diff options
| author | friendica <info@friendica.com> | 2013-04-14 20:41:58 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2013-04-14 20:41:58 -0700 |
| commit | e411a4bdc27cd443abf613a0044effb4604223f0 (patch) | |
| tree | e3a501db8f394bd6fd56cd76bfd137f56008cacc | |
| parent | 2942155797ed46be0d0bd71c89add14404a4bb47 (diff) | |
| download | volse-hubzilla-e411a4bdc27cd443abf613a0044effb4604223f0.tar.gz volse-hubzilla-e411a4bdc27cd443abf613a0044effb4604223f0.tar.bz2 volse-hubzilla-e411a4bdc27cd443abf613a0044effb4604223f0.zip | |
IMPORTANT: magic-auth protocol update, plus 'zrl' bbcode tag for the privacy-is-more-important-than-ease-of-use folks.
| -rw-r--r-- | include/bbcode.php | 15 | ||||
| -rw-r--r-- | include/text.php | 29 | ||||
| -rw-r--r-- | mod/post.php | 12 | ||||
| -rw-r--r-- | util/messages.po | 8 | ||||
| -rw-r--r-- | version.inc | 2 |
5 files changed, 54 insertions, 12 deletions
diff --git a/include/bbcode.php b/include/bbcode.php index 82d25ffc8..930337c5d 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -263,21 +263,24 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) { // Perform URL Search - $Text = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,]+)/ism", '$1<a href="$2" >$2</a>', $Text); + $urlchars = '[a-zA-Z0-9\:\/\-\?\&\;\.\=\@\_\~\#\%\$\!\+\,]'; - if ($tryoembed) - $Text = preg_replace_callback("/\[bookmark\=([^\]]*)\].*?\[\/bookmark\]/ism",'tryoembed',$Text); - $Text = preg_replace("/\[bookmark\=([^\]]*)\](.*?)\[\/bookmark\]/ism",'[url=$1]$2[/url]',$Text); + $Text = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/$urlchars+)/ism", '$1<a href="$2" >$2</a>', $Text); + +// $Text = preg_replace("/([^\]\='".'"'."]|^)(https?\:\/\/$urlchars+)\{zid\}($urlchars*)/ism", '$1<a class="zrl" href="$2$3" >$2$3</a>', $Text); $Text = preg_replace_callback("/\[share(.*?)\](.*?)\[\/share\]/ism","bb_ShareAttributes",$Text); - if ($tryoembed) + if($tryoembed) $Text = preg_replace_callback("/\[url\]([$URLSearchString]*)\[\/url\]/ism",'tryoembed',$Text); $Text = preg_replace("/\[url\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" >$1</a>', $Text); $Text = preg_replace("/\[url\=([$URLSearchString]*)\](.*?)\[\/url\]/ism", '<a href="$1" >$2</a>', $Text); - //$Text = preg_replace("/\[url\=([$URLSearchString]*)\]([$URLSearchString]*)\[\/url\]/ism", '<a href="$1" target="_blank">$2</a>', $Text); + + + $Text = preg_replace("/\[zrl\]([$URLSearchString]*)\[\/zrl\]/ism", '<a class="zrl" href="$1" >$1</a>', $Text); + $Text = preg_replace("/\[zrl\=([$URLSearchString]*)\](.*?)\[\/zrl\]/ism", '<a class="zrl" href="$1" >$2</a>', $Text); // Perform MAIL Search $Text = preg_replace("/\[mail\]([$MAILSearchString]*)\[\/mail\]/", '<a href="mailto:$1">$1</a>', $Text); diff --git a/include/text.php b/include/text.php index a8d91fade..f0251494d 100644 --- a/include/text.php +++ b/include/text.php @@ -1108,6 +1108,7 @@ function prepare_text($text,$content_type = 'text/bbcode') { $s = bbcode($text); else $s = smilies(bbcode($text)); + $s = zidify_links($s); break; } @@ -1116,6 +1117,34 @@ function prepare_text($text,$content_type = 'text/bbcode') { /** + * zidify_callback() and zidify_links() work together to turn any HTML a tags with class="zrl" into zid links + * These will typically be generated by a bbcode '[zrl]' tag. This is done inside prepare_text() rather than bbcode() + * because the latter is used for general purpose conversions and the former is used only when preparing text for + * immediate display. + * + * Issues: Currently the order of HTML parameters in the text is somewhat rigid and inflexible. + * We assume it looks like <a class="zrl" href="xxxxxxxxxx"> and will not work if zrl and href appear in a different order. + */ + + +function zidify_callback($match) { + $replace = '<a' . $match[1] . 'class="zrl"' . $match[2] . ' href="' . zid($match[3]) . '"'; + + $x = str_replace($match[0],$replace,$match[0]); + return $x; +} + +function zidify_links($s) { + $s = preg_replace_callback('/\<a(.*?)class\=\"zrl\"(.*?)href\=\"(.*?)\"/ism','zidify_callback',$s); + return $s; +} + + + + + + +/** * return atom link elements for all of our hubs */ diff --git a/mod/post.php b/mod/post.php index 5b002eb36..5919ed2b4 100644 --- a/mod/post.php +++ b/mod/post.php @@ -96,6 +96,13 @@ function post_init(&$a) { } if($already_authed || $j['success']) { + if($j['success']) { + // legit response, but we do need to check that this wasn't answered by a man-in-middle + if(! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { + logger('mod_zot: auth: final confirmation failed.'); + goaway($desturl); + } + } // everything is good... maybe if(local_user()) { @@ -386,7 +393,7 @@ function post_post(&$a) { $arr = $data['recipients'][0]; $recip_hash = base64url_encode(hash('whirlpool',$arr['guid'] . $arr['guid_sig'], true)); - $c = q("select channel_id from channel where channel_hash = '%s' limit 1", + $c = q("select channel_id, channel_prvkey from channel where channel_hash = '%s' limit 1", dbesc($recip_hash) ); if(! $c) { @@ -394,6 +401,8 @@ function post_post(&$a) { json_return_and_die($ret); } + $confirm = base64url_encode(rsa_sign($data['secret'] . $recip_hash,$c[0]['channel_prvkey'])); + // This additionally checks for forged senders since we already stored the expected result in meta // and we've already verified that this is them via zot_gethub() and that their key signed our token @@ -412,6 +421,7 @@ function post_post(&$a) { logger('mod_zot: auth_check: success', LOGGER_DEBUG); $ret['success'] = true; + $ret['confirm'] = $confirm; json_return_and_die($ret); } diff --git a/util/messages.po b/util/messages.po index 06db522bc..449751f57 100644 --- a/util/messages.po +++ b/util/messages.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2013-04-05 00:01-0700\n" +"POT-Creation-Date: 2013-04-12 00:00-0700\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -3546,7 +3546,7 @@ msgid "View Connnections" msgstr "" #: ../../mod/chanview.php:74 ../../mod/wall_upload.php:35 -#: ../../mod/magic.php:59 ../../mod/page.php:21 +#: ../../mod/magic.php:58 ../../mod/page.php:21 msgid "Channel not found." msgstr "" @@ -3592,13 +3592,13 @@ msgstr "" msgid "Wall Photos" msgstr "" -#: ../../mod/post.php:107 +#: ../../mod/post.php:114 msgid "" "Remote authentication blocked. You are logged into this site locally. Please " "logout and retry." msgstr "" -#: ../../mod/post.php:117 +#: ../../mod/post.php:124 #, php-format msgid "Welcome %s. Remote authentication successful." msgstr "" diff --git a/version.inc b/version.inc index b3cdee116..c23d387ab 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2013-04-10.279 +2013-04-14.283 |