aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-03-14 17:07:29 -0700
committerzotlabs <mike@macgirvin.com>2017-03-14 17:07:29 -0700
commit2c73b457ef0943d46804480a0aa016f64c11edbf (patch)
tree330baac97f28e61a3e8daed75e5736fdaae7a28c
parent2f5f1a4d641c5873c308d6ab58ae239f2758e1e4 (diff)
downloadvolse-hubzilla-2c73b457ef0943d46804480a0aa016f64c11edbf.tar.gz
volse-hubzilla-2c73b457ef0943d46804480a0aa016f64c11edbf.tar.bz2
volse-hubzilla-2c73b457ef0943d46804480a0aa016f64c11edbf.zip
input filter updates
-rw-r--r--Zotlabs/Lib/MarkdownSoap.php2
-rw-r--r--Zotlabs/Lib/NativeWikiPage.php31
-rw-r--r--Zotlabs/Module/Item.php21
-rw-r--r--Zotlabs/Module/Wiki.php1
-rwxr-xr-xinclude/items.php87
-rw-r--r--include/text.php18
6 files changed, 57 insertions, 103 deletions
diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index d0481eb4d..2dcaaec9a 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -5,7 +5,7 @@ namespace Zotlabs\Lib;
/**
* MarkdownSoap
* Purify Markdown for storage
- * $x = newMarkdownSoap($string_to_be_cleansed);
+ * $x = new MarkdownSoap($string_to_be_cleansed);
* $text = $x->clean();
*
* What this does:
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php
index 941ade90c..9f54081a1 100644
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -307,34 +307,6 @@ class NativeWikiPage {
return null;
}
-
-
- static public function prepare_content($s) {
-
- $text = preg_replace_callback('{
- (?:\n\n|\A\n?)
- ( # $1 = the code block -- one or more lines, starting with a space/tab
- (?>
- [ ]{'.'4'.'} # Lines must start with a tab or a tab-width of spaces
- .*\n+
- )+
- )
- ((?=^[ ]{0,'.'4'.'}\S)|\Z) # Lookahead for non-space at line-start, or end of doc
- }xm',
- 'self::nwiki_prepare_content_callback', $s);
-
- return $text;
- }
-
- static public function nwiki_prepare_content_callback($matches) {
- $codeblock = $matches[1];
-
- $codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false);
- return "\n\n" . $codeblock ;
- }
-
-
-
static public function save_page($arr) {
$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
@@ -352,7 +324,8 @@ class NativeWikiPage {
$mimetype = $w['mimeType'];
if($mimetype === 'text/markdown') {
- $content = purify_html(Zlib\NativeWikiPage::prepare_content($content));
+ $x = new Zlib\MarkdownSoap($content);
+ $content = $x->clean();
}
else {
$content = escape_tags($content);
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 43cf535a4..71f410b2a 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -471,15 +471,16 @@ class Item extends \Zotlabs\Web\Controller {
if(! $mimetype)
$mimetype = 'text/bbcode';
+
+ $execflag = ((intval($uid) == intval($profile_uid)
+ && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
+
if($preview) {
- $body = z_input_filter($profile_uid,$body,$mimetype);
+ $body = z_input_filter($body,$mimetype,$execflag);
}
-
// Verify ability to use html or php!!!
- $execflag = ((intval($channel['channel_id']) == intval($profile_uid) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
-
$gacl = $acl->get();
$str_contact_allow = $gacl['allow_cid'];
$str_group_allow = $gacl['allow_gid'];
@@ -843,18 +844,6 @@ class Item extends \Zotlabs\Web\Controller {
if(mb_strlen($datarray['title']) > 255)
$datarray['title'] = mb_substr($datarray['title'],0,255);
- if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
-
- $datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
-
- if($uid) {
- if($channel['channel_hash'] === $datarray['author_xchan']) {
- $datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
- $datarray['item_verified'] = 1;
- }
- }
- }
-
if($webpage) {
Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
(($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true);
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 5e7307c7b..79ec5ba25 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -243,6 +243,7 @@ class Wiki extends \Zotlabs\Web\Controller {
$renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
}
else {
+ $content = Zlib\MarkdownSoap::unescape($content);
$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))));
$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
}
diff --git a/include/items.php b/include/items.php
index 1037f9814..c978805cd 100755
--- a/include/items.php
+++ b/include/items.php
@@ -334,18 +334,6 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
if(! array_key_exists('mimetype',$arr))
$arr['mimetype'] = 'text/bbcode';
- if(array_key_exists('item_private',$arr) && $arr['item_private']) {
-
- $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
-
- if($channel) {
- if($channel['channel_hash'] === $arr['author_xchan']) {
- $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
- $arr['item_verified'] = 1;
- }
- }
- }
-
$arr['mid'] = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
$arr['parent_mid'] = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
$arr['thr_parent'] = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
@@ -1483,35 +1471,36 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
// obsolete, but needed so as not to throw not-null constraints on some database driveres
$arr['item_flags'] = ((x($arr,'item_flags')) ? intval($arr['item_flags']) : 0 );
- // only detect language if we have text content, and if the post is private but not yet
- // obscured, make it so.
- if((! array_key_exists('item_obscured',$arr)) || $arr['item_obscured'] == 0) {
- $arr['lang'] = detect_language($arr['body']);
- // apply the input filter here - if it is obscured it has been filtered already
- $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
+ $arr['lang'] = detect_language($arr['body']);
+ // apply the input filter here
+ $arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
- if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
+ if(local_channel() && (local_channel() == $arr['uid'])) {
+ if(! $arr['sig']) {
$channel = App::get_channel();
if($channel['channel_hash'] === $arr['author_xchan']) {
$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
$arr['item_verified'] = 1;
}
}
+ }
- $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+ if(! array_key_exists('sig',$arr))
+ $arr['sig'] = '';
- if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
- $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
- call_hooks('item_translate', $translate);
- if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
- logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
- $ret['message'] = 'language not accepted';
- return $ret;
- }
- $arr = $translate['item'];
+ $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+
+ if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
+ $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
+ call_hooks('item_translate', $translate);
+ if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
+ logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
+ $ret['message'] = 'language not accepted';
+ return $ret;
}
+ $arr = $translate['item'];
}
if((x($arr,'obj')) && is_array($arr['obj'])) {
@@ -1907,33 +1896,31 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
return $ret;
}
- if((! array_key_exists('item_obscured', $arr)) || $arr['item_obscured'] == 0) {
- $arr['lang'] = detect_language($arr['body']);
+ $arr['lang'] = detect_language($arr['body']);
- // apply the input filter here - if it is obscured it has been filtered already
- $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
+ // apply the input filter here
+ $arr['body'] = trim($arr['body'],$arr['mimetype'],$allow_exec);
- if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
- $channel = App::get_channel();
- if($channel['channel_hash'] === $arr['author_xchan']) {
- $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
- $arr['item_verified'] = 1;
- }
- }
+ if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
+ $channel = App::get_channel();
+ if($channel['channel_hash'] === $arr['author_xchan']) {
+ $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
+ $arr['item_verified'] = 1;
+ }
+ }
- $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+ $allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
- if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
- $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
- call_hooks('item_translate', $translate);
- if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
- logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
- $ret['message'] = 'language not accepted';
- return $ret;
- }
- $arr = $translate['item'];
+ if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
+ $translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
+ call_hooks('item_translate', $translate);
+ if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
+ logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
+ $ret['message'] = 'language not accepted';
+ return $ret;
}
+ $arr = $translate['item'];
}
if((x($arr,'obj')) && is_array($arr['obj'])) {
diff --git a/include/text.php b/include/text.php
index 6715eca22..500c87ad5 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3,6 +3,7 @@
* @file include/text.php
*/
+use \Zotlabs\Lib as Zlib;
use \Michelf\MarkdownExtra;
require_once("include/bbcode.php");
@@ -89,12 +90,10 @@ function escape_tags($string) {
}
-function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
+function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
if($type === 'text/bbcode')
return escape_tags($s);
- if($type === 'text/markdown')
- return escape_tags($s);
if($type == 'text/plain')
return escape_tags($s);
if($type == 'application/x-pdl')
@@ -104,13 +103,17 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
return $s;
}
- $r = q("select channel_pageflags from channel where channel_id = %d limit 1",
- intval($channel_id)
- );
- if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
+ if($allow_code) {
+ if($type === 'text/markdown')
+ return htmlspecialchars($s,ENT_QUOTES);
return $s;
}
+ if($type === 'text/markdown') {
+ $x = new Zlib\MarkdownSoap($s);
+ return $x->clean();
+ }
+
if($type === 'text/html')
return purify_html($s);
@@ -1636,6 +1639,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) {
break;
case 'text/markdown':
+ $text = Zlib\MarkdownSoap::unescape($text);
$s = MarkdownExtra::defaultTransform($text);
break;