aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorM.Dent <dentm42@dm42.net>2018-10-07 19:08:47 -0400
committerM.Dent <dentm42@dm42.net>2018-10-08 13:35:18 -0400
commit93a310582f044d35f0a3583671053595fefdbedb (patch)
treefa57eb0f9b71ce9b8a8cedf46411f53e475c7bc0 /Zotlabs
parentf0b7a7e5d38a92268a67d8dedf69f97d88b4c542 (diff)
downloadvolse-hubzilla-93a310582f044d35f0a3583671053595fefdbedb.tar.gz
volse-hubzilla-93a310582f044d35f0a3583671053595fefdbedb.tar.bz2
volse-hubzilla-93a310582f044d35f0a3583671053595fefdbedb.zip
Implement custom escaping
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Lib/NativeWiki.php36
-rw-r--r--Zotlabs/Lib/NativeWikiPage.php12
-rw-r--r--Zotlabs/Module/Wiki.php34
-rw-r--r--Zotlabs/Widget/Wiki_pages.php3
4 files changed, 64 insertions, 21 deletions
diff --git a/Zotlabs/Lib/NativeWiki.php b/Zotlabs/Lib/NativeWiki.php
index 6f916216e..4309d3f6e 100644
--- a/Zotlabs/Lib/NativeWiki.php
+++ b/Zotlabs/Lib/NativeWiki.php
@@ -26,7 +26,8 @@ class NativeWiki {
$w['rawName'] = get_iconfig($w, 'wiki', 'rawName');
$w['htmlName'] = escape_tags($w['rawName']);
- $w['urlName'] = urlencode(urlencode($w['rawName']));
+ //$w['urlName'] = urlencode(urlencode($w['rawName']));
+ $w['urlName'] = self::name_encode($w['rawName']);
$w['mimeType'] = get_iconfig($w, 'wiki', 'mimeType');
$w['typelock'] = get_iconfig($w, 'wiki', 'typelock');
$w['lockstate'] = (($w['allow_cid'] || $w['allow_gid'] || $w['deny_cid'] || $w['deny_gid']) ? 'lock' : 'unlock');
@@ -233,7 +234,8 @@ class NativeWiki {
'wiki' => $w,
'rawName' => $rawName,
'htmlName' => escape_tags($rawName),
- 'urlName' => urlencode(urlencode($rawName)),
+ //'urlName' => urlencode(urlencode($rawName)),
+ 'urlName' => self::name_encode($rawName),
'mimeType' => $mimeType,
'typelock' => $typelock
);
@@ -249,7 +251,8 @@ class NativeWiki {
WHERE resource_type = '%s' AND iconfig.v = '%s' AND uid = %d
AND item_deleted = 0 $sql_extra limit 1",
dbesc(NWIKI_ITEM_RESOURCE_TYPE),
- dbesc(urldecode($urlName)),
+ //dbesc(urldecode($urlName)),
+ dbesc($urlName),
intval($uid)
);
@@ -286,4 +289,31 @@ class NativeWiki {
return array('read' => true, 'write' => $write, 'success' => true);
}
}
+
+ public static function name_encode ($string) {
+
+ $encoding = mb_internal_encoding();
+ mb_internal_encoding("UTF-8");
+ $ret = mb_ereg_replace_callback ('[^A-Za-z0-9\-\_\.\~]',function ($char) {
+ $charhex = unpack('H*',$char[0]);
+ $ret = '('.$charhex[1].')';
+ return $ret;
+ }
+ ,$string);
+ mb_internal_encoding($encoding);
+ return $ret;
+ }
+
+ public static function name_decode ($string) {
+
+ $encoding = mb_internal_encoding();
+ mb_internal_encoding("UTF-8");
+ $ret = mb_ereg_replace_callback ('(\(([0-9a-f]+)\))',function ($chars) {
+ return pack('H*',$chars[2]);
+ }
+ ,$string);
+ mb_internal_encoding($encoding);
+ return $ret;
+ }
+
}
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php
index d4875bbaf..d0f522ec1 100644
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -44,7 +44,8 @@ class NativeWikiPage {
$pages[] = [
'resource_id' => $resource_id,
'title' => escape_tags($title),
- 'url' => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+ //'url' => str_replace('%2F','/',urlencode(str_replace('%2F','/',urlencode($title)))),
+ 'url' => Zlib\NativeWiki::name_encode($title),
'link_id' => 'id_' . substr($resource_id, 0, 10) . '_' . $page_item['id']
];
}
@@ -98,7 +99,8 @@ class NativeWikiPage {
$page = [
'rawName' => $name,
'htmlName' => escape_tags($name),
- 'urlName' => urlencode($name),
+ //'urlName' => urlencode($name),
+ Zlib\NativeWiki::name_encode($name)
];
@@ -154,7 +156,8 @@ class NativeWikiPage {
$page = [
'rawName' => $pageNewName,
'htmlName' => escape_tags($pageNewName),
- 'urlName' => urlencode(escape_tags($pageNewName))
+ //'urlName' => urlencode(escape_tags($pageNewName))
+ Zlib\NativeWiki::name_encode($pageNewName)
];
return [ 'success' => true, 'page' => $page ];
@@ -527,7 +530,8 @@ class NativeWikiPage {
$pages = $pageURLs = array();
foreach ($match[1] as $m) {
// TODO: Why do we need to double urlencode for this to work?
- $pageURLs[] = urlencode(urlencode(escape_tags($m)));
+ //$pageURLs[] = urlencode(urlencode(escape_tags($m)));
+ $pageURLs[] = Zlib\NativeWiki::name_encode(escape_tags($m));
$pages[] = $m;
}
$idx = 0;
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 6be39214e..3b8f44124 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -237,7 +237,8 @@ class Wiki extends Controller {
// /wiki/channel/wiki -> No page was specified, so redirect to Home.md
- $wikiUrlName = urlencode(argv(2));
+ //$wikiUrlName = urlencode(argv(2));
+ $wikiUrlName = NativeWiki::name_encode(argv(2));
goaway(z_root() . '/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/Home');
case 4:
@@ -246,7 +247,8 @@ class Wiki extends Controller {
// GET /wiki/channel/wiki/page
// Fetch the wiki info and determine observer permissions
- $wikiUrlName = urldecode(argv(2));
+ //$wikiUrlName = urldecode(argv(2));
+ $wikiUrlName = NativeWiki::name_decode(argv(2));
$page_name = '';
$ignore_language = false;
@@ -262,7 +264,8 @@ class Wiki extends Controller {
$page_name .= argv($x);
}
- $pageUrlName = urldecode($page_name);
+ //$pageUrlName = urldecode($page_name);
+ $pageUrlName = NativeWiki::name_decode($page_name);
$langPageUrlName = urldecode(\App::$language . '/' . $page_name);
$w = NativeWiki::exists_by_name($owner['channel_id'], $wikiUrlName);
@@ -289,8 +292,10 @@ class Wiki extends Controller {
$wiki_editor = true;
}
- $wikiheaderName = urldecode($wikiUrlName);
- $wikiheaderPage = urldecode($pageUrlName);
+ //$wikiheaderName = urldecode($wikiUrlName);
+ $wikiheaderName = NativeWiki::name_decode($wikiUrlName);
+ //$wikiheaderPage = urldecode($pageUrlName);
+ $wikiheaderPage = NativeWiki::name_decode($pageUrlName);
$renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page'));
$sharePage = t('Share');
@@ -360,13 +365,14 @@ class Wiki extends Controller {
$currenttype = $types[$mimeType];
$placeholder = t('Short description of your changes (optional)');
-
+
+ $zrl = urlencode( z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName );
$o .= replace_macros(get_markup_template('wiki.tpl'),array(
'$wikiheaderName' => $wikiheaderName,
'$wikiheaderPage' => $wikiheaderPage,
'$renamePage' => $renamePage,
'$sharePage' => $sharePage,
- '$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'),
+ '$shareLink' => '#^[zrl=' . $zrl . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]',
'$showPageControls' => $showPageControls,
'$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')),
'$tools_label' => 'Page Tools',
@@ -465,7 +471,8 @@ class Wiki extends Controller {
$wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0);
$wiki['rawName'] = $name;
$wiki['htmlName'] = escape_tags($name);
- $wiki['urlName'] = urlencode(urlencode($name));
+ //$wiki['urlName'] = urlencode(urlencode($name));
+ $wiki['urlName'] = NativeWiki::name_encode($name);
$wiki['mimeType'] = $_POST['mimeType'];
$wiki['typelock'] = $_POST['typelock'];
@@ -514,7 +521,8 @@ class Wiki extends Controller {
$arr = [];
- $arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
+ //$arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
+ $arr['urlName'] = NativeWiki::name_encode($_POST['origRawName']);
if($_POST['updateRawName'])
$arr['updateRawName'] = $_POST['updateRawName'];
@@ -525,7 +533,7 @@ class Wiki extends Controller {
return; //not reached
}
- $wiki = NativeWiki::exists_by_name($owner['channel_id'], urldecode($arr['urlName']));
+ $wiki = NativeWiki::exists_by_name($owner['channel_id'], $arr['urlName']);
if($wiki['resource_id']) {
@@ -590,7 +598,7 @@ class Wiki extends Controller {
// backslashes won't work well in the javascript functions
$name = str_replace('\\','',$name);
- if(urlencode(escape_tags($name)) === '') {
+ if(NativeWiki::name_encode(escape_tags($name)) === '') {
json_return_and_die(array('message' => 'Error creating page. Invalid name (' . print_r($_POST,true) . ').', 'success' => false));
}
@@ -798,7 +806,7 @@ class Wiki extends Controller {
if ($pageUrlName === 'Home') {
json_return_and_die(array('message' => 'Cannot rename Home','success' => false));
}
- if(urlencode(escape_tags($pageNewName)) === '') {
+ if(NativeWiki::encode_name(escape_tags($pageNewName)) === '') {
json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false));
}
// Determine if observer has permission to rename pages
@@ -814,7 +822,7 @@ class Wiki extends Controller {
if($renamed['success']) {
$commit = NativeWikiPage::commit(array(
'channel_id' => $owner['channel_id'],
- 'commit_msg' => 'Renamed ' . urldecode($pageUrlName) . ' to ' . $renamed['page']['htmlName'],
+ 'commit_msg' => 'Renamed ' . NativeWiki::name_decode($pageUrlName) . ' to ' . $renamed['page']['htmlName'],
'resource_id' => $resource_id,
'observer_hash' => $observer_hash,
'pageUrlName' => $pageNewName
diff --git a/Zotlabs/Widget/Wiki_pages.php b/Zotlabs/Widget/Wiki_pages.php
index ecd2c9100..831662ca9 100644
--- a/Zotlabs/Widget/Wiki_pages.php
+++ b/Zotlabs/Widget/Wiki_pages.php
@@ -2,6 +2,7 @@
namespace Zotlabs\Widget;
+use Zotlabs\Lib\NativeWiki;
class Wiki_pages {
@@ -21,7 +22,7 @@ class Wiki_pages {
$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_wiki');
$can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false);
- $pageName = addslashes(escape_tags(urldecode(argv(3))));
+ $pageName = NativeWiki::name_decode(escape_tags(argv(3)));
return replace_macros(get_markup_template('wiki_page_not_found.tpl'), array(
'$resource_id' => $arr['resource_id'],