diff options
author | Hubzilla <hubzilla@hz.macgirvin.com> | 2017-01-19 15:37:30 -0800 |
---|---|---|
committer | Hubzilla <hubzilla@hz.macgirvin.com> | 2017-01-19 15:37:30 -0800 |
commit | 96f196febda488e1db2d9a677fd5eb736aa76ae6 (patch) | |
tree | 8e97ca43e8f963b46effe4baee587ebd76892d6d | |
parent | 5ce96b9b95c6b3497bfb49fd086a23a2dedb4e2e (diff) | |
download | volse-hubzilla-96f196febda488e1db2d9a677fd5eb736aa76ae6.tar.gz volse-hubzilla-96f196febda488e1db2d9a677fd5eb736aa76ae6.tar.bz2 volse-hubzilla-96f196febda488e1db2d9a677fd5eb736aa76ae6.zip |
add gen_link_id() function to selectively encode/decode the message-id component of /display/ links for message-ids that contain troublesome characters
-rw-r--r-- | Zotlabs/Lib/ThreadItem.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Display.php | 16 | ||||
-rw-r--r-- | Zotlabs/Module/Item.php | 8 | ||||
-rw-r--r-- | Zotlabs/Module/Like.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Subthread.php | 2 | ||||
-rw-r--r-- | Zotlabs/Module/Tagger.php | 2 | ||||
-rw-r--r-- | include/conversation.php | 2 | ||||
-rw-r--r-- | include/event.php | 2 | ||||
-rwxr-xr-x | include/items.php | 4 | ||||
-rw-r--r-- | include/text.php | 9 |
10 files changed, 31 insertions, 18 deletions
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php index 69a1216c7..adf3e318d 100644 --- a/Zotlabs/Lib/ThreadItem.php +++ b/Zotlabs/Lib/ThreadItem.php @@ -409,7 +409,7 @@ class ThreadItem { 'comment' => $this->get_comment_box($indent), 'previewing' => ($conv->is_preview() ? ' preview ' : ''), 'wait' => t('Please wait'), - 'submid' => substr($item['mid'],0,32), + 'submid' => base64_encode(substr($item['mid'],0,32)), 'thread_level' => $thread_level ); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 42f6dd4ac..638aa881a 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -30,12 +30,10 @@ class Display extends \Zotlabs\Web\Controller { if(argc() > 1 && argv(1) !== 'load') $item_hash = argv(1); - if($_REQUEST['mid']) $item_hash = $_REQUEST['mid']; - - - if(! $item_hash) { + + if(! $item_hash) { \App::$error = 404; notice( t('Item not found.') . EOL); return; @@ -93,9 +91,15 @@ class Display extends \Zotlabs\Web\Controller { // find a copy of the item somewhere $target_item = null; - + + if(strpos($item_hash,'b64.') === 0) + $decoded = @base64url_decode(substr($item_hash,4)); + if($decoded) + $item_hash = $decoded; + $r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1", - dbesc($item_hash . '%') + dbesc($item_hash . '%'), + dbesc($decoded . '%') ); if($r) { diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index d5fac306b..48992a676 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -724,6 +724,8 @@ class Item extends \Zotlabs\Web\Controller { if(! $mid) { $mid = (($message_id) ? $message_id : item_message_id()); } + + if(! $parent_mid) { $parent_mid = $mid; } @@ -935,7 +937,7 @@ class Item extends \Zotlabs\Web\Controller { 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, - 'link' => z_root() . '/display/' . urlencode($datarray['mid']), + 'link' => z_root() . '/display/' . gen_link_id($datarray['mid']), 'verb' => ACTIVITY_POST, 'otype' => 'item', 'parent' => $parent, @@ -953,7 +955,7 @@ class Item extends \Zotlabs\Web\Controller { 'from_xchan' => $datarray['author_xchan'], 'to_xchan' => $datarray['owner_xchan'], 'item' => $datarray, - 'link' => z_root() . '/display/' . urlencode($datarray['mid']), + 'link' => z_root() . '/display/' . gen_link_id($datarray['mid']), 'verb' => ACTIVITY_POST, 'otype' => 'item' )); @@ -1005,7 +1007,7 @@ class Item extends \Zotlabs\Web\Controller { } $datarray['id'] = $post_id; - $datarray['llink'] = z_root() . '/display/' . urlencode($datarray['mid']); + $datarray['llink'] = z_root() . '/display/' . gen_link_id($datarray['mid']); call_hooks('post_local_end', $datarray); diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php index c1fefcb89..5ce8ec7f0 100644 --- a/Zotlabs/Module/Like.php +++ b/Zotlabs/Module/Like.php @@ -447,7 +447,7 @@ class Like extends \Zotlabs\Web\Controller { $arr['thr_parent'] = $item['mid']; $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; - $plink = '[zrl=' . z_root() . '/display/' . urlencode($item['mid']) . ']' . $post_type . '[/zrl]'; + $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]'; $allow_cid = $item['allow_cid']; $allow_gid = $item['allow_gid']; $deny_cid = $item['deny_cid']; diff --git a/Zotlabs/Module/Subthread.php b/Zotlabs/Module/Subthread.php index 2fced8f48..dae8bf020 100644 --- a/Zotlabs/Module/Subthread.php +++ b/Zotlabs/Module/Subthread.php @@ -138,7 +138,7 @@ class Subthread extends \Zotlabs\Web\Controller { $ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]'; $alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]'; - $plink = '[zrl=' . z_root() . '/display/' . urlencode($item['mid']) . ']' . $post_type . '[/zrl]'; + $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]'; $arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink ); diff --git a/Zotlabs/Module/Tagger.php b/Zotlabs/Module/Tagger.php index f6ef66647..98e901965 100644 --- a/Zotlabs/Module/Tagger.php +++ b/Zotlabs/Module/Tagger.php @@ -60,7 +60,7 @@ class Tagger extends \Zotlabs\Web\Controller { $links = array(array('rel' => 'alternate','type' => 'text/html', - 'href' => z_root() . '/display/' . urlencode($item['mid']))); + 'href' => z_root() . '/display/' . gen_link_id($item['mid']))); $target = json_encode(array( 'type' => $targettype, diff --git a/include/conversation.php b/include/conversation.php index 94cd9168e..285ee752f 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -733,7 +733,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $ 'like' => '', 'dislike' => '', 'comment' => '', - 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . urlencode($item['mid']), 'title'=> t('View in context'))), + 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . gen_link_id($item['mid']), 'title'=> t('View in context'))), 'previewing' => $previewing, 'wait' => t('Please wait'), 'thread_level' => 1, diff --git a/include/event.php b/include/event.php index 85f14c5f9..cf1cc331d 100644 --- a/include/event.php +++ b/include/event.php @@ -1018,7 +1018,7 @@ function event_store_item($arr, $event) { if($wall) $item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . urlencode($item_arr['mid']); else - $item_arr['plink'] = z_root() . '/display/' . urlencode($item_arr['mid']); + $item_arr['plink'] = z_root() . '/display/' . gen_link_id($item_arr['mid']); $x = q("select * from xchan where xchan_hash = '%s' limit 1", dbesc($arr['event_xchan']) diff --git a/include/items.php b/include/items.php index 88aa098b4..e4ead28c8 100755 --- a/include/items.php +++ b/include/items.php @@ -1624,7 +1624,7 @@ logger('revision: ' . $arr['revision']); if($d2 > $d1) $arr['item_delayed'] = 1; - $arr['llink'] = z_root() . '/display/' . urlencode($arr['mid']); + $arr['llink'] = z_root() . '/display/' . gen_link_id($arr['mid']); if(! $arr['plink']) $arr['plink'] = $arr['llink']; @@ -2279,7 +2279,7 @@ function send_status_notifications($post_id,$item) { if($unfollowed) return; - $link = z_root() . '/display/' . urlencode($item['mid']); + $link = z_root() . '/display/' . gen_link_id($item['mid']); $y = q("select id from notify where link = '%s' and uid = %d limit 1", dbesc($link), diff --git a/include/text.php b/include/text.php index f5b1803c2..1beefc6eb 100644 --- a/include/text.php +++ b/include/text.php @@ -3124,6 +3124,12 @@ function cleanup_bbcode($body) { } +function gen_link_id($mid) { + if(strpbrk($mid,':/&?<>"\'') !== false) + return 'b64.' . base64url_encode($mid); + return $mid; +} + // callback for array_walk function array_trim(&$v,$k) { @@ -3132,4 +3138,5 @@ function array_trim(&$v,$k) { function array_escape_tags(&$v,$k) { $v = escape_tags($v); -}
\ No newline at end of file +} + |