aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2018-10-08 21:20:17 +0200
committerMario <mario@mariovavti.com>2018-10-08 21:20:17 +0200
commit37b94bf5fa71835fe50af6f862e124e24b5db4b4 (patch)
tree012afad21875e324bd43051c843fef371c3ddd9d
parenta00a849952eec8f7d7d480f8663446dc1fb7238c (diff)
parent709665846e66f093109730691b31d9e094d02088 (diff)
downloadvolse-hubzilla-37b94bf5fa71835fe50af6f862e124e24b5db4b4.tar.gz
volse-hubzilla-37b94bf5fa71835fe50af6f862e124e24b5db4b4.tar.bz2
volse-hubzilla-37b94bf5fa71835fe50af6f862e124e24b5db4b4.zip
Merge branch 'fix-wiki-escaping' into 'dev'
Fix wiki escaping (Regression tests needed) See merge request hubzilla/core!1321
-rw-r--r--Zotlabs/Lib/NativeWiki.php37
-rw-r--r--Zotlabs/Lib/NativeWikiPage.php13
-rw-r--r--Zotlabs/Module/Wiki.php70
-rw-r--r--Zotlabs/Widget/Wiki_pages.php8
-rw-r--r--view/tpl/wiki.tpl3
-rw-r--r--view/tpl/wiki_page_not_found.tpl2
6 files changed, 92 insertions, 41 deletions
diff --git a/Zotlabs/Lib/NativeWiki.php b/Zotlabs/Lib/NativeWiki.php
index 6f916216e..65f40748c 100644
--- a/Zotlabs/Lib/NativeWiki.php
+++ b/Zotlabs/Lib/NativeWiki.php
@@ -26,7 +26,8 @@ class NativeWiki {
$w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
$w['htmlName'] = escape_tags($w['rawName']);
- $w['urlName'] = urlencode(urlencode($w['rawName']));
+ //$w['urlName'] = urlencode(urlencode($w['rawName']));
+ $w['urlName'] = self::name_encode($w['rawName']);
$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
$w['typelock'] = get_iconfig($w, 'wiki', 'typelock');
$w['lockstate'] = (($w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? 'lock' : 'unlock');
@@ -233,7 +234,8 @@ class NativeWiki {
'wiki' => $w,
'rawName' => $rawName,
'htmlName' => escape_tags($rawName),
- 'urlName' => urlencode(urlencode($rawName)),
+ //'urlName' => urlencode(urlencode($rawName)),
+ 'urlName' => self::name_encode($rawName),
'mimeType' => $mimeType,
'typelock' => $typelock
);
@@ -249,7 +251,8 @@ class NativeWiki {
WHERE resource_type = '%s' AND iconfig.v = '%s' AND uid = %d
AND item_deleted = 0 $sql_extra limit 1",
dbesc(NWIKI_ITEM_RESOURCE_TYPE),
- dbesc(urldecode($urlName)),
+ //dbesc(urldecode($urlName)),
+ dbesc($urlName),
intval($uid)
);
@@ -286,4 +289,32 @@ class NativeWiki {
return array('read' => true, 'write' => $write, 'success' => true);
}
}
+
+ public static function name_encode ($string) {
+
+ $string = html_entity_decode($string);
+ $encoding = mb_internal_encoding();
+ mb_internal_encoding("UTF-8");
+ $ret = mb_ereg_replace_callback ('[^A-Za-z0-9\-\_\.\~]',function ($char) {
+ $charhex = unpack('H*',$char[0]);
+ $ret = '('.$charhex[1].')';
+ return $ret;
+ }
+ ,$string);
+ mb_internal_encoding($encoding);
+ return $ret;
+ }
+
+ public static function name_decode ($string) {
+
+ $encoding = mb_internal_encoding();
+ mb_internal_encoding("UTF-8");
+ $ret = mb_ereg_replace_callback ('(\(([0-9a-f]+)\))',function ($chars) {
+ return pack('H*',$chars[2]);
+ }
+ ,$string);
+ mb_internal_encoding($encoding);
+ return $ret;
+ }
+
}
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php
index d4875bbaf..ebdcb4740 100644
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -44,7 +44,8 @@ class NativeWikiPage {
$pages[] = [
'resource_id' => $resource_id,
'title' => escape_tags($title),
- 'url' => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+ //'url' => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+ 'url' => Zlib\NativeWiki::name_encode($title),
'link_id' => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
];
}
@@ -98,7 +99,8 @@ class NativeWikiPage {
$page = [
'rawName' => $name,
'htmlName' => escape_tags($name),
- 'urlName' => urlencode($name),
+ //'urlName' => urlencode($name),
+ 'urlName' => Zlib\NativeWiki::name_encode($name)
];
@@ -154,7 +156,8 @@ class NativeWikiPage {
$page = [
'rawName' => $pageNewName,
'htmlName' => escape_tags($pageNewName),
- 'urlName' => urlencode(escape_tags($pageNewName))
+ //'urlName' => urlencode(escape_tags($pageNewName))
+ Zlib\NativeWiki::name_encode($pageNewName)
];
return [ 'success' => true, 'page' => $page ];
@@ -365,7 +368,6 @@ class NativeWikiPage {
unset($item['id']);
unset($item['author']);
-
$item['parent'] = 0;
$item['body'] = $content;
$item['author_xchan'] = $observer_hash;
@@ -527,7 +529,8 @@ class NativeWikiPage {
$pages = $pageURLs = array();
foreach ($match[1] as $m) {
// TODO: Why do we need to double urlencode for this to work?
- $pageURLs[] = urlencode(urlencode(escape_tags($m)));
+ //$pageURLs[] = urlencode(urlencode(escape_tags($m)));
+ $pageURLs[] = Zlib\NativeWiki::name_encode(escape_tags($m));
$pages[] = $m;
}
$idx = 0;
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 6be39214e..ead7eea6a 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -237,7 +237,8 @@ class Wiki extends Controller {
// /wiki/channel/wiki -> No page was specified, so redirect to Home.md
- $wikiUrlName = urlencode(argv(2));
+ //$wikiUrlName = urlencode(argv(2));
+ $wikiUrlName = NativeWiki::name_encode(argv(2));
goaway(z_root() . '/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/Home');
case 4:
@@ -246,7 +247,8 @@ class Wiki extends Controller {
// GET /wiki/channel/wiki/page
// Fetch the wiki info and determine observer permissions
- $wikiUrlName = urldecode(argv(2));
+ //$wikiUrlName = urldecode(argv(2));
+ $wikiUrlName = NativeWiki::name_decode(argv(2));
$page_name = '';
$ignore_language = false;
@@ -262,8 +264,9 @@ class Wiki extends Controller {
$page_name .= argv($x);
}
- $pageUrlName = urldecode($page_name);
- $langPageUrlName = urldecode(\App::$language . '/' . $page_name);
+ //$pageUrlName = urldecode($page_name);
+ $pageUrlName = NativeWiki::name_decode($page_name);
+ $langPageUrlName = \App::$language . '/' . $pageUrlName;
$w = NativeWiki::exists_by_name($owner['channel_id'], $wikiUrlName);
@@ -289,8 +292,10 @@ class Wiki extends Controller {
$wiki_editor = true;
}
- $wikiheaderName = urldecode($wikiUrlName);
- $wikiheaderPage = urldecode($pageUrlName);
+ //$wikiheaderName = urldecode($wikiUrlName);
+ $wikiheaderName = $wikiUrlName;
+ //$wikiheaderPage = urldecode($pageUrlName);
+ $wikiheaderPage = $pageUrlName;
$renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page'));
$sharePage = t('Share');
@@ -315,7 +320,7 @@ class Wiki extends Controller {
//json_return_and_die(array('pages' => $page_list_html, 'message' => '', 'success' => true));
notice( t('Error retrieving page content') . EOL);
//goaway(z_root() . '/' . argv(0) . '/' . argv(1) );
- $renderedContent = NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
+ $renderedContent = NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . NativeWiki::name_encode($wikiUrlName));
$showPageControls = $wiki_editor;
}
else {
@@ -329,21 +334,25 @@ class Wiki extends Controller {
// Render the Markdown-formatted page content in HTML
if($mimeType == 'text/bbcode') {
- $renderedContent = NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
+ $renderedContent = NativeWikiPage::convert_links($content,argv(0) . '/' . argv(1) . '/' . NativeWiki::name_encode($wikiUrlName));
+ $renderedContent = zidify_links(smilies(bbcode($renderedContent)));
+ //$renderedContent = NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
}
elseif($mimeType === 'text/plain') {
$renderedContent = str_replace(["\n",' ',"\t"],[EOL,'&nbsp;','&nbsp;&nbsp;&nbsp;&nbsp;'],htmlentities($content,ENT_COMPAT,'UTF-8',false));
}
elseif($mimeType === 'text/markdown') {
$content = MarkdownSoap::unescape($content);
- $html = NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(NativeWikiPage::bbcode($content))));
- $renderedContent = NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
+ //$html = NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(NativeWikiPage::bbcode($content))));
+ //$renderedContent = NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
+ $html = NativeWikiPage::convert_links($content, argv(0) . '/' . argv(1) . '/' . NativeWiki::name_encode($wikiUrlName));
+ $renderedContent = NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(NativeWikiPage::bbcode($html))));
}
$showPageControls = $wiki_editor;
}
break;
// default: // Strip the extraneous URL components
-// goaway('/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName);
+// goaway('/' . argv(0) . '/' . argv(1) . '/' . NativeWiki::name_encode($wikiUrlName) . '/' . $pageUrlName);
}
@@ -360,13 +369,14 @@ class Wiki extends Controller {
$currenttype = $types[$mimeType];
$placeholder = t('Short description of your changes (optional)');
-
+
+ $zrl = urlencode( z_root() . '/wiki/' . argv(1) . '/' . NativeWiki::name_encode($wikiUrlName) . '/' . NativeWiki::name_encode($pageUrlName) );
$o .= replace_macros(get_markup_template('wiki.tpl'),array(
'$wikiheaderName' => $wikiheaderName,
'$wikiheaderPage' => $wikiheaderPage,
'$renamePage' => $renamePage,
'$sharePage' => $sharePage,
- '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'),
+ '$shareLink' => '#^[zrl=' . $zrl . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]',
'$showPageControls' => $showPageControls,
'$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')),
'$tools_label' => 'Page Tools',
@@ -429,16 +439,17 @@ class Wiki extends Controller {
$mimeType = $_POST['mimetype'];
if($mimeType === 'text/bbcode') {
- $html = NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))),$wikiURL);
+ $linkconverted = NativeWikiPage::convert_links($content,$wikiURL);
+ $html = zidify_links(smilies(bbcode($linkconverted)));
}
elseif($mimeType === 'text/markdown') {
- $bb = NativeWikiPage::bbcode($content);
+ $linkconverted = NativeWikiPage::convert_links($content,$wikiURL);
+ $bb = NativeWikiPage::bbcode($linkconverted);
$x = new MarkdownSoap($bb);
$md = $x->clean();
$md = MarkdownSoap::unescape($md);
$html = MarkdownExtra::defaultTransform($md);
$html = NativeWikiPage::generate_toc(zidify_text($html));
- $html = NativeWikiPage::convert_links($html,$wikiURL);
}
elseif($mimeType === 'text/plain') {
$html = str_replace(["\n",' ',"\t"],[EOL,'&nbsp;','&nbsp;&nbsp;&nbsp;&nbsp;'],htmlentities($content,ENT_COMPAT,'UTF-8',false));
@@ -465,7 +476,8 @@ class Wiki extends Controller {
$wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0);
$wiki['rawName'] = $name;
$wiki['htmlName'] = escape_tags($name);
- $wiki['urlName'] = urlencode(urlencode($name));
+ //$wiki['urlName'] = urlencode(urlencode($name));
+ $wiki['urlName'] = NativeWiki::name_encode($name);
$wiki['mimeType'] = $_POST['mimeType'];
$wiki['typelock'] = $_POST['typelock'];
@@ -491,10 +503,10 @@ class Wiki extends Controller {
$homePage = NativeWikiPage::create_page($owner['channel_id'],$observer_hash,'Home', $r['item']['resource_id'], $wiki['mimeType']);
if(! $homePage['success']) {
notice( t('Wiki created, but error creating Home page.'));
- goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName']);
+ goaway(z_root() . '/wiki/' . $nick . '/' . NativeWiki::name_encode($wiki['urlName']));
}
NativeWiki::sync_a_wiki_item($owner['channel_id'],$homePage['item_id'],$r['item']['resource_id']);
- goaway(z_root() . '/wiki/' . $nick . '/' . $wiki['urlName'] . '/' . $homePage['page']['urlName']);
+ goaway(z_root() . '/wiki/' . $nick . '/' . NativeWiki::name_encode($wiki['urlName']) . '/' . NativeWiki::name_encode($homePage['page']['urlName']));
}
else {
notice( t('Error creating wiki'));
@@ -514,7 +526,8 @@ class Wiki extends Controller {
$arr = [];
- $arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
+ //$arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
+ $arr['urlName'] = NativeWiki::name_encode($_POST['origRawName']);
if($_POST['updateRawName'])
$arr['updateRawName'] = $_POST['updateRawName'];
@@ -525,7 +538,7 @@ class Wiki extends Controller {
return; //not reached
}
- $wiki = NativeWiki::exists_by_name($owner['channel_id'], urldecode($arr['urlName']));
+ $wiki = NativeWiki::exists_by_name($owner['channel_id'], $arr['urlName']);
if($wiki['resource_id']) {
@@ -585,12 +598,12 @@ class Wiki extends Controller {
json_return_and_die(array('success' => false));
}
- $name = $_POST['pageName']; //Get new page name
+ $name = isset($_POST['pageName']) ? $_POST['pageName'] : $_POST['missingPageName']; //Get new page name
// backslashes won't work well in the javascript functions
$name = str_replace('\\','',$name);
- if(urlencode(escape_tags($name)) === '') {
+ if(NativeWiki::name_encode(escape_tags($name)) === '') {
json_return_and_die(array('message' => 'Error creating page. Invalid name (' . print_r($_POST,true) . ').', 'success' => false));
}
@@ -607,10 +620,11 @@ class Wiki extends Controller {
if($commit['success']) {
NativeWiki::sync_a_wiki_item($owner['channel_id'],$commit['item_id'],$resource_id);
- json_return_and_die(array('url' => '/' . argv(0) . '/' . argv(1) . '/' . urlencode($page['wiki']['urlName']) . '/' . urlencode($page['page']['urlName']), 'success' => true));
+ //json_return_and_die(array('url' => '/' . argv(0) . '/' . argv(1) . '/' . urlencode($page['wiki']['urlName']) . '/' . urlencode($page['page']['urlName']), 'success' => true));
+ json_return_and_die(array('url' => '/' . argv(0) . '/' . argv(1) . '/' . $page['wiki']['urlName'] . '/' . $page['page']['urlName'], 'success' => true));
}
else {
- json_return_and_die(array('message' => 'Error making git commit','url' => '/' . argv(0) . '/' . argv(1) . '/' . urlencode($page['wiki']['urlName']) . '/' . urlencode($page['page']['urlName']),'success' => false));
+ json_return_and_die(array('message' => 'Error making git commit','url' => '/' . argv(0) . '/' . argv(1) . '/' . NativeWiki::name_encode($page['wiki']['urlName']) . '/' . NativeWiki::name_encode($page['page']['urlName']),'success' => false));
}
@@ -677,7 +691,7 @@ class Wiki extends Controller {
if($commit['success']) {
NativeWiki::sync_a_wiki_item($owner['channel_id'],$commit['item_id'],$resource_id);
- json_return_and_die(array('message' => 'Wiki git repo commit made', 'success' => true));
+ json_return_and_die(array('message' => 'Wiki git repo commit made', 'success' => true , 'content' => $content));
}
else {
json_return_and_die(array('message' => 'Error making git commit','success' => false));
@@ -798,7 +812,7 @@ class Wiki extends Controller {
if ($pageUrlName === 'Home') {
json_return_and_die(array('message' => 'Cannot rename Home','success' => false));
}
- if(urlencode(escape_tags($pageNewName)) === '') {
+ if(NativeWiki::encode_name(escape_tags($pageNewName)) === '') {
json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false));
}
// Determine if observer has permission to rename pages
@@ -814,7 +828,7 @@ class Wiki extends Controller {
if($renamed['success']) {
$commit = NativeWikiPage::commit(array(
'channel_id' => $owner['channel_id'],
- 'commit_msg' => 'Renamed ' . urldecode($pageUrlName) . ' to ' . $renamed['page']['htmlName'],
+ 'commit_msg' => 'Renamed ' . NativeWiki::name_decode($pageUrlName) . ' to ' . $renamed['page']['htmlName'],
'resource_id' => $resource_id,
'observer_hash' => $observer_hash,
'pageUrlName' => $pageNewName
diff --git a/Zotlabs/Widget/Wiki_pages.php b/Zotlabs/Widget/Wiki_pages.php
index ecd2c9100..dee0a2229 100644
--- a/Zotlabs/Widget/Wiki_pages.php
+++ b/Zotlabs/Widget/Wiki_pages.php
@@ -2,6 +2,7 @@
namespace Zotlabs\Widget;
+use Zotlabs\Lib\NativeWiki;
class Wiki_pages {
@@ -10,7 +11,7 @@ class Wiki_pages {
return;
$c = channelx_by_nick(argv(1));
- $w = \Zotlabs\Lib\NativeWiki::exists_by_name($c['channel_id'],urldecode(argv(2)));
+ $w = \Zotlabs\Lib\NativeWiki::exists_by_name($c['channel_id'],NativeWiki::name_decode(argv(2)));
$arr = array(
'resource_id' => $w['resource_id'],
'channel_id' => $c['channel_id'],
@@ -21,8 +22,9 @@ class Wiki_pages {
$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_wiki');
$can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false);
- $pageName = addslashes(escape_tags(urldecode(argv(3))));
+ $pageName = NativeWiki::name_decode(escape_tags(argv(3)));
+ $wikiname = $w['urlName'];
return replace_macros(get_markup_template('wiki_page_not_found.tpl'), array(
'$resource_id' => $arr['resource_id'],
'$channel_address' => $arr['channel_address'],
@@ -48,7 +50,7 @@ class Wiki_pages {
if(! $arr['resource_id']) {
$c = channelx_by_nick(argv(1));
- $w = \Zotlabs\Lib\NativeWiki::exists_by_name($c['channel_id'],urldecode(argv(2)));
+ $w = \Zotlabs\Lib\NativeWiki::exists_by_name($c['channel_id'],NativeWiki::name_decode(argv(2)));
$arr = array(
'resource_id' => $w['resource_id'],
'channel_id' => $c['channel_id'],
diff --git a/view/tpl/wiki.tpl b/view/tpl/wiki.tpl
index 2aabc7b5f..0f6fad8e3 100644
--- a/view/tpl/wiki.tpl
+++ b/view/tpl/wiki.tpl
@@ -262,7 +262,8 @@
if (data.success) {
window.saved = true;
window.console.log('Page saved successfully.');
- window.wiki_page_content = currentContent;
+ //window.wiki_page_content = currentContent;
+ window.wiki_page_content = data.content;
$('#id_commitMsg').val(''); // Clear the commit message box
$('#save-page').addClass('disabled'); // Disable the save button
{{if !$mimeType || $mimeType == 'text/markdown'}}
diff --git a/view/tpl/wiki_page_not_found.tpl b/view/tpl/wiki_page_not_found.tpl
index de98efdf8..bc8afeb53 100644
--- a/view/tpl/wiki_page_not_found.tpl
+++ b/view/tpl/wiki_page_not_found.tpl
@@ -1,7 +1,7 @@
<h3>Page does not exist</h3>
<br /><br /><br />
{{if $canadd}}
- <form id="new-page-form" action="wiki/{{$channel_address}}/create/page" method="post" >
+ <form id="new-page-form" action="/wiki/{{$channel_address}}/create/page" method="post" >
<input type="hidden" name="resource_id" value="{{$resource_id}}">
{{include file="field_input.tpl" field=$pageName}}
{{if $typelock}}