aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-03-16 20:34:21 -0700
committerfriendica <info@friendica.com>2014-03-16 20:34:21 -0700
commitecb2e52a7411a8a39b8030964604f0f28f2facce (patch)
treebbe36d04ddb359002cc0aa6976dd6a2c34d73747
parent6f9fde997bd0d6c59045220a1afc2060b857c83a (diff)
downloadvolse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.tar.gz
volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.tar.bz2
volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.zip
little fixes of hopefully nil significance
-rw-r--r--include/api.php14
-rw-r--r--include/bbcode.php9
-rwxr-xr-xinclude/oembed.php2
-rw-r--r--include/reddav.php4
-rwxr-xr-xinclude/text.php5
-rw-r--r--mod/oembed.php3
6 files changed, 19 insertions, 18 deletions
diff --git a/include/api.php b/include/api.php
index dd6733fe0..57551a3b0 100644
--- a/include/api.php
+++ b/include/api.php
@@ -533,12 +533,6 @@ require_once('include/items.php');
api_register_func('api/red/channel/export/basic','api_export_basic', true);
-
-
-
-
-
-
function api_channel_stream(&$a, $type) {
if(api_user() === false) {
logger('api_channel_stream: no user');
@@ -700,12 +694,12 @@ require_once('include/items.php');
function red_item_new(&$a, $type) {
if (api_user() === false) {
- logger('api_statuses_update: no user');
+ logger('api_red_item_new: no user');
return false;
}
- logger('api_statuses_update: REQUEST ' . print_r($_REQUEST,true));
- logger('api_statuses_update: FILES ' . print_r($_FILES,true));
+ logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true));
+ logger('api_red_item_new: FILES ' . print_r($_FILES,true));
// set this so that the item_post() function is quiet and doesn't redirect or emit json
@@ -1698,7 +1692,7 @@ require_once('include/items.php');
'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false',
'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl,
'shorturllength' => '30',
- 'friendica' => array(
+ 'redmatrix' => array(
'RED_PLATFORM' => RED_PLATFORM,
'RED_VERSION' => RED_VERSION,
'ZOT_REVISION' => ZOT_REVISION,
diff --git a/include/bbcode.php b/include/bbcode.php
index cd0bf527e..c8d1ab425 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -229,9 +229,12 @@ function bb_location($match) {
function bbiframe($match) {
$a = get_app();
- if(strpos($match[1],get_app()->get_hostname()))
- return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
- return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
+
+ // use sandbox mode to prevent malicious goings on rather than host restriction
+ // if(strpos($match[1],get_app()->get_hostname()))
+ // return '<a href="' . $match[1] . '">' . $match[1] . '</a>';
+
+ return '<iframe sandbox="allow-same-origin allow-top-navigation" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>';
}
function bb_ShareAttributesSimple($match) {
diff --git a/include/oembed.php b/include/oembed.php
index 57631b051..46b1d72c4 100755
--- a/include/oembed.php
+++ b/include/oembed.php
@@ -165,7 +165,7 @@ function oembed_iframe($src,$width,$height) {
$a = get_app();
$s = $a->get_baseurl()."/oembed/".base64url_encode($src);
- return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
+ return '<iframe sandbox="allow-same-origin allow-top-navigation" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>';
}
diff --git a/include/reddav.php b/include/reddav.php
index 2a26ac42a..a39a84e21 100644
--- a/include/reddav.php
+++ b/include/reddav.php
@@ -708,7 +708,7 @@ function RedFileData($file, &$auth,$test = false) {
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach
where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1",
dbesc($folder),
- basename($file),
+ dbesc(basename($file)),
intval($channel_id)
);
@@ -719,7 +719,7 @@ function RedFileData($file, &$auth,$test = false) {
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach
where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1",
dbesc($folder),
- basename($file),
+ dbesc(basename($file)),
intval($channel_id)
);
if($r)
diff --git a/include/text.php b/include/text.php
index 53b92c05f..e3b1f1c4e 100755
--- a/include/text.php
+++ b/include/text.php
@@ -278,6 +278,11 @@ function hex2bin($s) {
if(! (is_string($s) && strlen($s)))
return '';
+ if(strlen($s) & 1) {
+ logger('hex2bin: illegal hex string: ' . $s);
+ return $s;
+ }
+
if(! ctype_xdigit($s)) {
return($s);
}
diff --git a/mod/oembed.php b/mod/oembed.php
index adda63cf2..a053a8c98 100644
--- a/mod/oembed.php
+++ b/mod/oembed.php
@@ -19,8 +19,7 @@ function oembed_init(&$a){
else {
echo "<html><body>";
- $url = base64url_decode(argv(1));
- $j = oembed_fetch_url($url);
+ $j = oembed_fetch_url(base64url_decode(argv(1)));
echo $j->html;
// logger('mod-oembed ' . $j->html, LOGGER_ALL);
echo "</body></html>";