aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-08-11 16:16:54 -0700
committerzotlabs <mike@macgirvin.com>2018-08-11 16:16:54 -0700
commit5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c (patch)
treec3db7397b580a709be1a641cfd3605ec0f1e068d
parent1d13cc1601eb6e4a127d975465fda32d92c402a1 (diff)
downloadvolse-hubzilla-5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c.tar.gz
volse-hubzilla-5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c.tar.bz2
volse-hubzilla-5afe779ffc69bc5889a83a6fcbc4bcefc7c40a5c.zip
prevent json-ld bombing, turn off browser autocomplete on channel sources creation
-rw-r--r--Zotlabs/Module/Sources.php2
-rw-r--r--include/network.php16
-rw-r--r--view/tpl/sources_new.tpl2
3 files changed, 18 insertions, 2 deletions
diff --git a/Zotlabs/Module/Sources.php b/Zotlabs/Module/Sources.php
index 91e2efa60..2a2fa1835 100644
--- a/Zotlabs/Module/Sources.php
+++ b/Zotlabs/Module/Sources.php
@@ -111,7 +111,7 @@ class Sources extends \Zotlabs\Web\Controller {
'$title' => t('New Source'),
'$desc' => t('Import all or selected content from the following channel into this channel and distribute it according to your channel settings.'),
'$words' => array( 'words', t('Only import content with these words (one per line)'),'',t('Leave blank to import all public content')),
- '$name' => array( 'name', t('Channel Name'), '', ''),
+ '$name' => array( 'name', t('Channel Name'), '', '', '', 'autocomplete="off"'),
'$tags' => array('tags', t('Add the following categories to posts imported from this source (comma separated)'),'',t('Optional')),
'$resend' => [ 'resend', t('Resend posts with this channel as author'), 0, t('Copyrights may apply'), [ t('No'), t('Yes') ]],
'$submit' => t('Submit')
diff --git a/include/network.php b/include/network.php
index 6961bf0ba..d4f4f27c6 100644
--- a/include/network.php
+++ b/include/network.php
@@ -2042,6 +2042,22 @@ function jsonld_document_loader($url) {
require_once('library/jsonld/jsonld.php');
+ $recursion = 0;
+
+ $x = debug_backtrace();
+ if($x) {
+ foreach($x as $n) {
+ if($n['function'] === __FUNCTION__) {
+ $recursion ++;
+ }
+ }
+ }
+ if($recursion > 5) {
+ logger('jsonld bomb detected at: ' . $url);
+ killme();
+ }
+
+
$cachepath = 'store/[data]/ldcache';
if(! is_dir($cachepath))
os_mkdir($cachepath, STORAGE_DEFAULT_PERMISSIONS, true);
diff --git a/view/tpl/sources_new.tpl b/view/tpl/sources_new.tpl
index 7cda9998d..9d320b5e2 100644
--- a/view/tpl/sources_new.tpl
+++ b/view/tpl/sources_new.tpl
@@ -3,7 +3,7 @@
<div class="descriptive-text">{{$desc}}</div>
-<form action="sources" method="post">
+<form action="sources" method="post" autocomplete="off" >
<input type="hidden" id="id_abook" name="abook" value="{{$abook}}" />
{{include file="field_input.tpl" field=$name}}
{{include file="field_input.tpl" field=$tags}}