From e934e9f05e9315907dfebb83685510c0961c34aa Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Wed, 29 Apr 2020 19:12:29 +0300
Subject: [PATCH] sanitize: simplify initial attribute processing

---
 include/functions.php | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/include/functions.php b/include/functions.php
index da409ed01..fb05b0f5c 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1264,7 +1264,7 @@
 
 		$rewrite_base_url = $site_url ? $site_url : get_self_url_prefix();
 
-		$entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src]|//picture/source[@src]|//picture/source[@srcset])');
+		$entries = $xpath->query('(//a[@href]|//img[@src]|//source[@srcset|@src])');
 
 		foreach ($entries as $entry) {
 
@@ -1273,11 +1273,12 @@
 					rewrite_relative_url($rewrite_base_url, $entry->getAttribute('href')));
 
 				$entry->setAttribute('rel', 'noopener noreferrer');
+				$entry->setAttribute("target", "_blank");
 			}
 
 			if ($entry->hasAttribute('src')) {
-				$src = rewrite_relative_url($rewrite_base_url, $entry->getAttribute('src'));
-				$entry->setAttribute('src', $src);
+				$entry->setAttribute('src',
+					rewrite_relative_url($rewrite_base_url, $entry->getAttribute('src')));
 			}
 
 			if ($entry->nodeName == 'img') {
@@ -1321,17 +1322,10 @@
 						$entry->parentNode->parentNode->replaceChild($p, $entry->parentNode);
 
 				} else if ($entry->nodeName == 'img') {
-
 					if ($entry->parentNode)
 						$entry->parentNode->replaceChild($p, $entry);
-
 				}
 			}
-
-			if (strtolower($entry->nodeName) == "a") {
-				$entry->setAttribute("target", "_blank");
-				$entry->setAttribute("rel", "noopener noreferrer");
-			}
 		}
 
 		$entries = $xpath->query('//iframe');
@@ -1377,7 +1371,7 @@
 		$doc->removeChild($doc->firstChild); //remove doctype
 		$doc = strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes);
 
-		if ($highlight_words) {
+		if ($highlight_words && is_array($highlight_words)) {
 			foreach ($highlight_words as $word) {
 
 				// http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph
@@ -1767,6 +1761,7 @@
 	 */
 	function error_json($code) {
 		require_once "errors.php";
+		global $ERRORS;
 
 		@$message = $ERRORS[$code];