diff options
author | zotlabs <mike@macgirvin.com> | 2017-03-14 17:07:29 -0700 |
---|---|---|
committer | Mario Vavti <mario@mariovavti.com> | 2017-03-29 13:39:36 +0200 |
commit | fa629841bd2fd150531a5494504a24b13a0c4503 (patch) | |
tree | 934f08441cafe23667f66988266e492eba075c34 | |
parent | 155b57c2de6e07147733f67605560c5ec00dc5e5 (diff) | |
download | volse-hubzilla-fa629841bd2fd150531a5494504a24b13a0c4503.tar.gz volse-hubzilla-fa629841bd2fd150531a5494504a24b13a0c4503.tar.bz2 volse-hubzilla-fa629841bd2fd150531a5494504a24b13a0c4503.zip |
input filter updates
-rw-r--r-- | Zotlabs/Lib/MarkdownSoap.php | 2 | ||||
-rw-r--r-- | Zotlabs/Lib/NativeWikiPage.php | 31 | ||||
-rw-r--r-- | Zotlabs/Module/Item.php | 21 | ||||
-rw-r--r-- | Zotlabs/Module/Wiki.php | 1 | ||||
-rwxr-xr-x | include/items.php | 87 | ||||
-rw-r--r-- | include/text.php | 18 |
6 files changed, 57 insertions, 103 deletions
diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php index d0481eb4d..2dcaaec9a 100644 --- a/Zotlabs/Lib/MarkdownSoap.php +++ b/Zotlabs/Lib/MarkdownSoap.php @@ -5,7 +5,7 @@ namespace Zotlabs\Lib; /** * MarkdownSoap * Purify Markdown for storage - * $x = newMarkdownSoap($string_to_be_cleansed); + * $x = new MarkdownSoap($string_to_be_cleansed); * $text = $x->clean(); * * What this does: diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php index 941ade90c..9f54081a1 100644 --- a/Zotlabs/Lib/NativeWikiPage.php +++ b/Zotlabs/Lib/NativeWikiPage.php @@ -307,34 +307,6 @@ class NativeWikiPage { return null; } - - - static public function prepare_content($s) { - - $text = preg_replace_callback('{ - (?:\n\n|\A\n?) - ( # $1 = the code block -- one or more lines, starting with a space/tab - (?> - [ ]{'.'4'.'} # Lines must start with a tab or a tab-width of spaces - .*\n+ - )+ - ) - ((?=^[ ]{0,'.'4'.'}\S)|\Z) # Lookahead for non-space at line-start, or end of doc - }xm', - 'self::nwiki_prepare_content_callback', $s); - - return $text; - } - - static public function nwiki_prepare_content_callback($matches) { - $codeblock = $matches[1]; - - $codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false); - return "\n\n" . $codeblock ; - } - - - static public function save_page($arr) { $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); @@ -352,7 +324,8 @@ class NativeWikiPage { $mimetype = $w['mimeType']; if($mimetype === 'text/markdown') { - $content = purify_html(Zlib\NativeWikiPage::prepare_content($content)); + $x = new Zlib\MarkdownSoap($content); + $content = $x->clean(); } else { $content = escape_tags($content); diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index 43cf535a4..71f410b2a 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -471,15 +471,16 @@ class Item extends \Zotlabs\Web\Controller { if(! $mimetype) $mimetype = 'text/bbcode'; + + $execflag = ((intval($uid) == intval($profile_uid) + && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false); + if($preview) { - $body = z_input_filter($profile_uid,$body,$mimetype); + $body = z_input_filter($body,$mimetype,$execflag); } - // Verify ability to use html or php!!! - $execflag = ((intval($channel['channel_id']) == intval($profile_uid) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false); - $gacl = $acl->get(); $str_contact_allow = $gacl['allow_cid']; $str_group_allow = $gacl['allow_gid']; @@ -843,18 +844,6 @@ class Item extends \Zotlabs\Web\Controller { if(mb_strlen($datarray['title']) > 255) $datarray['title'] = mb_substr($datarray['title'],0,255); - if(array_key_exists('item_private',$datarray) && $datarray['item_private']) { - - $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype'])); - - if($uid) { - if($channel['channel_hash'] === $datarray['author_xchan']) { - $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey'])); - $datarray['item_verified'] = 1; - } - } - } - if($webpage) { Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage), (($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true); diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php index 948c67c09..ef0cb11f1 100644 --- a/Zotlabs/Module/Wiki.php +++ b/Zotlabs/Module/Wiki.php @@ -244,6 +244,7 @@ class Wiki extends \Zotlabs\Web\Controller { $renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName); } else { + $content = Zlib\MarkdownSoap::unescape($content); $html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content))))); $renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName); } diff --git a/include/items.php b/include/items.php index 64e8f375e..382be2497 100755 --- a/include/items.php +++ b/include/items.php @@ -336,18 +336,6 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) { if(! array_key_exists('mimetype',$arr)) $arr['mimetype'] = 'text/bbcode'; - if(array_key_exists('item_private',$arr) && $arr['item_private']) { - - $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); - - if($channel) { - if($channel['channel_hash'] === $arr['author_xchan']) { - $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); - $arr['item_verified'] = 1; - } - } - } - $arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id()); $arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']); $arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']); @@ -1533,35 +1521,36 @@ function item_store($arr, $allow_exec = false, $deliver = true) { // obsolete, but needed so as not to throw not-null constraints on some database driveres $arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 ); - // only detect language if we have text content, and if the post is private but not yet - // obscured, make it so. - if((! array_key_exists('item_obscured',$arr)) || $arr['item_obscured'] == 0) { - $arr['lang'] = detect_language($arr['body']); - // apply the input filter here - if it is obscured it has been filtered already - $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); + $arr['lang'] = detect_language($arr['body']); + // apply the input filter here + $arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec)); - if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) { + if(local_channel() && (local_channel() == $arr['uid'])) { + if(! $arr['sig']) { $channel = App::get_channel(); if($channel['channel_hash'] === $arr['author_xchan']) { $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); $arr['item_verified'] = 1; } } + } - $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); + if(! array_key_exists('sig',$arr)) + $arr['sig'] = ''; - if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { - $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); - call_hooks('item_translate', $translate); - if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { - logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); - $ret['message'] = 'language not accepted'; - return $ret; - } - $arr = $translate['item']; + $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); + + if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { + $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); + call_hooks('item_translate', $translate); + if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { + logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); + $ret['message'] = 'language not accepted'; + return $ret; } + $arr = $translate['item']; } if((x($arr,'obj')) && is_array($arr['obj'])) { @@ -1957,33 +1946,31 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) { return $ret; } - if((! array_key_exists('item_obscured', $arr)) || $arr['item_obscured'] == 0) { - $arr['lang'] = detect_language($arr['body']); + $arr['lang'] = detect_language($arr['body']); - // apply the input filter here - if it is obscured it has been filtered already - $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype'])); + // apply the input filter here + $arr['body'] = trim($arr['body'],$arr['mimetype'],$allow_exec); - if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) { - $channel = App::get_channel(); - if($channel['channel_hash'] === $arr['author_xchan']) { - $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); - $arr['item_verified'] = 1; - } - } + if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) { + $channel = App::get_channel(); + if($channel['channel_hash'] === $arr['author_xchan']) { + $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey'])); + $arr['item_verified'] = 1; + } + } - $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); + $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages'); - if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { - $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); - call_hooks('item_translate', $translate); - if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { - logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); - $ret['message'] = 'language not accepted'; - return $ret; - } - $arr = $translate['item']; + if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) { + $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false); + call_hooks('item_translate', $translate); + if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) { + logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']); + $ret['message'] = 'language not accepted'; + return $ret; } + $arr = $translate['item']; } if((x($arr,'obj')) && is_array($arr['obj'])) { diff --git a/include/text.php b/include/text.php index 14ca19cef..c02499625 100644 --- a/include/text.php +++ b/include/text.php @@ -3,6 +3,7 @@ * @file include/text.php */ +use \Zotlabs\Lib as Zlib; use \Michelf\MarkdownExtra; require_once("include/bbcode.php"); @@ -89,12 +90,10 @@ function escape_tags($string) { } -function z_input_filter($channel_id,$s,$type = 'text/bbcode') { +function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) { if($type === 'text/bbcode') return escape_tags($s); - if($type === 'text/markdown') - return escape_tags($s); if($type == 'text/plain') return escape_tags($s); if($type == 'application/x-pdl') @@ -104,13 +103,17 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') { return $s; } - $r = q("select channel_pageflags from channel where channel_id = %d limit 1", - intval($channel_id) - ); - if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) { + if($allow_code) { + if($type === 'text/markdown') + return htmlspecialchars($s,ENT_QUOTES); return $s; } + if($type === 'text/markdown') { + $x = new Zlib\MarkdownSoap($s); + return $x->clean(); + } + if($type === 'text/html') return purify_html($s); @@ -1653,6 +1656,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) { break; case 'text/markdown': + $text = Zlib\MarkdownSoap::unescape($text); $s = MarkdownExtra::defaultTransform($text); break; |