Changeset 47733 for trunk/src/wp-includes/SimplePie/Sanitize.php

Timestamp:

05/01/2020 02:24:42 PM (5 years ago)

Author:

desrosj

Message:

External Libraries: Update the SimplePie library to the latest version (1.5.5).

This brings SimplePie in sync with the most up to date version, 1.5.5.

This update brings many bug fixes, small enhancements, and PHP compatibility fixes for newer versions of PHP.

For a full list of changes, see ​https://github.com/simplepie/simplepie/blob/master/CHANGELOG.md#155-may-1-2020.

Props dshanske, slushman, etruel, wpshades, dmenard, desrosj, hareesh-pillai, stevenkword, jrf, Ipstenu, johnbillion.
Fixes #36669.

File:

• trunk/src/wp-includes/SimplePie/Sanitize.php (modified) (15 diffs)

trunk/src/wp-includes/SimplePie/Sanitize.php

@@ -6 +6 @@
  * Takes the hard work out of managing a complete RSS/Atom solution.
  *
- * Copyright (c) 2004-2012, Ryan Parman, Geoffrey Sneddon, Ryan McCue, and contributors
+ * Copyright (c) 2004-2016, Ryan Parman, Sam Sneddon, Ryan McCue, and contributors
  * All rights reserved.
  *
@@ -34 +34 @@
  *
  * @package SimplePie
- * @version 1.3.1
- * @copyright 2004-2012 Ryan Parman, Geoffrey Sneddon, Ryan McCue
+ * @copyright 2004-2016 Ryan Parman, Sam Sneddon, Ryan McCue
  * @author Ryan Parman
- * @author Geoffrey Sneddon
+ * @author Sam Sneddon
  * @author Ryan McCue
  * @link http://simplepie.org/ SimplePie
@@ -62 +61 @@
     var $strip_htmltags = array('base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style');
     var $encode_instead_of_strip = false;
-    var $strip_attributes = array('bgsound', 'class', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc');
+    var $strip_attributes = array('bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc');
+    var $add_attributes = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none'));
     var $strip_comments = false;
     var $output_encoding = 'UTF-8';
@@ -161 +161 @@
     }
 
-    public function strip_attributes($attribs = array('bgsound', 'class', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'))
+    public function strip_attributes($attribs = array('bgsound', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'))
     {
         if ($attribs)
@@ -177 +177 @@
         {
             $this->strip_attributes = false;
+        }
+    }
+
+    public function add_attributes($attribs = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none')))
+    {
+        if ($attribs)
+        {
+            if (is_array($attribs))
+            {
+                $this->add_attributes = $attribs;
+            }
+            else
+            {
+                $this->add_attributes = explode(',', $attribs);
+            }
+        }
+        else
+        {
+            $this->add_attributes = false;
         }
     }
@@ -250 +269 @@
                 if (!class_exists('DOMDocument'))
                 {
-                    $this->registry->call('Misc', 'error', array('DOMDocument not found, unable to use sanitizer', E_USER_WARNING, __FILE__, __LINE__));
-                    return '';
+                    throw new SimplePie_Exception('DOMDocument not found, unable to use sanitizer');
                 }
                 $document = new DOMDocument();
                 $document->encoding = 'UTF-8';
+
                 $data = $this->preprocess($data, $type);
 
@@ -261 +280 @@
                 restore_error_handler();
 
+                $xpath = new DOMXPath($document);
+
                 // Strip comments
                 if ($this->strip_comments)
                 {
-                    $xpath = new DOMXPath($document);
                     $comments = $xpath->query('//comment()');
 
@@ -280 +300 @@
                     foreach ($this->strip_htmltags as $tag)
                     {
-                        $this->strip_tag($tag, $document, $type);
+                        $this->strip_tag($tag, $document, $xpath, $type);
                     }
                 }
@@ -288 +308 @@
                     foreach ($this->strip_attributes as $attrib)
                     {
-                        $this->strip_attr($attrib, $document);
+                        $this->strip_attr($attrib, $xpath);
+                    }
+                }
+
+                if ($this->add_attributes)
+                {
+                    foreach ($this->add_attributes as $tag => $valuePairs)
+                    {
+                        $this->add_attr($tag, $valuePairs, $document);
                     }
                 }
@@ -327 +355 @@
                                     else
                                     {
-                                        trigger_error("$this->cache_location is not writeable. Make sure you've set the correct relative or absolute path, and that the location is server-writable.", E_USER_WARNING);
+                                        trigger_error("$this->cache_location is not writable. Make sure you've set the correct relative or absolute path, and that the location is server-writable.", E_USER_WARNING);
                                     }
                                 }
@@ -335 +363 @@
                 }
 
-                // Remove the DOCTYPE
-                // Seems to cause segfaulting if we don't do this
-                if ($document->firstChild instanceof DOMDocumentType)
-                {
-                    $document->removeChild($document->firstChild);
-                }
-
-                // Move everything from the body to the root
-                $real_body = $document->getElementsByTagName('body')->item(0)->childNodes->item(0);
-                $document->replaceChild($real_body, $document->firstChild);
-
+                // Get content node
+                $div = $document->getElementsByTagName('body')->item(0)->firstChild;
                 // Finally, convert to a HTML string
-                $data = trim($document->saveHTML());
+                $data = trim($document->saveHTML($div));
 
                 if ($this->remove_div)
@@ -385 +404 @@
     {
         $ret = '';
+        $html = preg_replace('%</?(?:html|body)[^>]*?'.'>%is', '', $html);
         if ($type & ~SIMPLEPIE_CONSTRUCT_XHTML)
         {
@@ -457 +477 @@
     }
 
-    protected function strip_tag($tag, $document, $type)
-    {
-        $xpath = new DOMXPath($document);
+    protected function strip_tag($tag, $document, $xpath, $type)
+    {
         $elements = $xpath->query('body//' . $tag);
         if ($this->encode_instead_of_strip)
@@ -542 +561 @@
     }
 
-    protected function strip_attr($attrib, $document)
-    {
-        $xpath = new DOMXPath($document);
+    protected function strip_attr($attrib, $xpath)
+    {
         $elements = $xpath->query('//*[@' . $attrib . ']');
 
@@ -552 +570 @@
         }
     }
+
+    protected function add_attr($tag, $valuePairs, $document)
+    {
+        $elements = $document->getElementsByTagName($tag);
+        foreach ($elements as $element)
+        {
+            foreach ($valuePairs as $attrib => $value)
+            {
+                $element->setAttribute($attrib, $value);
+            }
+        }
+    }
 }