Fix various encoding issues (#477)

* fix html-entity issue in username

* remove kses

let other platforms decide what to allow and what not

* Remove html_entity_decode to prevent encoding issues (#454)

I've tested this on content which includes MarkDown, HTML, encoded entities, unencoded entities, etc.

Fixes #445

Co-authored-by: Matthias Pfefferle <[email protected]>

* remove allowed tags

---------

Co-authored-by: Terence Eden <[email protected]>

Author: pfefferle

includes/model/class-blog-user.php

@@ -67,7 +67,13 @@ public function get_type() {
 	 * @return string The User-Name.
 	 */
 	public function get_name() {
-		return \esc_html( \get_bloginfo( 'name' ) );
+		return \wp_strip_all_tags(
+			\html_entity_decode(
+				\get_bloginfo( 'name' ),
+				\ENT_QUOTES,
+				'UTF-8'
+			)
+		);
 	}
 
 	/**

includes/transformer/class-post.php

@@ -30,58 +30,6 @@ class Post {
 	 */
 	protected $wp_post;
 
-	/**
-	 * The Allowed Tags, used in the content.
-	 *
-	 * @var array
-	 */
-	protected $allowed_tags = array(
-		'a' => array(
-			'href' => array(),
-			'title' => array(),
-			'class' => array(),
-			'rel' => array(),
-		),
-		'br' => array(),
-		'p' => array(
-			'class' => array(),
-		),
-		'span' => array(
-			'class' => array(),
-		),
-		'div' => array(
-			'class' => array(),
-		),
-		'ul' => array(),
-		'ol' => array(
-			'reversed' => array(),
-			'start'    => array(),
-		),
-		'li' => array(
-			'value' => array(),
-		),
-		'strong' => array(
-			'class' => array(),
-		),
-		'b' => array(
-			'class' => array(),
-		),
-		'i' => array(
-			'class' => array(),
-		),
-		'em' => array(
-			'class' => array(),
-		),
-		'blockquote' => array(),
-		'cite' => array(),
-		'code' => array(
-			'class' => array(),
-		),
-		'pre' => array(
-			'class' => array(),
-		),
-	);
-
 	/**
 	 * Static function to Transform a WP_Post Object.
 	 *
@@ -513,13 +461,11 @@ protected function get_content() {
 		$content = do_shortcode( $content );
 		wp_reset_postdata();
 
-		$content = \wp_kses( $content, $this->allowed_tags );
 		$content = \wpautop( $content );
 		$content = \preg_replace( '/[\n\r\t]/', '', $content );
 		$content = \trim( $content );
 
 		$content = \apply_filters( 'activitypub_the_content', $content, $post );
-		$content = \html_entity_decode( $content, \ENT_QUOTES, 'UTF-8' );
 
 		return $content;
 	}