aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHubzilla <hubzilla@hz.macgirvin.com>2017-01-19 15:37:30 -0800
committerHubzilla <hubzilla@hz.macgirvin.com>2017-01-19 15:37:30 -0800
commit96f196febda488e1db2d9a677fd5eb736aa76ae6 (patch)
tree8e97ca43e8f963b46effe4baee587ebd76892d6d
parent5ce96b9b95c6b3497bfb49fd086a23a2dedb4e2e (diff)
downloadvolse-hubzilla-96f196febda488e1db2d9a677fd5eb736aa76ae6.tar.gz
volse-hubzilla-96f196febda488e1db2d9a677fd5eb736aa76ae6.tar.bz2
volse-hubzilla-96f196febda488e1db2d9a677fd5eb736aa76ae6.zip
add gen_link_id() function to selectively encode/decode the message-id component of /display/ links for message-ids that contain troublesome characters
-rw-r--r--Zotlabs/Lib/ThreadItem.php2
-rw-r--r--Zotlabs/Module/Display.php16
-rw-r--r--Zotlabs/Module/Item.php8
-rw-r--r--Zotlabs/Module/Like.php2
-rw-r--r--Zotlabs/Module/Subthread.php2
-rw-r--r--Zotlabs/Module/Tagger.php2
-rw-r--r--include/conversation.php2
-rw-r--r--include/event.php2
-rwxr-xr-xinclude/items.php4
-rw-r--r--include/text.php9
10 files changed, 31 insertions, 18 deletions
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index 69a1216c7..adf3e318d 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -409,7 +409,7 @@ class ThreadItem {
'comment' => $this->get_comment_box($indent),
'previewing' => ($conv->is_preview() ? ' preview ' : ''),
'wait' => t('Please wait'),
- 'submid' => substr($item['mid'],0,32),
+ 'submid' => base64_encode(substr($item['mid'],0,32)),
'thread_level' => $thread_level
);
diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php
index 42f6dd4ac..638aa881a 100644
--- a/Zotlabs/Module/Display.php
+++ b/Zotlabs/Module/Display.php
@@ -30,12 +30,10 @@ class Display extends \Zotlabs\Web\Controller {
if(argc() > 1 && argv(1) !== 'load')
$item_hash = argv(1);
-
if($_REQUEST['mid'])
$item_hash = $_REQUEST['mid'];
-
-
- if(! $item_hash) {
+
+ if(! $item_hash) {
\App::$error = 404;
notice( t('Item not found.') . EOL);
return;
@@ -93,9 +91,15 @@ class Display extends \Zotlabs\Web\Controller {
// find a copy of the item somewhere
$target_item = null;
-
+
+ if(strpos($item_hash,'b64.') === 0)
+ $decoded = @base64url_decode(substr($item_hash,4));
+ if($decoded)
+ $item_hash = $decoded;
+
$r = q("select id, uid, mid, parent_mid, item_type, item_deleted from item where mid like '%s' limit 1",
- dbesc($item_hash . '%')
+ dbesc($item_hash . '%'),
+ dbesc($decoded . '%')
);
if($r) {
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index d5fac306b..48992a676 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -724,6 +724,8 @@ class Item extends \Zotlabs\Web\Controller {
if(! $mid) {
$mid = (($message_id) ? $message_id : item_message_id());
}
+
+
if(! $parent_mid) {
$parent_mid = $mid;
}
@@ -935,7 +937,7 @@ class Item extends \Zotlabs\Web\Controller {
'from_xchan' => $datarray['author_xchan'],
'to_xchan' => $datarray['owner_xchan'],
'item' => $datarray,
- 'link' => z_root() . '/display/' . urlencode($datarray['mid']),
+ 'link' => z_root() . '/display/' . gen_link_id($datarray['mid']),
'verb' => ACTIVITY_POST,
'otype' => 'item',
'parent' => $parent,
@@ -953,7 +955,7 @@ class Item extends \Zotlabs\Web\Controller {
'from_xchan' => $datarray['author_xchan'],
'to_xchan' => $datarray['owner_xchan'],
'item' => $datarray,
- 'link' => z_root() . '/display/' . urlencode($datarray['mid']),
+ 'link' => z_root() . '/display/' . gen_link_id($datarray['mid']),
'verb' => ACTIVITY_POST,
'otype' => 'item'
));
@@ -1005,7 +1007,7 @@ class Item extends \Zotlabs\Web\Controller {
}
$datarray['id'] = $post_id;
- $datarray['llink'] = z_root() . '/display/' . urlencode($datarray['mid']);
+ $datarray['llink'] = z_root() . '/display/' . gen_link_id($datarray['mid']);
call_hooks('post_local_end', $datarray);
diff --git a/Zotlabs/Module/Like.php b/Zotlabs/Module/Like.php
index c1fefcb89..5ce8ec7f0 100644
--- a/Zotlabs/Module/Like.php
+++ b/Zotlabs/Module/Like.php
@@ -447,7 +447,7 @@ class Like extends \Zotlabs\Web\Controller {
$arr['thr_parent'] = $item['mid'];
$ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
- $plink = '[zrl=' . z_root() . '/display/' . urlencode($item['mid']) . ']' . $post_type . '[/zrl]';
+ $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]';
$allow_cid = $item['allow_cid'];
$allow_gid = $item['allow_gid'];
$deny_cid = $item['deny_cid'];
diff --git a/Zotlabs/Module/Subthread.php b/Zotlabs/Module/Subthread.php
index 2fced8f48..dae8bf020 100644
--- a/Zotlabs/Module/Subthread.php
+++ b/Zotlabs/Module/Subthread.php
@@ -138,7 +138,7 @@ class Subthread extends \Zotlabs\Web\Controller {
$ulink = '[zrl=' . $item_author['xchan_url'] . ']' . $item_author['xchan_name'] . '[/zrl]';
$alink = '[zrl=' . $observer['xchan_url'] . ']' . $observer['xchan_name'] . '[/zrl]';
- $plink = '[zrl=' . z_root() . '/display/' . urlencode($item['mid']) . ']' . $post_type . '[/zrl]';
+ $plink = '[zrl=' . z_root() . '/display/' . gen_link_id($item['mid']) . ']' . $post_type . '[/zrl]';
$arr['body'] = sprintf( $bodyverb, $alink, $ulink, $plink );
diff --git a/Zotlabs/Module/Tagger.php b/Zotlabs/Module/Tagger.php
index f6ef66647..98e901965 100644
--- a/Zotlabs/Module/Tagger.php
+++ b/Zotlabs/Module/Tagger.php
@@ -60,7 +60,7 @@ class Tagger extends \Zotlabs\Web\Controller {
$links = array(array('rel' => 'alternate','type' => 'text/html',
- 'href' => z_root() . '/display/' . urlencode($item['mid'])));
+ 'href' => z_root() . '/display/' . gen_link_id($item['mid'])));
$target = json_encode(array(
'type' => $targettype,
diff --git a/include/conversation.php b/include/conversation.php
index 94cd9168e..285ee752f 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -733,7 +733,7 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional', $
'like' => '',
'dislike' => '',
'comment' => '',
- 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . urlencode($item['mid']), 'title'=> t('View in context'))),
+ 'conv' => (($preview) ? '' : array('href'=> z_root() . '/display/' . gen_link_id($item['mid']), 'title'=> t('View in context'))),
'previewing' => $previewing,
'wait' => t('Please wait'),
'thread_level' => 1,
diff --git a/include/event.php b/include/event.php
index 85f14c5f9..cf1cc331d 100644
--- a/include/event.php
+++ b/include/event.php
@@ -1018,7 +1018,7 @@ function event_store_item($arr, $event) {
if($wall)
$item_arr['plink'] = z_root() . '/channel/' . $z[0]['channel_address'] . '/?f=&mid=' . urlencode($item_arr['mid']);
else
- $item_arr['plink'] = z_root() . '/display/' . urlencode($item_arr['mid']);
+ $item_arr['plink'] = z_root() . '/display/' . gen_link_id($item_arr['mid']);
$x = q("select * from xchan where xchan_hash = '%s' limit 1",
dbesc($arr['event_xchan'])
diff --git a/include/items.php b/include/items.php
index 88aa098b4..e4ead28c8 100755
--- a/include/items.php
+++ b/include/items.php
@@ -1624,7 +1624,7 @@ logger('revision: ' . $arr['revision']);
if($d2 > $d1)
$arr['item_delayed'] = 1;
- $arr['llink'] = z_root() . '/display/' . urlencode($arr['mid']);
+ $arr['llink'] = z_root() . '/display/' . gen_link_id($arr['mid']);
if(! $arr['plink'])
$arr['plink'] = $arr['llink'];
@@ -2279,7 +2279,7 @@ function send_status_notifications($post_id,$item) {
if($unfollowed)
return;
- $link = z_root() . '/display/' . urlencode($item['mid']);
+ $link = z_root() . '/display/' . gen_link_id($item['mid']);
$y = q("select id from notify where link = '%s' and uid = %d limit 1",
dbesc($link),
diff --git a/include/text.php b/include/text.php
index f5b1803c2..1beefc6eb 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3124,6 +3124,12 @@ function cleanup_bbcode($body) {
}
+function gen_link_id($mid) {
+ if(strpbrk($mid,':/&?<>"\'') !== false)
+ return 'b64.' . base64url_encode($mid);
+ return $mid;
+}
+
// callback for array_walk
function array_trim(&$v,$k) {
@@ -3132,4 +3138,5 @@ function array_trim(&$v,$k) {
function array_escape_tags(&$v,$k) {
$v = escape_tags($v);
-} \ No newline at end of file
+}
+