecated since SimplePie 1.9.0, use \SimplePie\Sanitize::set_http_client() instead.
[196] Fix | Delete
* @param class-string<File> $file_class
[197] Fix | Delete
* @param array<int, mixed> $curl_options
[198] Fix | Delete
* @return void
[199] Fix | Delete
*/
[200] Fix | Delete
public function pass_file_data(string $file_class = File::class, int $timeout = 10, string $useragent = '', bool $force_fsockopen = false, array $curl_options = [])
[201] Fix | Delete
{
[202] Fix | Delete
// trigger_error(sprintf('SimplePie\Sanitize::pass_file_data() is deprecated since SimplePie 1.9.0, please use "SimplePie\Sanitize::set_http_client()" instead.'), \E_USER_DEPRECATED);
[203] Fix | Delete
if ($timeout) {
[204] Fix | Delete
$this->timeout = $timeout;
[205] Fix | Delete
}
[206] Fix | Delete
[207] Fix | Delete
if ($useragent) {
[208] Fix | Delete
$this->useragent = $useragent;
[209] Fix | Delete
}
[210] Fix | Delete
[211] Fix | Delete
if ($force_fsockopen) {
[212] Fix | Delete
$this->force_fsockopen = $force_fsockopen;
[213] Fix | Delete
}
[214] Fix | Delete
[215] Fix | Delete
$this->curl_options = $curl_options;
[216] Fix | Delete
// Invalidate the registered client.
[217] Fix | Delete
$this->http_client = null;
[218] Fix | Delete
}
[219] Fix | Delete
[220] Fix | Delete
/**
[221] Fix | Delete
* @param string[]|string|false $tags Set a list of tags to strip, or set empty string to use default tags, or false to strip nothing.
[222] Fix | Delete
* @return void
[223] Fix | Delete
*/
[224] Fix | Delete
public function strip_htmltags($tags = ['base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style'])
[225] Fix | Delete
{
[226] Fix | Delete
if ($tags) {
[227] Fix | Delete
if (is_array($tags)) {
[228] Fix | Delete
$this->strip_htmltags = $tags;
[229] Fix | Delete
} else {
[230] Fix | Delete
$this->strip_htmltags = explode(',', $tags);
[231] Fix | Delete
}
[232] Fix | Delete
} else {
[233] Fix | Delete
$this->strip_htmltags = [];
[234] Fix | Delete
}
[235] Fix | Delete
}
[236] Fix | Delete
[237] Fix | Delete
/**
[238] Fix | Delete
* @return void
[239] Fix | Delete
*/
[240] Fix | Delete
public function encode_instead_of_strip(bool $encode = false)
[241] Fix | Delete
{
[242] Fix | Delete
$this->encode_instead_of_strip = $encode;
[243] Fix | Delete
}
[244] Fix | Delete
[245] Fix | Delete
/**
[246] Fix | Delete
* @param string[]|string $attribs
[247] Fix | Delete
* @return void
[248] Fix | Delete
*/
[249] Fix | Delete
public function rename_attributes($attribs = [])
[250] Fix | Delete
{
[251] Fix | Delete
if ($attribs) {
[252] Fix | Delete
if (is_array($attribs)) {
[253] Fix | Delete
$this->rename_attributes = $attribs;
[254] Fix | Delete
} else {
[255] Fix | Delete
$this->rename_attributes = explode(',', $attribs);
[256] Fix | Delete
}
[257] Fix | Delete
} else {
[258] Fix | Delete
$this->rename_attributes = [];
[259] Fix | Delete
}
[260] Fix | Delete
}
[261] Fix | Delete
[262] Fix | Delete
/**
[263] Fix | Delete
* @param string[]|string $attribs
[264] Fix | Delete
* @return void
[265] Fix | Delete
*/
[266] Fix | Delete
public function strip_attributes($attribs = ['bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'])
[267] Fix | Delete
{
[268] Fix | Delete
if ($attribs) {
[269] Fix | Delete
if (is_array($attribs)) {
[270] Fix | Delete
$this->strip_attributes = $attribs;
[271] Fix | Delete
} else {
[272] Fix | Delete
$this->strip_attributes = explode(',', $attribs);
[273] Fix | Delete
}
[274] Fix | Delete
} else {
[275] Fix | Delete
$this->strip_attributes = [];
[276] Fix | Delete
}
[277] Fix | Delete
}
[278] Fix | Delete
[279] Fix | Delete
/**
[280] Fix | Delete
* @param array<string, array<string, string>> $attribs
[281] Fix | Delete
* @return void
[282] Fix | Delete
*/
[283] Fix | Delete
public function add_attributes(array $attribs = ['audio' => ['preload' => 'none'], 'iframe' => ['sandbox' => 'allow-scripts allow-same-origin'], 'video' => ['preload' => 'none']])
[284] Fix | Delete
{
[285] Fix | Delete
$this->add_attributes = $attribs;
[286] Fix | Delete
}
[287] Fix | Delete
[288] Fix | Delete
/**
[289] Fix | Delete
* @return void
[290] Fix | Delete
*/
[291] Fix | Delete
public function strip_comments(bool $strip = false)
[292] Fix | Delete
{
[293] Fix | Delete
$this->strip_comments = $strip;
[294] Fix | Delete
}
[295] Fix | Delete
[296] Fix | Delete
/**
[297] Fix | Delete
* @return void
[298] Fix | Delete
*/
[299] Fix | Delete
public function set_output_encoding(string $encoding = 'UTF-8')
[300] Fix | Delete
{
[301] Fix | Delete
$this->output_encoding = $encoding;
[302] Fix | Delete
}
[303] Fix | Delete
[304] Fix | Delete
/**
[305] Fix | Delete
* Set element/attribute key/value pairs of HTML attributes
[306] Fix | Delete
* containing URLs that need to be resolved relative to the feed
[307] Fix | Delete
*
[308] Fix | Delete
* Defaults to |a|@href, |area|@href, |audio|@src, |blockquote|@cite,
[309] Fix | Delete
* |del|@cite, |form|@action, |img|@longdesc, |img|@src, |input|@src,
[310] Fix | Delete
* |ins|@cite, |q|@cite, |source|@src, |video|@src
[311] Fix | Delete
*
[312] Fix | Delete
* @since 1.0
[313] Fix | Delete
* @param array<string, string|string[]>|null $element_attribute Element/attribute key/value pairs, null for default
[314] Fix | Delete
* @return void
[315] Fix | Delete
*/
[316] Fix | Delete
public function set_url_replacements(?array $element_attribute = null)
[317] Fix | Delete
{
[318] Fix | Delete
if ($element_attribute === null) {
[319] Fix | Delete
$element_attribute = [
[320] Fix | Delete
'a' => 'href',
[321] Fix | Delete
'area' => 'href',
[322] Fix | Delete
'audio' => 'src',
[323] Fix | Delete
'blockquote' => 'cite',
[324] Fix | Delete
'del' => 'cite',
[325] Fix | Delete
'form' => 'action',
[326] Fix | Delete
'img' => [
[327] Fix | Delete
'longdesc',
[328] Fix | Delete
'src'
[329] Fix | Delete
],
[330] Fix | Delete
'input' => 'src',
[331] Fix | Delete
'ins' => 'cite',
[332] Fix | Delete
'q' => 'cite',
[333] Fix | Delete
'source' => 'src',
[334] Fix | Delete
'video' => [
[335] Fix | Delete
'poster',
[336] Fix | Delete
'src'
[337] Fix | Delete
]
[338] Fix | Delete
];
[339] Fix | Delete
}
[340] Fix | Delete
$this->replace_url_attributes = $element_attribute;
[341] Fix | Delete
}
[342] Fix | Delete
[343] Fix | Delete
/**
[344] Fix | Delete
* Set the list of domains for which to force HTTPS.
[345] Fix | Delete
* @see \SimplePie\Misc::https_url()
[346] Fix | Delete
* Example array('biz', 'example.com', 'example.org', 'www.example.net');
[347] Fix | Delete
*
[348] Fix | Delete
* @param string[] $domains list of domain names ['biz', 'example.com', 'example.org', 'www.example.net']
[349] Fix | Delete
*
[350] Fix | Delete
* @return void
[351] Fix | Delete
*/
[352] Fix | Delete
public function set_https_domains(array $domains)
[353] Fix | Delete
{
[354] Fix | Delete
$this->https_domains = [];
[355] Fix | Delete
foreach ($domains as $domain) {
[356] Fix | Delete
$domain = trim($domain, ". \t\n\r\0\x0B");
[357] Fix | Delete
$segments = array_reverse(explode('.', $domain));
[358] Fix | Delete
/** @var true|array<string, true|array<string, true|array<string, array<string, true|array<string, true|array<string, true>>>>>> */ // Needed for PHPStan.
[359] Fix | Delete
$node = &$this->https_domains;
[360] Fix | Delete
foreach ($segments as $segment) {//Build a tree
[361] Fix | Delete
if ($node === true) {
[362] Fix | Delete
break;
[363] Fix | Delete
}
[364] Fix | Delete
if (!isset($node[$segment])) {
[365] Fix | Delete
$node[$segment] = [];
[366] Fix | Delete
}
[367] Fix | Delete
$node = &$node[$segment];
[368] Fix | Delete
}
[369] Fix | Delete
$node = true;
[370] Fix | Delete
}
[371] Fix | Delete
}
[372] Fix | Delete
[373] Fix | Delete
/**
[374] Fix | Delete
* Check if the domain is in the list of forced HTTPS.
[375] Fix | Delete
*
[376] Fix | Delete
* @return bool
[377] Fix | Delete
*/
[378] Fix | Delete
protected function is_https_domain(string $domain)
[379] Fix | Delete
{
[380] Fix | Delete
$domain = trim($domain, '. ');
[381] Fix | Delete
$segments = array_reverse(explode('.', $domain));
[382] Fix | Delete
$node = &$this->https_domains;
[383] Fix | Delete
foreach ($segments as $segment) {//Explore the tree
[384] Fix | Delete
if (isset($node[$segment])) {
[385] Fix | Delete
$node = &$node[$segment];
[386] Fix | Delete
} else {
[387] Fix | Delete
break;
[388] Fix | Delete
}
[389] Fix | Delete
}
[390] Fix | Delete
return $node === true;
[391] Fix | Delete
}
[392] Fix | Delete
[393] Fix | Delete
/**
[394] Fix | Delete
* Force HTTPS for selected Web sites.
[395] Fix | Delete
*
[396] Fix | Delete
* @return string
[397] Fix | Delete
*/
[398] Fix | Delete
public function https_url(string $url)
[399] Fix | Delete
{
[400] Fix | Delete
return (
[401] Fix | Delete
strtolower(substr($url, 0, 7)) === 'http://'
[402] Fix | Delete
&& ($parsed = parse_url($url, PHP_URL_HOST)) !== false // Malformed URL
[403] Fix | Delete
&& $parsed !== null // Missing host
[404] Fix | Delete
&& $this->is_https_domain($parsed) // Should be forced?
[405] Fix | Delete
) ? substr_replace($url, 's', 4, 0) // Add the 's' to HTTPS
[406] Fix | Delete
: $url;
[407] Fix | Delete
}
[408] Fix | Delete
[409] Fix | Delete
/**
[410] Fix | Delete
* @param int-mask-of<SimplePie::CONSTRUCT_*> $type
[411] Fix | Delete
* @param string $base
[412] Fix | Delete
* @return string Sanitized data; false if output encoding is changed to something other than UTF-8 and conversion fails
[413] Fix | Delete
*/
[414] Fix | Delete
public function sanitize(string $data, int $type, string $base = '')
[415] Fix | Delete
{
[416] Fix | Delete
$data = trim($data);
[417] Fix | Delete
if ($data !== '' || $type & \SimplePie\SimplePie::CONSTRUCT_IRI) {
[418] Fix | Delete
if ($type & \SimplePie\SimplePie::CONSTRUCT_MAYBE_HTML) {
[419] Fix | Delete
if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . \SimplePie\SimplePie::PCRE_HTML_ATTRIBUTE . '>)/', $data)) {
[420] Fix | Delete
$type |= \SimplePie\SimplePie::CONSTRUCT_HTML;
[421] Fix | Delete
} else {
[422] Fix | Delete
$type |= \SimplePie\SimplePie::CONSTRUCT_TEXT;
[423] Fix | Delete
}
[424] Fix | Delete
}
[425] Fix | Delete
[426] Fix | Delete
if ($type & \SimplePie\SimplePie::CONSTRUCT_BASE64) {
[427] Fix | Delete
$data = base64_decode($data);
[428] Fix | Delete
}
[429] Fix | Delete
[430] Fix | Delete
if ($type & (\SimplePie\SimplePie::CONSTRUCT_HTML | \SimplePie\SimplePie::CONSTRUCT_XHTML)) {
[431] Fix | Delete
if (!class_exists('DOMDocument')) {
[432] Fix | Delete
throw new \SimplePie\Exception('DOMDocument not found, unable to use sanitizer');
[433] Fix | Delete
}
[434] Fix | Delete
$document = new \DOMDocument();
[435] Fix | Delete
$document->encoding = 'UTF-8';
[436] Fix | Delete
[437] Fix | Delete
// PHPStan seems to have trouble resolving int-mask because bitwise
[438] Fix | Delete
// operators are used when operators are used when passing this parameter.
[439] Fix | Delete
// https://github.com/phpstan/phpstan/issues/9384
[440] Fix | Delete
/** @var int-mask-of<SimplePie::CONSTRUCT_*> $type */
[441] Fix | Delete
$data = $this->preprocess($data, $type);
[442] Fix | Delete
[443] Fix | Delete
set_error_handler([Misc::class, 'silence_errors']);
[444] Fix | Delete
$document->loadHTML($data);
[445] Fix | Delete
restore_error_handler();
[446] Fix | Delete
[447] Fix | Delete
$xpath = new \DOMXPath($document);
[448] Fix | Delete
[449] Fix | Delete
// Strip comments
[450] Fix | Delete
if ($this->strip_comments) {
[451] Fix | Delete
/** @var \DOMNodeList<\DOMComment> */
[452] Fix | Delete
$comments = $xpath->query('//comment()');
[453] Fix | Delete
[454] Fix | Delete
foreach ($comments as $comment) {
[455] Fix | Delete
$parentNode = $comment->parentNode;
[456] Fix | Delete
assert($parentNode !== null, 'For PHPStan, comment must have a parent');
[457] Fix | Delete
$parentNode->removeChild($comment);
[458] Fix | Delete
}
[459] Fix | Delete
}
[460] Fix | Delete
[461] Fix | Delete
// Strip out HTML tags and attributes that might cause various security problems.
[462] Fix | Delete
// Based on recommendations by Mark Pilgrim at:
[463] Fix | Delete
// https://web.archive.org/web/20110902041826/http://diveintomark.org:80/archives/2003/06/12/how_to_consume_rss_safely
[464] Fix | Delete
if ($this->strip_htmltags) {
[465] Fix | Delete
foreach ($this->strip_htmltags as $tag) {
[466] Fix | Delete
$this->strip_tag($tag, $document, $xpath, $type);
[467] Fix | Delete
}
[468] Fix | Delete
}
[469] Fix | Delete
[470] Fix | Delete
if ($this->rename_attributes) {
[471] Fix | Delete
foreach ($this->rename_attributes as $attrib) {
[472] Fix | Delete
$this->rename_attr($attrib, $xpath);
[473] Fix | Delete
}
[474] Fix | Delete
}
[475] Fix | Delete
[476] Fix | Delete
if ($this->strip_attributes) {
[477] Fix | Delete
foreach ($this->strip_attributes as $attrib) {
[478] Fix | Delete
$this->strip_attr($attrib, $xpath);
[479] Fix | Delete
}
[480] Fix | Delete
}
[481] Fix | Delete
[482] Fix | Delete
if ($this->add_attributes) {
[483] Fix | Delete
foreach ($this->add_attributes as $tag => $valuePairs) {
[484] Fix | Delete
$this->add_attr($tag, $valuePairs, $document);
[485] Fix | Delete
}
[486] Fix | Delete
}
[487] Fix | Delete
[488] Fix | Delete
// Replace relative URLs
[489] Fix | Delete
$this->base = $base;
[490] Fix | Delete
foreach ($this->replace_url_attributes as $element => $attributes) {
[491] Fix | Delete
$this->replace_urls($document, $element, $attributes);
[492] Fix | Delete
}
[493] Fix | Delete
[494] Fix | Delete
// If image handling (caching, etc.) is enabled, cache and rewrite all the image tags.
[495] Fix | Delete
if ($this->image_handler !== '' && $this->enable_cache) {
[496] Fix | Delete
$images = $document->getElementsByTagName('img');
[497] Fix | Delete
[498] Fix | Delete
foreach ($images as $img) {
[499] Fix | Delete
12
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function