mistpark 2.0 infrasturcture lands

boot.php

@@ -21,8 +21,25 @@ define ( 'NOTIFY_WALL',    0x0004 );
 define ( 'NOTIFY_COMMENT', 0x0008 );
 define ( 'NOTIFY_MAIL',    0x0010 );
 
-define ( 'NAMESPACE_DFRN' , 'http://purl.org/macgirvin/dfrn/1.0' ); 
-define ( 'NAMESPACE_ACTIVITY', 'http://activitystrea.ms/schema/1.0/' );
+define ( 'NAMESPACE_DFRN' ,      'http://purl.org/macgirvin/dfrn/1.0' ); 
+define ( 'NAMESPACE_ACTIVITY',   'http://activitystrea.ms/spec/1.0/' );
+define ( 'NAMESPACE_ACTIVITY_SCHEMA', 'http://activitystrea.ms/schema/1.0/');
+define ( 'ACTIVITY_LIKE',        NAMESPACE_ACTIVITY_SCHEMA . 'like' );
+define ( 'ACTIVITY_FRIEND',      NAMESPACE_ACTIVITY_SCHEMA . 'make-friend' );
+define ( 'ACTIVITY_POST',        NAMESPACE_ACTIVITY_SCHEMA . 'post' );
+define ( 'ACTIVITY_UPDATE',      NAMESPACE_ACTIVITY_SCHEMA . 'update' );
+
+define ( 'ACTIVITY_OBJ_COMMENT', NAMESPACE_ACTIVITY_SCHEMA . 'comment' );
+define ( 'ACTIVITY_OBJ_NOTE',    NAMESPACE_ACTIVITY_SCHEMA . 'note' );
+define ( 'ACTIVITY_OBJ_PERSON',  NAMESPACE_ACTIVITY_SCHEMA . 'person' );
+define ( 'ACTIVITY_OBJ_PHOTO',   NAMESPACE_ACTIVITY_SCHEMA . 'photo' );
+define ( 'ACTIVITY_OBJ_P_PHOTO', NAMESPACE_ACTIVITY_SCHEMA . 'profile-photo' );
+define ( 'ACTIVITY_OBJ_ALBUM',   NAMESPACE_ACTIVITY_SCHEMA . 'photo-album' );
+
+
+define ( 'ACTIVITY_OBJ_HEART',    NAMESPACE_DFRN     . '/heart' );
+
+
 
 if(! class_exists('App')) {
 class App {
@@ -582,8 +599,11 @@ function get_config($family, $key, $instore = false) {
 
 	global $a;
 	if(! $instore) {
-		if(isset($a->config[$family][$key]))
+		if(isset($a->config[$family][$key])) {
+			if($a->config[$family][$key] == '!<unset>!')
+				return false;
 			return $a->config[$family][$key];
+		}
 	}
 	$ret = q("SELECT `v` FROM `config` WHERE `cat` = '%s' AND `k` = '%s' LIMIT 1",
 		dbesc($family),
@@ -593,6 +613,9 @@ function get_config($family, $key, $instore = false) {
 		$a->config[$family][$key] = $ret[0]['v'];
 		return $ret[0]['v'];
 	}
+	else {
+		$a->config[$family][$key] = '!<unset>!';
+	}
 	return false;
 }}
 
@@ -667,8 +690,9 @@ function convert_xml_element_to_array($xml_element, &$recursion_depth=0) {
 
 if(! function_exists('webfinger')) {
 function webfinger($s) {
-	if(! strstr($s,'@'))
+	if(! strstr($s,'@')) {
 		return $s;
+	}
 	$host = substr($s,strpos($s,'@') + 1);
 	$url = 'http://' . $host . '/.well-known/host-meta' ;
 	$xml = fetch_url($url);
@@ -714,3 +738,51 @@ function webfinger($s) {
 			return $link['@attributes']['href'];
 	return '';
 }}
+
+if(! function_exists('perms2str')) {
+function perms2str($p) {
+	$ret = '';
+	$tmp = $p;
+	if(is_array($tmp)) {
+		array_walk($tmp,'sanitise_acl');
+		$ret = implode('',$tmp);
+	}
+	return $ret;
+}}
+
+if(! function_exists('item_new_uri')) {
+function item_new_uri($hostname,$uid) {
+
+	do {
+		$dups = false;
+		$hash = random_string();
+
+		$uri = "urn:X-dfrn:" . $hostname . ':' . $uid . ':' . $hash;
+
+		$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' LIMIT 1",
+			dbesc($uri));
+		if(count($r))
+			$dups = true;
+	} while($dups == true);
+	return $uri;
+}}
+
+if(! function_exists('get_uid')) {
+function get_uid() {
+	return ((x($_SESSION,'uid')) ? intval($_SESSION['uid']) : 0) ;
+}}
+
+if(! function_exists('validate_url')) {
+function validate_url($url) {
+	if(substr($url,0,4) != 'http')
+		$url = 'http://' . $url;
+	$h = parse_url($url);
+
+	if(! $h)
+		return false;
+	if(! checkdnsrr($h['host'], 'ANY'))
+		return false;
+	return true;
+}}
+
+

include/Contact.php

@@ -0,0 +1,54 @@
+<?php
+
+
+
+
+function contact_remove($id) {
+	q("DELETE FROM `contact` WHERE `id` = %d LIMIT 1",
+		intval($id)
+	);
+	q("DELETE FROM `item` WHERE `contact-id` = %d ",
+		intval($id)
+	);
+	q("DELETE FROM `photo` WHERE `contact-id` = %d ",
+		intval($id)
+	);
+}
+
+
+// Contact has refused to recognise us as a friend. We will start a countdown.
+// If they still don't recognise us in 32 days, the relationship is over,
+// and we won't waste any more time trying to communicate with them.
+// This provides for the possibility that their database is temporarily messed
+// up or some other transient event and that there's a possibility we could recover from it.
+ 
+if(! function_exists('mark_for_death')) {
+function mark_for_death($contact) {
+	if($contact['term-date'] == '0000-00-00 00:00:00') {
+		q("UPDATE `contact` SET `term-date` = '%s' WHERE `id` = %d LIMIT 1",
+				dbesc(datetime_convert()),
+				intval($contact['id'])
+		);
+	}
+	else {
+		$expiry = $contact['term-date'] . ' + 32 days ';
+		if(datetime_convert() > datetime_convert('UTC','UTC',$expiry)) {
+
+			// relationship is really truly dead. 
+
+			contact_remove($contact['id']);
+
+		}
+	}
+
+}}
+
+if(! function_exists('unmark_for_death')) {
+function unmark_for_death($contact) {
+	// It's a miracle. Our dead contact has inexplicably come back to life.
+	q("UPDATE `contact` SET `term-date = '%s' WHERE `id` = %d LIMIT 1",
+		dbesc('0000-00-00 00:00:00'),
+		intval($contact['id'])
+	);
+}}
+

include/auth.php

@@ -7,7 +7,6 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) {
 		unset($_SESSION['authenticated']);
 		unset($_SESSION['uid']);
 		unset($_SESSION['visitor_id']);
-		unset($_SESSION['is_visitor']);
 		unset($_SESSION['administrator']);
 		unset($_SESSION['cid']);
 		unset($_SESSION['theme']);
@@ -41,7 +40,6 @@ else {
 	unset($_SESSION['authenticated']);
 	unset($_SESSION['uid']);
 	unset($_SESSION['visitor_id']);
-	unset($_SESSION['is_visitor']);
 	unset($_SESSION['administrator']);
 	unset($_SESSION['cid']);
 	$encrypted = hash('whirlpool',trim($_POST['password']));

include/bbcode.php

@@ -76,7 +76,7 @@ function bbcode($Text) {
 
 	// Youtube extensions
         $Text = preg_replace("/\[youtube\]http:\/\/www.youtube.com\/watch\?v\=(.+?)\[\/youtube\]/",'[youtube]$1[/youtube]',$Text); 
-	$Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350"></embed></object>', $Text);
+	$Text = preg_replace("/\[youtube\](.+?)\[\/youtube\]/", '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/$1"></param><!--[if IE]><embed src="http://www.youtube.com/v/$1" type="application/x-shockwave-flash" width="425" height="350" /><![endif]--></object>', $Text);
 
 	return $Text;
 }

include/datetime.php

@@ -55,9 +55,20 @@ function select_timezone($current = 'America/Los_Angeles') {
 
 if(! function_exists('datetime_convert')) {
 function datetime_convert($from = 'UTC', $to = 'UTC', $s = 'now', $fmt = "Y-m-d H:i:s") {
-  $d = new DateTime($s, new DateTimeZone($from));
-  $d->setTimeZone(new DateTimeZone($to));
-  return($d->format($fmt));
+
+	// Slight hackish adjustment so that 'zero' datetime actually returns what is intended
+        // otherwise we end up with -0001-11-30 ...
+	// add 32 days so that we at least get year 00, and then hack around the fact that 
+        // months and days always start with 1. 
+
+	if(substr($s,0,10) == '0000-00-00') {
+		$d = new DateTime($s . ' + 32 days', new DateTimeZone('UTC'));
+		return str_replace('1','0',$d->format($fmt));
+	}
+
+	$d = new DateTime($s, new DateTimeZone($from));
+	$d->setTimeZone(new DateTimeZone($to));
+	return($d->format($fmt));
 }}
 
 function dob($dob) {

include/html2bbcode.php

@@ -0,0 +1,50 @@
+<?php
+
+
+function html2bbcode($s) {
+
+
+// Tags to Find
+$htmltags = array(
+                        '/\<b\>(.*?)\<\/b\>/is',
+                        '/\<i\>(.*?)\<\/i\>/is',
+                        '/\<u\>(.*?)\<\/u\>/is',
+                        '/\<ul\>(.*?)\<\/ul\>/is',
+                        '/\<li\>(.*?)\<\/li\>/is',
+                        '/\<img(.*?) src=\"(.*?)\" (.*?)\>/is',
+                        '/\<div(.*?)\>(.*?)\<\/div\>/is',
+                        '/\<br(.*?)\>/is',
+                        '/\<strong\>(.*?)\<\/strong\>/is',
+                        '/\<a href=\"(.*?)\"(.*?)\>(.*?)\<\/a\>/is',
+			'/\<code\>(.*?)\<\/code\>/is',
+			'/\<font color=(.*?)\>(.*?)\<\/font\>',
+			'/\<font color=\"(.*?)\"\>(.*?)\<\/font\>',
+			'/\<blockquote\>(.*?)\<\/blockquote\>/is',
+
+                        );
+
+// Replace with
+$bbtags = array(
+                        '[b]$1[/b]',
+                        '[i]$1[/i]',
+                        '[u]$1[/u]',
+                        '[list]$1[/list]',
+                        '[*]$1',
+                        '[img]$2[/img]',
+                        '$2',
+                        '\n',
+                        '[b]$1[/b]',
+                        '[url=$1]$3[/url]',
+			'[code]$1[/code],
+			'[color="$1"]$2[/color]',
+			'[color="$1"]$2[/color]',
+			'[quote]$1[/quote]',
+                        );
+
+// Replace $htmltags in $text with $bbtags
+$text = preg_replace ($htmltags, $bbtags, $s);
+
+// Strip all other HTML tags
+$text = strip_tags($text);
+return $text;
+}

include/items.php

@@ -1,18 +1,27 @@
 <?php
 
 
-function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
+function get_feed_for(&$a, $dfrn_id, $owner_id, $last_update) {
+
+	require_once('bbcode.php');
 
 	// default permissions - anonymous user
 
-	$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
+	$sql_extra = " 
+		AND `allow_cid` = '' 
+		AND `allow_gid` = '' 
+		AND `deny_cid`  = '' 
+		AND `deny_gid`  = '' 
+	";
 
 	if(strlen($owner_id) && ! intval($owner_id)) {
-		$r = q("SELECT `uid` FROM `user` WHERE `nickname` = '%s' LIMIT 1",
+		$r = q("SELECT `uid`, `nickname` FROM `user` WHERE `nickname` = '%s' LIMIT 1",
 			dbesc($owner_id)
 		);
-		if(count($r))
+		if(count($r)) {
 			$owner_id = $r[0]['uid'];
+			$owner_nick = $r[0]['nickname'];
+		}
 	}
 
 	$r = q("SELECT * FROM `contact` WHERE `self` = 1 AND `uid` = %d LIMIT 1",
@@ -42,12 +51,12 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 		else
 			$gs = '<<>>' ; // Impossible to match 
 
-		$sql_extra = sprintf(
-			" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
-			AND ( `deny_cid` = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
-			AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
-			AND ( `deny_gid` = '' OR NOT `deny_gid` REGEXP '%s') ",
-
+		$sql_extra = sprintf(" 
+			AND ( `allow_cid` = '' OR     `allow_cid` REGEXP '<%d>' ) 
+			AND ( `deny_cid`  = '' OR NOT `deny_cid`  REGEXP '<%d>' ) 
+			AND ( `allow_gid` = '' OR     `allow_gid` REGEXP '%s' )
+			AND ( `deny_gid`  = '' OR NOT `deny_gid`  REGEXP '%s') 
+		",
 			intval($contact['id']),
 			intval($contact['id']),
 			dbesc($gs),
@@ -88,7 +97,7 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 
 
 	$atom .= replace_macros($feed_template, array(
-			'$feed_id' => xmlify($a->get_baseurl()),
+			'$feed_id' => xmlify($a->get_baseurl() . '/profile/' . $owner_nick),
 			'$feed_title' => xmlify($owner['name']),
 			'$feed_updated' => xmlify(datetime_convert('UTC', 'UTC', $updated . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
 			'$name' => xmlify($owner['name']),
@@ -96,12 +105,24 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 			'$photo' => xmlify($owner['photo']),
 			'$thumb' => xmlify($owner['thumb']),
 			'$picdate' => xmlify(datetime_convert('UTC','UTC',$owner['avatar-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
-			'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
-			'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date'] . '+00:00' , 'Y-m-d\TH:i:s\Z')) 
+			'$uridate' => xmlify(datetime_convert('UTC','UTC',$owner['uri-date']    . '+00:00' , 'Y-m-d\TH:i:s\Z')) ,
+			'$namdate' => xmlify(datetime_convert('UTC','UTC',$owner['name-date']   . '+00:00' , 'Y-m-d\TH:i:s\Z')) 
 
 	));
 
+	
 	foreach($items as $item) {
+
+		// public feeds get html, our own nodes use bbcode
+
+		if($dfrn_id == '*') {
+			$item['body'] = bbcode($item['body']);
+			$type = 'html';
+		}
+		else {
+			$type = 'text';
+		}
+
 		if($item['deleted']) {
 			$atom .= replace_macros($tomb_template, array(
 				'$id' => xmlify($item['uri']),
@@ -109,6 +130,9 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 			));
 		}
 		else {
+			$verb = construct_verb($item);
+			$actobj = construct_activity($item);
+
 			if($item['parent'] == $item['id']) {
 				$atom .= replace_macros($item_template, array(
 					'$name' => xmlify($item['name']),
@@ -122,7 +146,10 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 					'$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
 					'$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
 					'$location' => xmlify($item['location']),
+					'$type' => $type,
 					'$content' => xmlify($item['body']),
+					'$verb' => xmlify($verb),
+					'$actobj' => $actobj,  // do not xmlify
 					'$comment_allow' => (($item['last-child'] && strlen($contact['dfrn-id'])) ? 1 : 0)
 				));
 			}
@@ -135,7 +162,10 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 					'$title' => xmlify($item['title']),
 					'$published' => xmlify(datetime_convert('UTC', 'UTC', $item['created'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
 					'$updated' => xmlify(datetime_convert('UTC', 'UTC', $item['edited'] . '+00:00' , 'Y-m-d\TH:i:s\Z')),
+					'$type' => $type,
 					'$content' =>xmlify($item['body']),
+					'$verb' => xmlify($verb),
+					'$actobj' => $actobj, // do not xmlify
 					'$parent_id' => xmlify($item['parent-uri']),
 					'$comment_allow' => (($item['last-child']) ? 1 : 0)
 				));
@@ -145,6 +175,22 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 
 	$atom .= '</feed>' . "\r\n";
 	return $atom;
+}
+
+
+function construct_verb($item) {
+	if($item['verb'])
+		return $item['verb'];
+	return ACTIVITY_POST;
+}
+
+function construct_activity($item) {
+
+	if($item['type'] == 'activity') {
+
+
+	}
+	return '';
 } 
 
 
@@ -152,12 +198,22 @@ function get_feed_for(&$a,$dfrn_id,$owner_id,$last_update) {
 
 function get_atom_elements($item) {
 
+	require_once('library/HTMLPurifier.auto.php');
+	require_once('include/html2bbcode.php');
+
 	$res = array();
 
+	$raw_author = $item->get_item_tags(SIMPLEPIE_NAMESPACE_ATOM_10,'author');
+	if($raw_author) {
+		if($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo')
+		$res['author-avatar'] = unxmlify($raw_author[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']);
+	}
+
 	$author = $item->get_author();
 	$res['author-name'] = unxmlify($author->get_name());
 	$res['author-link'] = unxmlify($author->get_link());
-	$res['author-avatar'] = unxmlify($author->get_avatar());
+	if(! $res['author-avatar'])
+		$res['author-avatar'] = unxmlify($author->get_avatar());
 	$res['uri'] = unxmlify($item->get_id());
 	$res['title'] = unxmlify($item->get_title());
 	$res['body'] = unxmlify($item->get_content());
@@ -166,6 +222,36 @@ function get_atom_elements($item) {
 	if($maxlen && (strlen($res['body']) > $maxlen))
 		$res['body'] = substr($res['body'],0, $maxlen);
 
+	// It isn't certain at this point whether our content is plaintext or html and we'd be foolish to trust 
+	// the content type. Our own network only emits text normally, though it might have been converted to 
+	// html if we used a pubsubhubbub transport. But if we see even one html open tag in our text, we will
+	// have to assume it is all html and needs to be purified.
+
+	// It doesn't matter all that much security wise - because before this content is used anywhere, we are 
+	// going to escape any tags we find regardless, but this lets us import a limited subset of html from 
+	// the wild, by sanitising it and converting supported tags to bbcode before we rip out any remaining 
+	// html.
+
+
+
+	if(strpos($res['body'],'<')) {
+
+		$res['body'] = preg_replace('#<object[^>]+>.+?' . 'http://www.youtube.com/((?:v|cp)/[A-Za-z0-9\-_=]+).+?</object>#s',
+			'[youtube]$1[/youtube]', $res['body']);
+
+		$config = HTMLPurifier_Config::createDefault();
+		$config->set('Core.DefinitionCache', null);
+
+		// we shouldn't need a whitelist, because the bbcode converter
+		// will strip out any unsupported tags.
+		// $config->set('HTML.Allowed', 'p,b,a[href],i'); 
+
+		$purifier = new HTMLPurifier($config);
+		$res['body'] = $purifier->purify($res['body']);
+	}
+	
+	$res['body'] = html2bbcode($res['body']);
+
 	$allow = $item->get_item_tags(NAMESPACE_DFRN,'comment-allow');
 	if($allow && $allow[0]['data'] == 1)
 		$res['last-child'] = 1;
@@ -186,18 +272,37 @@ function get_atom_elements($item) {
 		$res['edited'] = unxmlify($rawcreated[0]['data']);
 
 	$rawowner = $item->get_item_tags(NAMESPACE_DFRN, 'owner');
-	if($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data'])
+	if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data'])
+		$res['owner-name'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['name'][0]['data']);
+	elseif($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data'])
 		$res['owner-name'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['name'][0]['data']);
-	if($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data'])
+	if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data'])
+		$res['owner-link'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['uri'][0]['data']);
+	elseif($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data'])
 		$res['owner-link'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['uri'][0]['data']);
-	if($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data'])
+
+	if($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['rel'] == 'photo')
+		$res['owner-avatar'] = unxmlify($rawowner[0]['child'][SIMPLEPIE_NAMESPACE_ATOM_10]['link'][0]['attribs']['']['href']);
+	elseif($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data'])
 		$res['owner-avatar'] = unxmlify($rawowner[0]['child'][NAMESPACE_DFRN]['avatar'][0]['data']);
 
+	$rawverb = $item->get_item_tags(NAMESPACE_ACTIVITY, 'verb');
+	// select between supported verbs
+	if($rawverb)
+		$res['verb'] = unxmlify($rawverb[0]['data']);
+
+	$rawobj = $item->get_item_tags(NAMESPACE_ACTIVITY, 'object');
+	if($rawobj) {
+		$res['object-type'] = $rawobj[0]['object-type'][0]['data'];
+		$res['object'] = $rawobj[0];
+	}
+
 	return $res;
 }
 
 function post_remote($a,$arr) {
 
+//print_r($arr);
 
 	if(! x($arr,'type'))
 		$arr['type'] = 'remote';
@@ -218,8 +323,12 @@ function post_remote($a,$arr) {
 	$arr['visible'] = 1;
 	$arr['deleted'] = 0;
 	$arr['parent-uri'] = notags(trim($arr['parent-uri']));
+	$arr['verb'] = notags(trim($arr['verb']));
+	$arr['object-type'] = notags(trim($arr['object-type']));
+	$arr['object'] = trim($arr['object']);
 
 	$parent_id = 0;
+	$parent_missing = false;
 
 	dbesc_array($arr);
 
@@ -237,15 +346,28 @@ function post_remote($a,$arr) {
 	if(count($r))
 		$parent_id = $r[0]['id'];
 	else {
-		// if parent is missing, what do we do?
+		$parent_missing = true;
 	}
 
 	$r = q("SELECT `id` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
-		$arr['uri'],
+		$arr['uri'],           // already dbesc'd
 		intval($arr['uid'])
 	);
 	if(count($r))
 		$current_post = $r[0]['id'];
+	else
+		return 0;
+
+	if($parent_missing) {
+
+		// perhaps the parent was deleted, but in any case, this thread is dead
+		// and unfortunately our brand new item now has to be destroyed
+
+		q("DELETE FROM `item` WHERE `id` = %d LIMIT 1",
+			intval($current_post)
+		);
+		return 0;
+	}
 
 	$r = q("UPDATE `item` SET `parent` = %d WHERE `id` = %d LIMIT 1",
 		intval($parent_id),

include/notifier.php

@@ -1,6 +1,6 @@
 <?php
 
-	$debugging = false;
+	$debugging = true;
 
 	require_once("boot.php");
 
@@ -19,9 +19,6 @@
 
 	$a->set_baseurl(get_config('system','url'));
 
-	$baseurl = $argv[1];
-	$a->set_baseurl($argv[1]);
-
 	$cmd = $argv[1];
 
 	switch($cmd) {
@@ -266,10 +263,10 @@
 		if($rr['self'])
 			continue;
 
-		if((! strlen($rr['dfrn-id'])) || ($rr['duplex'] && ! strlen($rr['issued-id'])))
+		if((! strlen($rr['dfrn-id'])) && (! $rr['duplex']))
 			continue;
 
-		$idtosend = (($rr['duplex']) ? $rr['issued-id'] : $rr['dfrn-id']);
+		$idtosend = (($rr['dfrn-id']) ? $rr['dfrn-id'] : $rr['issued-id']);
 
 		$url = $rr['notify'] . '?dfrn_id=' . $idtosend;
 
@@ -291,7 +288,7 @@
 		$challenge = hex2bin($res->challenge);
 		$final_dfrn_id = '';
 
-		if($rr['duplex']) {
+		if($rr['duplex'] && strlen($rr['prvkey'])) {
 			openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$rr['prvkey']);
 			openssl_private_decrypt($challenge,$postvars['challenge'],$rr['prvkey']);
 		}
@@ -301,18 +298,14 @@
 		}
 
 		$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
-		if(($final_dfrn_id != $rr['dfrn-id']) || (($rr['duplex']) && ($final_dfrn_id != $rr['issued-id']))) {
+		if($final_dfrn_id != $idtosend) {
 			// did not decode properly - cannot trust this site 
 			continue;
 		}
 
-		$postvars['dfrn_id'] = (($duplex) ? $rr['issued-id'] : $rr['dfrn-id']);
+		$postvars['dfrn_id'] = $idtosend;
 
-		if($cmd == 'mail') {
-			$postvars['data'] = $atom;
-		}
-		elseif(((strlen($rr['dfrn-id'])) || (($rr['duplex']) && (strlen($rr['issued-id'])))) 
-			&& (! ($rr['blocked']) || ($rr['readonly']))) {
+		if((($rr['rel'] == DIRECTION_OUT) || ($rr['rel'] == DIRECTION_BOTH)) && (! $rr['blocked']) && (! $rr['readonly'])) {
 			$postvars['data'] = $atom;
 		}
 		else {

include/poller.php

@@ -15,6 +15,8 @@
 	require_once('simplepie/simplepie.inc');
 	require_once('include/items.php');
 
+	require_once('include/Contact.php');
+
 	$a->set_baseurl(get_config('system','url'));
 
 	$contacts = q("SELECT * FROM `contact` 
@@ -73,7 +75,7 @@
 			? datetime_convert('UTC','UTC','now - 30 days','Y-m-d\TH:i:s\Z')
 			: datetime_convert('UTC','UTC',$contact['last-update'],'Y-m-d\TH:i:s\Z'));
 
-		$idtosend = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']);
+		$idtosend = (($contact['dfrn-id']) ? $contact['dfrn-id'] : $contact['issued-id']);
 
 		$url = $contact['poll'] . '?dfrn_id=' . $idtosend . '&type=data&last_update=' . $last_update ;
 
@@ -87,9 +89,15 @@ echo "XML: " . $xml;
 
 		$res = simplexml_load_string($xml);
 
+		if(intval($res->status) == 1)
+			mark_for_death($contact);
+
 		if((intval($res->status) != 0) || (! strlen($res->challenge)) || (! strlen($res->dfrn_id)))
 			continue;
 
+		if($contact['term-date'] != '0000-00-00 00:00:00')
+			unmark_for_death($contact);
+
 		$postvars = array();
 
 		$sent_dfrn_id = hex2bin($res->dfrn_id);
@@ -97,7 +105,7 @@ echo "XML: " . $xml;
 
 		$final_dfrn_id = '';
 
-		if($contact['duplex']) {
+		if(($contact['duplex']) && strlen($contact['prvkey'])) {
 			openssl_private_decrypt($sent_dfrn_id,$final_dfrn_id,$contact['prvkey']);
 			openssl_private_decrypt($challenge,$postvars['challenge'],$contact['prvkey']);
 
@@ -108,13 +116,12 @@ echo "XML: " . $xml;
 		}
 
 		$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
-		if(($final_dfrn_id != $contact['dfrn-id']) 
-			|| (($contact['duplex']) && ($final_dfrn_id != $contact['issued-id']))) {
+		if($final_dfrn_id != $idtosend)
 			// did not decode properly - cannot trust this site 
 			continue;
 		}
 
-		$postvars['dfrn_id'] = (($contact['duplex']) ? $contact['issued-id'] : $contact['dfrn-id']);
+		$postvars['dfrn_id'] = $idtosend;
 
 		$xml = post_url($contact['poll'],$postvars);
 

index.php

@@ -42,23 +42,10 @@ if(strlen($a->module)) {
 	}
 	else {
 		header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
-		notice( t('Page not found' ) . EOL);
+		notice( t('Page not found.' ) . EOL);
 	}
 }
 
-// invoke module functions
-// Important: Modules normally do not emit content, unless you need it for debugging.
-// The module_init, module_post, and module_afterpost functions process URL parameters and POST processing.
-// The module_content function returns content text to this file where it is included on the page.
-// Modules emitting XML/Atom, etc. should do so idirectly and promptly exit before the HTML page can be rendered.
-// "Most" HTML resides in the view directory as text templates with macro substitution. 
-// They look like HTML with PHP variables but only a couple pass through the PHP processor - those with .php extensions.
-// The macro substitution is defined per page for the .tpl files. 
-// Information transfer between functions can be accomplished via the App session '$a' and its related variables.
-// x() queries both a variable's existence and that it is "non-zero" or "non-empty" depending on how it is called. 
-// q() is the SQL query form. All string (%s) variables MUST be passed through dbesc(). 
-// All int values MUST be cast to integer using intval(); 
-
 if($a->module_loaded) {
 	$a->page['page_title'] = $a->module;
 	if(function_exists($a->module . '_init')) {
@@ -85,6 +72,10 @@ if($a->module_loaded) {
 
 }
 
+if(stristr($_SESSION['sysmsg'], t('Permission denied'))) {
+	header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
+}
+
 // report anything important happening
 	
 if(x($_SESSION,'sysmsg')) {
@@ -93,11 +84,6 @@ if(x($_SESSION,'sysmsg')) {
 	unset($_SESSION['sysmsg']);
 }
 
-if(stristr($_SESSION['sysmsg'], t('Permission denied'))) {
-	header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
-}
-
-
 // Feel free to comment out this line on production sites.
 $a->page['content'] .= $debug_text;
 

library/HTMLPurifier.auto.php

@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * This is a stub include that automatically configures the include path.
+ */
+
+set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
+require_once 'HTMLPurifier/Bootstrap.php';
+require_once 'HTMLPurifier.autoload.php';
+
+// vim: et sw=4 sts=4

library/HTMLPurifier.autoload.php

@@ -0,0 +1,21 @@
+<?php
+
+/**
+ * @file
+ * Convenience file that registers autoload handler for HTML Purifier.
+ */
+
+if (function_exists('spl_autoload_register') && function_exists('spl_autoload_unregister')) {
+    // We need unregister for our pre-registering functionality
+    HTMLPurifier_Bootstrap::registerAutoload();
+    if (function_exists('__autoload')) {
+        // Be polite and ensure that userland autoload gets retained
+        spl_autoload_register('__autoload');
+    }
+} elseif (!function_exists('__autoload')) {
+    function __autoload($class) {
+        return HTMLPurifier_Bootstrap::autoload($class);
+    }
+}
+
+// vim: et sw=4 sts=4

library/HTMLPurifier.func.php

@@ -0,0 +1,23 @@
+<?php
+
+/**
+ * @file
+ * Defines a function wrapper for HTML Purifier for quick use.
+ * @note ''HTMLPurifier()'' is NOT the same as ''new HTMLPurifier()''
+ */
+
+/**
+ * Purify HTML.
+ * @param $html String HTML to purify
+ * @param $config Configuration to use, can be any value accepted by
+ *        HTMLPurifier_Config::create()
+ */
+function HTMLPurifier($html, $config = null) {
+    static $purifier = false;
+    if (!$purifier) {
+        $purifier = new HTMLPurifier();
+    }
+    return $purifier->purify($html, $config);
+}
+
+// vim: et sw=4 sts=4

library/HTMLPurifier.includes.php

@@ -0,0 +1,210 @@
+<?php
+
+/**
+ * @file
+ * This file was auto-generated by generate-includes.php and includes all of
+ * the core files required by HTML Purifier. Use this if performance is a
+ * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
+ * FILE, changes will be overwritten the next time the script is run.
+ *
+ * @version 4.1.1
+ *
+ * @warning
+ *      You must *not* include any other HTML Purifier files before this file,
+ *      because 'require' not 'require_once' is used.
+ *
+ * @warning
+ *      This file requires that the include path contains the HTML Purifier
+ *      library directory; this is not auto-set.
+ */
+
+require 'HTMLPurifier.php';
+require 'HTMLPurifier/AttrCollections.php';
+require 'HTMLPurifier/AttrDef.php';
+require 'HTMLPurifier/AttrTransform.php';
+require 'HTMLPurifier/AttrTypes.php';
+require 'HTMLPurifier/AttrValidator.php';
+require 'HTMLPurifier/Bootstrap.php';
+require 'HTMLPurifier/Definition.php';
+require 'HTMLPurifier/CSSDefinition.php';
+require 'HTMLPurifier/ChildDef.php';
+require 'HTMLPurifier/Config.php';
+require 'HTMLPurifier/ConfigSchema.php';
+require 'HTMLPurifier/ContentSets.php';
+require 'HTMLPurifier/Context.php';
+require 'HTMLPurifier/DefinitionCache.php';
+require 'HTMLPurifier/DefinitionCacheFactory.php';
+require 'HTMLPurifier/Doctype.php';
+require 'HTMLPurifier/DoctypeRegistry.php';
+require 'HTMLPurifier/ElementDef.php';
+require 'HTMLPurifier/Encoder.php';
+require 'HTMLPurifier/EntityLookup.php';
+require 'HTMLPurifier/EntityParser.php';
+require 'HTMLPurifier/ErrorCollector.php';
+require 'HTMLPurifier/ErrorStruct.php';
+require 'HTMLPurifier/Exception.php';
+require 'HTMLPurifier/Filter.php';
+require 'HTMLPurifier/Generator.php';
+require 'HTMLPurifier/HTMLDefinition.php';
+require 'HTMLPurifier/HTMLModule.php';
+require 'HTMLPurifier/HTMLModuleManager.php';
+require 'HTMLPurifier/IDAccumulator.php';
+require 'HTMLPurifier/Injector.php';
+require 'HTMLPurifier/Language.php';
+require 'HTMLPurifier/LanguageFactory.php';
+require 'HTMLPurifier/Length.php';
+require 'HTMLPurifier/Lexer.php';
+require 'HTMLPurifier/PercentEncoder.php';
+require 'HTMLPurifier/PropertyList.php';
+require 'HTMLPurifier/PropertyListIterator.php';
+require 'HTMLPurifier/Strategy.php';
+require 'HTMLPurifier/StringHash.php';
+require 'HTMLPurifier/StringHashParser.php';
+require 'HTMLPurifier/TagTransform.php';
+require 'HTMLPurifier/Token.php';
+require 'HTMLPurifier/TokenFactory.php';
+require 'HTMLPurifier/URI.php';
+require 'HTMLPurifier/URIDefinition.php';
+require 'HTMLPurifier/URIFilter.php';
+require 'HTMLPurifier/URIParser.php';
+require 'HTMLPurifier/URIScheme.php';
+require 'HTMLPurifier/URISchemeRegistry.php';
+require 'HTMLPurifier/UnitConverter.php';
+require 'HTMLPurifier/VarParser.php';
+require 'HTMLPurifier/VarParserException.php';
+require 'HTMLPurifier/AttrDef/CSS.php';
+require 'HTMLPurifier/AttrDef/Enum.php';
+require 'HTMLPurifier/AttrDef/Integer.php';
+require 'HTMLPurifier/AttrDef/Lang.php';
+require 'HTMLPurifier/AttrDef/Switch.php';
+require 'HTMLPurifier/AttrDef/Text.php';
+require 'HTMLPurifier/AttrDef/URI.php';
+require 'HTMLPurifier/AttrDef/CSS/Number.php';
+require 'HTMLPurifier/AttrDef/CSS/AlphaValue.php';
+require 'HTMLPurifier/AttrDef/CSS/Background.php';
+require 'HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
+require 'HTMLPurifier/AttrDef/CSS/Border.php';
+require 'HTMLPurifier/AttrDef/CSS/Color.php';
+require 'HTMLPurifier/AttrDef/CSS/Composite.php';
+require 'HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
+require 'HTMLPurifier/AttrDef/CSS/Filter.php';
+require 'HTMLPurifier/AttrDef/CSS/Font.php';
+require 'HTMLPurifier/AttrDef/CSS/FontFamily.php';
+require 'HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
+require 'HTMLPurifier/AttrDef/CSS/Length.php';
+require 'HTMLPurifier/AttrDef/CSS/ListStyle.php';
+require 'HTMLPurifier/AttrDef/CSS/Multiple.php';
+require 'HTMLPurifier/AttrDef/CSS/Percentage.php';
+require 'HTMLPurifier/AttrDef/CSS/TextDecoration.php';
+require 'HTMLPurifier/AttrDef/CSS/URI.php';
+require 'HTMLPurifier/AttrDef/HTML/Bool.php';
+require 'HTMLPurifier/AttrDef/HTML/Nmtokens.php';
+require 'HTMLPurifier/AttrDef/HTML/Class.php';
+require 'HTMLPurifier/AttrDef/HTML/Color.php';
+require 'HTMLPurifier/AttrDef/HTML/FrameTarget.php';
+require 'HTMLPurifier/AttrDef/HTML/ID.php';
+require 'HTMLPurifier/AttrDef/HTML/Pixels.php';
+require 'HTMLPurifier/AttrDef/HTML/Length.php';
+require 'HTMLPurifier/AttrDef/HTML/LinkTypes.php';
+require 'HTMLPurifier/AttrDef/HTML/MultiLength.php';
+require 'HTMLPurifier/AttrDef/URI/Email.php';
+require 'HTMLPurifier/AttrDef/URI/Host.php';
+require 'HTMLPurifier/AttrDef/URI/IPv4.php';
+require 'HTMLPurifier/AttrDef/URI/IPv6.php';
+require 'HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
+require 'HTMLPurifier/AttrTransform/Background.php';
+require 'HTMLPurifier/AttrTransform/BdoDir.php';
+require 'HTMLPurifier/AttrTransform/BgColor.php';
+require 'HTMLPurifier/AttrTransform/BoolToCSS.php';
+require 'HTMLPurifier/AttrTransform/Border.php';
+require 'HTMLPurifier/AttrTransform/EnumToCSS.php';
+require 'HTMLPurifier/AttrTransform/ImgRequired.php';
+require 'HTMLPurifier/AttrTransform/ImgSpace.php';
+require 'HTMLPurifier/AttrTransform/Input.php';
+require 'HTMLPurifier/AttrTransform/Lang.php';
+require 'HTMLPurifier/AttrTransform/Length.php';
+require 'HTMLPurifier/AttrTransform/Name.php';
+require 'HTMLPurifier/AttrTransform/NameSync.php';
+require 'HTMLPurifier/AttrTransform/SafeEmbed.php';
+require 'HTMLPurifier/AttrTransform/SafeObject.php';
+require 'HTMLPurifier/AttrTransform/SafeParam.php';
+require 'HTMLPurifier/AttrTransform/ScriptRequired.php';
+require 'HTMLPurifier/AttrTransform/Textarea.php';
+require 'HTMLPurifier/ChildDef/Chameleon.php';
+require 'HTMLPurifier/ChildDef/Custom.php';
+require 'HTMLPurifier/ChildDef/Empty.php';
+require 'HTMLPurifier/ChildDef/Required.php';
+require 'HTMLPurifier/ChildDef/Optional.php';
+require 'HTMLPurifier/ChildDef/StrictBlockquote.php';
+require 'HTMLPurifier/ChildDef/Table.php';
+require 'HTMLPurifier/DefinitionCache/Decorator.php';
+require 'HTMLPurifier/DefinitionCache/Null.php';
+require 'HTMLPurifier/DefinitionCache/Serializer.php';
+require 'HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
+require 'HTMLPurifier/DefinitionCache/Decorator/Memory.php';
+require 'HTMLPurifier/HTMLModule/Bdo.php';
+require 'HTMLPurifier/HTMLModule/CommonAttributes.php';
+require 'HTMLPurifier/HTMLModule/Edit.php';
+require 'HTMLPurifier/HTMLModule/Forms.php';
+require 'HTMLPurifier/HTMLModule/Hypertext.php';
+require 'HTMLPurifier/HTMLModule/Image.php';
+require 'HTMLPurifier/HTMLModule/Legacy.php';
+require 'HTMLPurifier/HTMLModule/List.php';
+require 'HTMLPurifier/HTMLModule/Name.php';
+require 'HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
+require 'HTMLPurifier/HTMLModule/Object.php';
+require 'HTMLPurifier/HTMLModule/Presentation.php';
+require 'HTMLPurifier/HTMLModule/Proprietary.php';
+require 'HTMLPurifier/HTMLModule/Ruby.php';
+require 'HTMLPurifier/HTMLModule/SafeEmbed.php';
+require 'HTMLPurifier/HTMLModule/SafeObject.php';
+require 'HTMLPurifier/HTMLModule/Scripting.php';
+require 'HTMLPurifier/HTMLModule/StyleAttribute.php';
+require 'HTMLPurifier/HTMLModule/Tables.php';
+require 'HTMLPurifier/HTMLModule/Target.php';
+require 'HTMLPurifier/HTMLModule/Text.php';
+require 'HTMLPurifier/HTMLModule/Tidy.php';
+require 'HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Name.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
+require 'HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Strict.php';
+require 'HTMLPurifier/HTMLModule/Tidy/Transitional.php';
+require 'HTMLPurifier/HTMLModule/Tidy/XHTML.php';
+require 'HTMLPurifier/Injector/AutoParagraph.php';
+require 'HTMLPurifier/Injector/DisplayLinkURI.php';
+require 'HTMLPurifier/Injector/Linkify.php';
+require 'HTMLPurifier/Injector/PurifierLinkify.php';
+require 'HTMLPurifier/Injector/RemoveEmpty.php';
+require 'HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
+require 'HTMLPurifier/Injector/SafeObject.php';
+require 'HTMLPurifier/Lexer/DOMLex.php';
+require 'HTMLPurifier/Lexer/DirectLex.php';
+require 'HTMLPurifier/Strategy/Composite.php';
+require 'HTMLPurifier/Strategy/Core.php';
+require 'HTMLPurifier/Strategy/FixNesting.php';
+require 'HTMLPurifier/Strategy/MakeWellFormed.php';
+require 'HTMLPurifier/Strategy/RemoveForeignElements.php';
+require 'HTMLPurifier/Strategy/ValidateAttributes.php';
+require 'HTMLPurifier/TagTransform/Font.php';
+require 'HTMLPurifier/TagTransform/Simple.php';
+require 'HTMLPurifier/Token/Comment.php';
+require 'HTMLPurifier/Token/Tag.php';
+require 'HTMLPurifier/Token/Empty.php';
+require 'HTMLPurifier/Token/End.php';
+require 'HTMLPurifier/Token/Start.php';
+require 'HTMLPurifier/Token/Text.php';
+require 'HTMLPurifier/URIFilter/DisableExternal.php';
+require 'HTMLPurifier/URIFilter/DisableExternalResources.php';
+require 'HTMLPurifier/URIFilter/HostBlacklist.php';
+require 'HTMLPurifier/URIFilter/MakeAbsolute.php';
+require 'HTMLPurifier/URIFilter/Munge.php';
+require 'HTMLPurifier/URIScheme/data.php';
+require 'HTMLPurifier/URIScheme/ftp.php';
+require 'HTMLPurifier/URIScheme/http.php';
+require 'HTMLPurifier/URIScheme/https.php';
+require 'HTMLPurifier/URIScheme/mailto.php';
+require 'HTMLPurifier/URIScheme/news.php';
+require 'HTMLPurifier/URIScheme/nntp.php';
+require 'HTMLPurifier/VarParser/Flexible.php';
+require 'HTMLPurifier/VarParser/Native.php';

library/HTMLPurifier.kses.php

@@ -0,0 +1,30 @@
+<?php
+
+/**
+ * @file
+ * Emulation layer for code that used kses(), substituting in HTML Purifier.
+ */
+
+require_once dirname(__FILE__) . '/HTMLPurifier.auto.php';
+
+function kses($string, $allowed_html, $allowed_protocols = null) {
+    $config = HTMLPurifier_Config::createDefault();
+    $allowed_elements = array();
+    $allowed_attributes = array();
+    foreach ($allowed_html as $element => $attributes) {
+        $allowed_elements[$element] = true;
+        foreach ($attributes as $attribute => $x) {
+            $allowed_attributes["$element.$attribute"] = true;
+        }
+    }
+    $config->set('HTML.AllowedElements', $allowed_elements);
+    $config->set('HTML.AllowedAttributes', $allowed_attributes);
+    $allowed_schemes = array();
+    if ($allowed_protocols !== null) {
+        $config->set('URI.AllowedSchemes', $allowed_protocols);
+    }
+    $purifier = new HTMLPurifier($config);
+    return $purifier->purify($string);
+}
+
+// vim: et sw=4 sts=4

library/HTMLPurifier.path.php

@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * @file
+ * Convenience stub file that adds HTML Purifier's library file to the path
+ * without any other side-effects.
+ */
+
+set_include_path(dirname(__FILE__) . PATH_SEPARATOR . get_include_path() );
+
+// vim: et sw=4 sts=4

library/HTMLPurifier.php

@@ -0,0 +1,237 @@
+<?php
+
+/*! @mainpage
+ *
+ * HTML Purifier is an HTML filter that will take an arbitrary snippet of
+ * HTML and rigorously test, validate and filter it into a version that
+ * is safe for output onto webpages. It achieves this by:
+ *
+ *  -# Lexing (parsing into tokens) the document,
+ *  -# Executing various strategies on the tokens:
+ *      -# Removing all elements not in the whitelist,
+ *      -# Making the tokens well-formed,
+ *      -# Fixing the nesting of the nodes, and
+ *      -# Validating attributes of the nodes; and
+ *  -# Generating HTML from the purified tokens.
+ *
+ * However, most users will only need to interface with the HTMLPurifier
+ * and HTMLPurifier_Config.
+ */
+
+/*
+    HTML Purifier 4.1.1 - Standards Compliant HTML Filtering
+    Copyright (C) 2006-2008 Edward Z. Yang
+
+    This library is free software; you can redistribute it and/or
+    modify it under the terms of the GNU Lesser General Public
+    License as published by the Free Software Foundation; either
+    version 2.1 of the License, or (at your option) any later version.
+
+    This library is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    Lesser General Public License for more details.
+
+    You should have received a copy of the GNU Lesser General Public
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ */
+
+/**
+ * Facade that coordinates HTML Purifier's subsystems in order to purify HTML.
+ *
+ * @note There are several points in which configuration can be specified
+ *       for HTML Purifier.  The precedence of these (from lowest to
+ *       highest) is as follows:
+ *          -# Instance: new HTMLPurifier($config)
+ *          -# Invocation: purify($html, $config)
+ *       These configurations are entirely independent of each other and
+ *       are *not* merged (this behavior may change in the future).
+ *
+ * @todo We need an easier way to inject strategies using the configuration
+ *       object.
+ */
+class HTMLPurifier
+{
+
+    /** Version of HTML Purifier */
+    public $version = '4.1.1';
+
+    /** Constant with version of HTML Purifier */
+    const VERSION = '4.1.1';
+
+    /** Global configuration object */
+    public $config;
+
+    /** Array of extra HTMLPurifier_Filter objects to run on HTML, for backwards compatibility */
+    private $filters = array();
+
+    /** Single instance of HTML Purifier */
+    private static $instance;
+
+    protected $strategy, $generator;
+
+    /**
+     * Resultant HTMLPurifier_Context of last run purification. Is an array
+     * of contexts if the last called method was purifyArray().
+     */
+    public $context;
+
+    /**
+     * Initializes the purifier.
+     * @param $config Optional HTMLPurifier_Config object for all instances of
+     *                the purifier, if omitted, a default configuration is
+     *                supplied (which can be overridden on a per-use basis).
+     *                The parameter can also be any type that
+     *                HTMLPurifier_Config::create() supports.
+     */
+    public function __construct($config = null) {
+
+        $this->config = HTMLPurifier_Config::create($config);
+
+        $this->strategy     = new HTMLPurifier_Strategy_Core();
+
+    }
+
+    /**
+     * Adds a filter to process the output. First come first serve
+     * @param $filter HTMLPurifier_Filter object
+     */
+    public function addFilter($filter) {
+        trigger_error('HTMLPurifier->addFilter() is deprecated, use configuration directives in the Filter namespace or Filter.Custom', E_USER_WARNING);
+        $this->filters[] = $filter;
+    }
+
+    /**
+     * Filters an HTML snippet/document to be XSS-free and standards-compliant.
+     *
+     * @param $html String of HTML to purify
+     * @param $config HTMLPurifier_Config object for this operation, if omitted,
+     *                defaults to the config object specified during this
+     *                object's construction. The parameter can also be any type
+     *                that HTMLPurifier_Config::create() supports.
+     * @return Purified HTML
+     */
+    public function purify($html, $config = null) {
+
+        // :TODO: make the config merge in, instead of replace
+        $config = $config ? HTMLPurifier_Config::create($config) : $this->config;
+
+        // implementation is partially environment dependant, partially
+        // configuration dependant
+        $lexer = HTMLPurifier_Lexer::create($config);
+
+        $context = new HTMLPurifier_Context();
+
+        // setup HTML generator
+        $this->generator = new HTMLPurifier_Generator($config, $context);
+        $context->register('Generator', $this->generator);
+
+        // set up global context variables
+        if ($config->get('Core.CollectErrors')) {
+            // may get moved out if other facilities use it
+            $language_factory = HTMLPurifier_LanguageFactory::instance();
+            $language = $language_factory->create($config, $context);
+            $context->register('Locale', $language);
+
+            $error_collector = new HTMLPurifier_ErrorCollector($context);
+            $context->register('ErrorCollector', $error_collector);
+        }
+
+        // setup id_accumulator context, necessary due to the fact that
+        // AttrValidator can be called from many places
+        $id_accumulator = HTMLPurifier_IDAccumulator::build($config, $context);
+        $context->register('IDAccumulator', $id_accumulator);
+
+        $html = HTMLPurifier_Encoder::convertToUTF8($html, $config, $context);
+
+        // setup filters
+        $filter_flags = $config->getBatch('Filter');
+        $custom_filters = $filter_flags['Custom'];
+        unset($filter_flags['Custom']);
+        $filters = array();
+        foreach ($filter_flags as $filter => $flag) {
+            if (!$flag) continue;
+            if (strpos($filter, '.') !== false) continue;
+            $class = "HTMLPurifier_Filter_$filter";
+            $filters[] = new $class;
+        }
+        foreach ($custom_filters as $filter) {
+            // maybe "HTMLPurifier_Filter_$filter", but be consistent with AutoFormat
+            $filters[] = $filter;
+        }
+        $filters = array_merge($filters, $this->filters);
+        // maybe prepare(), but later
+
+        for ($i = 0, $filter_size = count($filters); $i < $filter_size; $i++) {
+            $html = $filters[$i]->preFilter($html, $config, $context);
+        }
+
+        // purified HTML
+        $html =
+            $this->generator->generateFromTokens(
+                // list of tokens
+                $this->strategy->execute(
+                    // list of un-purified tokens
+                    $lexer->tokenizeHTML(
+                        // un-purified HTML
+                        $html, $config, $context
+                    ),
+                    $config, $context
+                )
+            );
+
+        for ($i = $filter_size - 1; $i >= 0; $i--) {
+            $html = $filters[$i]->postFilter($html, $config, $context);
+        }
+
+        $html = HTMLPurifier_Encoder::convertFromUTF8($html, $config, $context);
+        $this->context =& $context;
+        return $html;
+    }
+
+    /**
+     * Filters an array of HTML snippets
+     * @param $config Optional HTMLPurifier_Config object for this operation.
+     *                See HTMLPurifier::purify() for more details.
+     * @return Array of purified HTML
+     */
+    public function purifyArray($array_of_html, $config = null) {
+        $context_array = array();
+        foreach ($array_of_html as $key => $html) {
+            $array_of_html[$key] = $this->purify($html, $config);
+            $context_array[$key] = $this->context;
+        }
+        $this->context = $context_array;
+        return $array_of_html;
+    }
+
+    /**
+     * Singleton for enforcing just one HTML Purifier in your system
+     * @param $prototype Optional prototype HTMLPurifier instance to
+     *                   overload singleton with, or HTMLPurifier_Config
+     *                   instance to configure the generated version with.
+     */
+    public static function instance($prototype = null) {
+        if (!self::$instance || $prototype) {
+            if ($prototype instanceof HTMLPurifier) {
+                self::$instance = $prototype;
+            } elseif ($prototype) {
+                self::$instance = new HTMLPurifier($prototype);
+            } else {
+                self::$instance = new HTMLPurifier();
+            }
+        }
+        return self::$instance;
+    }
+
+    /**
+     * @note Backwards compatibility, see instance()
+     */
+    public static function getInstance($prototype = null) {
+        return HTMLPurifier::instance($prototype);
+    }
+
+}
+
+// vim: et sw=4 sts=4

library/HTMLPurifier.safe-includes.php

@@ -0,0 +1,204 @@
+<?php
+
+/**
+ * @file
+ * This file was auto-generated by generate-includes.php and includes all of
+ * the core files required by HTML Purifier. This is a convenience stub that
+ * includes all files using dirname(__FILE__) and require_once. PLEASE DO NOT
+ * EDIT THIS FILE, changes will be overwritten the next time the script is run.
+ *
+ * Changes to include_path are not necessary.
+ */
+
+$__dir = dirname(__FILE__);
+
+require_once $__dir . '/HTMLPurifier.php';
+require_once $__dir . '/HTMLPurifier/AttrCollections.php';
+require_once $__dir . '/HTMLPurifier/AttrDef.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform.php';
+require_once $__dir . '/HTMLPurifier/AttrTypes.php';
+require_once $__dir . '/HTMLPurifier/AttrValidator.php';
+require_once $__dir . '/HTMLPurifier/Bootstrap.php';
+require_once $__dir . '/HTMLPurifier/Definition.php';
+require_once $__dir . '/HTMLPurifier/CSSDefinition.php';
+require_once $__dir . '/HTMLPurifier/ChildDef.php';
+require_once $__dir . '/HTMLPurifier/Config.php';
+require_once $__dir . '/HTMLPurifier/ConfigSchema.php';
+require_once $__dir . '/HTMLPurifier/ContentSets.php';
+require_once $__dir . '/HTMLPurifier/Context.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCacheFactory.php';
+require_once $__dir . '/HTMLPurifier/Doctype.php';
+require_once $__dir . '/HTMLPurifier/DoctypeRegistry.php';
+require_once $__dir . '/HTMLPurifier/ElementDef.php';
+require_once $__dir . '/HTMLPurifier/Encoder.php';
+require_once $__dir . '/HTMLPurifier/EntityLookup.php';
+require_once $__dir . '/HTMLPurifier/EntityParser.php';
+require_once $__dir . '/HTMLPurifier/ErrorCollector.php';
+require_once $__dir . '/HTMLPurifier/ErrorStruct.php';
+require_once $__dir . '/HTMLPurifier/Exception.php';
+require_once $__dir . '/HTMLPurifier/Filter.php';
+require_once $__dir . '/HTMLPurifier/Generator.php';
+require_once $__dir . '/HTMLPurifier/HTMLDefinition.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule.php';
+require_once $__dir . '/HTMLPurifier/HTMLModuleManager.php';
+require_once $__dir . '/HTMLPurifier/IDAccumulator.php';
+require_once $__dir . '/HTMLPurifier/Injector.php';
+require_once $__dir . '/HTMLPurifier/Language.php';
+require_once $__dir . '/HTMLPurifier/LanguageFactory.php';
+require_once $__dir . '/HTMLPurifier/Length.php';
+require_once $__dir . '/HTMLPurifier/Lexer.php';
+require_once $__dir . '/HTMLPurifier/PercentEncoder.php';
+require_once $__dir . '/HTMLPurifier/PropertyList.php';
+require_once $__dir . '/HTMLPurifier/PropertyListIterator.php';
+require_once $__dir . '/HTMLPurifier/Strategy.php';
+require_once $__dir . '/HTMLPurifier/StringHash.php';
+require_once $__dir . '/HTMLPurifier/StringHashParser.php';
+require_once $__dir . '/HTMLPurifier/TagTransform.php';
+require_once $__dir . '/HTMLPurifier/Token.php';
+require_once $__dir . '/HTMLPurifier/TokenFactory.php';
+require_once $__dir . '/HTMLPurifier/URI.php';
+require_once $__dir . '/HTMLPurifier/URIDefinition.php';
+require_once $__dir . '/HTMLPurifier/URIFilter.php';
+require_once $__dir . '/HTMLPurifier/URIParser.php';
+require_once $__dir . '/HTMLPurifier/URIScheme.php';
+require_once $__dir . '/HTMLPurifier/URISchemeRegistry.php';
+require_once $__dir . '/HTMLPurifier/UnitConverter.php';
+require_once $__dir . '/HTMLPurifier/VarParser.php';
+require_once $__dir . '/HTMLPurifier/VarParserException.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Enum.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Integer.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Lang.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Switch.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/Text.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Number.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/AlphaValue.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Background.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/BackgroundPosition.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Border.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Color.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Composite.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/DenyElementDecorator.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Filter.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Font.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/FontFamily.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ImportantDecorator.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/ListStyle.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Multiple.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/Percentage.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/TextDecoration.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/CSS/URI.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Bool.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Nmtokens.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Class.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Color.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/FrameTarget.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/ID.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Pixels.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/LinkTypes.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/HTML/MultiLength.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Host.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv4.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/IPv6.php';
+require_once $__dir . '/HTMLPurifier/AttrDef/URI/Email/SimpleCheck.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Background.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BdoDir.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BgColor.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/BoolToCSS.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Border.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/EnumToCSS.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ImgRequired.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ImgSpace.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Input.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Lang.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Length.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Name.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/NameSync.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeEmbed.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/SafeParam.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/ScriptRequired.php';
+require_once $__dir . '/HTMLPurifier/AttrTransform/Textarea.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Chameleon.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Custom.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Empty.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Required.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Optional.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/StrictBlockquote.php';
+require_once $__dir . '/HTMLPurifier/ChildDef/Table.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Null.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Serializer.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Cleanup.php';
+require_once $__dir . '/HTMLPurifier/DefinitionCache/Decorator/Memory.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Bdo.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/CommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Edit.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Forms.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Hypertext.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Image.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Legacy.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/List.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Name.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/NonXMLCommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Object.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Presentation.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Proprietary.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Ruby.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/SafeEmbed.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Scripting.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/StyleAttribute.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tables.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Target.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Text.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/XMLCommonAttributes.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Name.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Proprietary.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTMLAndHTML4.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Strict.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/Transitional.php';
+require_once $__dir . '/HTMLPurifier/HTMLModule/Tidy/XHTML.php';
+require_once $__dir . '/HTMLPurifier/Injector/AutoParagraph.php';
+require_once $__dir . '/HTMLPurifier/Injector/DisplayLinkURI.php';
+require_once $__dir . '/HTMLPurifier/Injector/Linkify.php';
+require_once $__dir . '/HTMLPurifier/Injector/PurifierLinkify.php';
+require_once $__dir . '/HTMLPurifier/Injector/RemoveEmpty.php';
+require_once $__dir . '/HTMLPurifier/Injector/RemoveSpansWithoutAttributes.php';
+require_once $__dir . '/HTMLPurifier/Injector/SafeObject.php';
+require_once $__dir . '/HTMLPurifier/Lexer/DOMLex.php';
+require_once $__dir . '/HTMLPurifier/Lexer/DirectLex.php';
+require_once $__dir . '/HTMLPurifier/Strategy/Composite.php';
+require_once $__dir . '/HTMLPurifier/Strategy/Core.php';