various input filter fixes

10 files changed, 77 insertions, 27 deletions

diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index 2dcaaec9a..8cc18d513 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -34,9 +34,13 @@ class MarkdownSoap {
 
 
 	function clean() {
+
 		$x = $this->extract_code($this->str);
+
 		$x = $this->purify($x);
+
 		$x = $this->putback_code($x);		
+
 		$x = $this->escape($x);
 		
 		return $x;
@@ -60,7 +64,7 @@ class MarkdownSoap {
 	}
 	
 	function encode_code($matches) {
-		return $this->token . ';' . base64_encode($matches[1]) . ';' ;
+		return $this->token . ';' . base64_encode($matches[0]) . ';' ;
 	}
 
 	function decode_code($matches) {
@@ -73,7 +77,13 @@ class MarkdownSoap {
 	}
 
 	function purify($s) {
-		return purify_html($s);
+		$s = str_replace("\n",'<br>',$s);
+		$s = str_replace("\t",'&nbsp;&nbsp;&nbsp;&nbsp;',$s);
+		$s = str_replace(' ','&nbsp;',$s);
+		$s = purify_html($s);
+		$s = str_replace('&nbsp;'," ",$s);
+		$s = str_replace(['<br>','<br />'],["\n","\n"],$s);
+		return $s;
 	}
 
 	function escape($s) {
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php
index 9f54081a1..3d6da7779 100644
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -323,13 +323,6 @@ class NativeWikiPage {
 		}
 
 		$mimetype = $w['mimeType'];
-		if($mimetype === 'text/markdown') {
-			$x = new Zlib\MarkdownSoap($content);
-			$content = $x->clean();
-		}
-		else {
-			$content = escape_tags($content);
-		}
 	
 		// fetch the most recently saved revision. 
 
@@ -348,6 +341,7 @@ class NativeWikiPage {
 		$item['author_xchan'] = $observer_hash;
 		$item['revision']     = (($arr['revision']) ? intval($arr['revision']) + 1 : intval($item['revision']) + 1);
 		$item['edited']       = datetime_convert();
+		$item['mimetype']     = $mimetype;
 
 		if($item['iconfig'] && is_array($item['iconfig']) && count($item['iconfig'])) {
 			for($x = 0; $x < count($item['iconfig']); $x ++) {
@@ -515,6 +509,29 @@ class NativeWikiPage {
 		}
 		return $s;
 	}
+
+	static public function render_page_history($arr) {
+
+		$pageUrlName = ((array_key_exists('pageUrlName', $arr)) ? $arr['pageUrlName'] : '');
+		$resource_id = ((array_key_exists('resource_id', $arr)) ? $arr['resource_id'] : '');
+
+		$pageHistory = self::page_history([
+			'channel_id'    => \App::$profile_uid, 
+			'observer_hash' => get_observer_hash(),
+			'resource_id'   => $resource_id,
+			'pageUrlName'   => $pageUrlName
+		]);
+
+		return replace_macros(get_markup_template('nwiki_page_history.tpl'), array(
+			'$pageHistory' => $pageHistory['history'],
+			'$permsWrite'  => $arr['permsWrite'],
+			'$name_lbl'    => t('Name'),
+			'$msg_label'   => t('Message','wiki_history')
+		));
+
+	}
+
+
 	
 	/**
 	 * Replace the instances of the string [toc] with a list element that will be populated by
diff --git a/Zotlabs/Module/Editblock.php b/Zotlabs/Module/Editblock.php
index 654e2251d..8a7e87a09 100644
--- a/Zotlabs/Module/Editblock.php
+++ b/Zotlabs/Module/Editblock.php
@@ -98,6 +98,11 @@ class Editblock extends \Zotlabs\Web\Controller {
 
 		$mimetype = $itm[0]['mimetype'];
 
+		$content = $itm[0]['body'];
+		if($itm[0]['mimetype'] === 'text/markdown')
+			$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
+
+
 		$rp = 'blocks/' . $channel['channel_address'];
 
 		$x = array(
@@ -117,7 +122,7 @@ class Editblock extends \Zotlabs\Web\Controller {
 			'ptyp' => $itm[0]['type'],
 			'mimeselect' => true,
 			'mimetype' => $itm[0]['mimetype'],
-			'body' => undo_post_tagging($itm[0]['body']),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => true,
 			'title' => htmlspecialchars($itm[0]['title'],ENT_COMPAT,'UTF-8'),
diff --git a/Zotlabs/Module/Editlayout.php b/Zotlabs/Module/Editlayout.php
index ea637fcba..3d6a79507 100644
--- a/Zotlabs/Module/Editlayout.php
+++ b/Zotlabs/Module/Editlayout.php
@@ -119,6 +119,7 @@ class Editlayout extends \Zotlabs\Web\Controller {
 			'hide_weblink' => true,
 			'hide_attach' => true,
 			'hide_preview' => true,
+			'disable_comments' => true,
 			'ptyp' => $itm[0]['obj_type'],
 			'body' => undo_post_tagging($itm[0]['body']),
 			'post_id' => $post_id,
diff --git a/Zotlabs/Module/Editwebpage.php b/Zotlabs/Module/Editwebpage.php
index 97f4a32ff..03b2aeab9 100644
--- a/Zotlabs/Module/Editwebpage.php
+++ b/Zotlabs/Module/Editwebpage.php
@@ -129,6 +129,10 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 		}
 	
 		$layout = $itm[0]['layout_mid'];
+
+		$content = $itm[0]['body'];
+		if($itm[0]['mimetype'] === 'text/markdown')
+			$content = \Zotlabs\Lib\MarkdownSoap::unescape($itm[0]['body']);
 	
 		$rp = 'webpages/' . $which;
 
@@ -145,7 +149,7 @@ class Editwebpage extends \Zotlabs\Web\Controller {
 			'hide_location' => true,
 			'hide_voting' => true,
 			'ptyp' => $itm[0]['type'],
-			'body' => undo_post_tagging($itm[0]['body']),
+			'body' => undo_post_tagging($content),
 			'post_id' => $post_id,
 			'visitor' => ($is_owner) ? true : false,
 			'acl' => populate_acl($itm[0],false,\Zotlabs\Lib\PermissionDescription::fromGlobalPermission('view_pages')),
diff --git a/Zotlabs/Module/Hcard.php b/Zotlabs/Module/Hcard.php
index ec9181f6a..13097939e 100644
--- a/Zotlabs/Module/Hcard.php
+++ b/Zotlabs/Module/Hcard.php
@@ -59,12 +59,10 @@ class Hcard extends \Zotlabs\Web\Controller {
 	}
 	
 	
-		function get() {
-	
-		require_once('include/widgets.php');
-		return widget_profile(array());
-	
-	
+	function get() {
+
+		$x = new \Zotlabs\Widget\Profile();	
+		return $x->widget(array());
 	
 	}
 	
diff --git a/Zotlabs/Module/Layouts.php b/Zotlabs/Module/Layouts.php
index c07f65ce1..34d754029 100644
--- a/Zotlabs/Module/Layouts.php
+++ b/Zotlabs/Module/Layouts.php
@@ -125,6 +125,7 @@ class Layouts extends \Zotlabs\Web\Controller {
 			'hide_weblink' => true,
 			'hide_attach' => true,
 			'hide_preview' => true,
+			'disable_comments' => true,
 			'ptlabel'     => t('Layout Name'),
 			'profile_uid' => intval($owner),
 			'expanded'    => true,
diff --git a/Zotlabs/Module/Settings/Permcats.php b/Zotlabs/Module/Settings/Permcats.php
index 35d533196..771e76cbd 100644
--- a/Zotlabs/Module/Settings/Permcats.php
+++ b/Zotlabs/Module/Settings/Permcats.php
@@ -42,8 +42,6 @@ class Permcats {
 
 	function get() {
 
-logger('cmd: ' . \App::$cmd);
-
 		if(! local_channel())
 			return;
 
@@ -85,7 +83,7 @@ logger('cmd: ' . \App::$cmd);
 			if($existing[$k])
 				$thisperm = "1";
 
-			$perms[] = array('perms_' . $k, $v, ((array_key_exists($k,$their_perms)) ? intval($their_perms[$k]) : ''),$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
+			$perms[] = array('perms_' . $k, $v, '',$thisperm, 1, (($checkinherited & PERMS_SPECIFIC) ? '' : '1'), '', $checkinherited);
 		}
 
 
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 79ec5ba25..d24d3f6c3 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -237,6 +237,8 @@ class Wiki extends \Zotlabs\Web\Controller {
 
 				$rawContent = htmlspecialchars_decode(json_decode($p['content']),ENT_COMPAT);
 
+				$rawContent = $p['content'];
+
 				$content = ($p['content'] !== '' ? $rawContent : '"# New page\n"');
 				// Render the Markdown-formatted page content in HTML
 				if($mimeType == 'text/bbcode') {
@@ -244,7 +246,7 @@ class Wiki extends \Zotlabs\Web\Controller {
 				}
 				else {
 					$content = Zlib\MarkdownSoap::unescape($content);
-					$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))));
+					$html = Zlib\NativeWikiPage::generate_toc(zidify_text(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content))));
 					$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
 				}
 				$showPageControls = $wiki_editor;
@@ -328,9 +330,12 @@ class Wiki extends \Zotlabs\Web\Controller {
 				$html = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))),$wikiURL);
 			}
 			else {
-				require_once('library/markdown.php');
-				$content = Zlib\NativeWikiPage::bbcode($content);
-				$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(Markdown($content))));
+				$bb = Zlib\NativeWikiPage::bbcode($content);
+				$x = new ZLib\MarkdownSoap($bb);
+				$md = $x->clean();
+				$md = ZLib\MarkdownSoap::unescape($md);
+				$html = MarkdownExtra::defaultTransform($md);
+				$html = Zlib\NativeWikiPage::generate_toc(zidify_text($html));
 				$html = Zlib\NativeWikiPage::convert_links($html,$wikiURL);
 			}
 			json_return_and_die(array('html' => $html, 'success' => true));
@@ -455,7 +460,11 @@ class Wiki extends \Zotlabs\Web\Controller {
 				json_return_and_die(array('pages' => null, 'message' => 'Permission denied.', 'success' => false));					
 			}
 
-			$page_list_html = widget_wiki_pages(array(
+			// @FIXME - we shouldn't invoke this if it isn't in the PDL or has been over-ridden
+
+			$x = new \Zotlabs\Widget\Wiki_pages();
+
+			$page_list_html = $x->widget(array(
 					'resource_id' => $resource_id, 
 					'refresh' => true, 
 					'channel' => argv(1)));
@@ -513,7 +522,6 @@ class Wiki extends \Zotlabs\Web\Controller {
 			$resource_id = $_POST['resource_id'];
 			$pageUrlName = $_POST['name'];
 			
-
 			// Determine if observer has permission to read content
 
 			$perms = Zlib\NativeWiki::get_permissions($resource_id, intval($owner['channel_id']), $observer_hash);
@@ -522,11 +530,12 @@ class Wiki extends \Zotlabs\Web\Controller {
 				json_return_and_die(array('historyHTML' => '', 'message' => 'Permission denied.', 'success' => false));
 			}
 
-			$historyHTML = widget_wiki_page_history(array(
+			$historyHTML = \Zotlabs\Lib\NativeWikiPage::render_page_history(array(
 				'resource_id' => $resource_id,
 				'pageUrlName' => $pageUrlName,
 				'permsWrite'  => $perms['write']
 			));
+
 			json_return_and_die(array('historyHTML' => $historyHTML, 'message' => '', 'success' => true));
 		}
 
diff --git a/Zotlabs/Widget/Wiki_pages.php b/Zotlabs/Widget/Wiki_pages.php
index bad451475..f992b3f93 100644
--- a/Zotlabs/Widget/Wiki_pages.php
+++ b/Zotlabs/Widget/Wiki_pages.php
@@ -10,6 +10,12 @@ class Wiki_pages {
 		$channelname = ((array_key_exists('channel',$arr)) ? $arr['channel'] : '');
 		$c = channelx_by_nick($channelname);
 
+		if(! $c)
+			$c = \App::get_channel();
+
+		if(! $c)
+			return '';
+
 		$wikiname = '';
 		if(array_key_exists('refresh', $arr)) {
 			$not_refresh = (($arr['refresh']=== true) ? false : true);
@@ -36,6 +42,7 @@ class Wiki_pages {
 			}
 		}
 
+
 		$can_create = perm_is_allowed(\App::$profile['uid'],get_observer_hash(),'write_wiki');
 
 		$can_delete = ((local_channel() && (local_channel() == \App::$profile['uid'])) ? true : false);