diff options
| author | friendica <info@friendica.com> | 2014-03-16 20:34:21 -0700 |
|---|---|---|
| committer | friendica <info@friendica.com> | 2014-03-16 20:34:21 -0700 |
| commit | ecb2e52a7411a8a39b8030964604f0f28f2facce (patch) | |
| tree | bbe36d04ddb359002cc0aa6976dd6a2c34d73747 /include | |
| parent | 6f9fde997bd0d6c59045220a1afc2060b857c83a (diff) | |
| download | volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.tar.gz volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.tar.bz2 volse-hubzilla-ecb2e52a7411a8a39b8030964604f0f28f2facce.zip | |
little fixes of hopefully nil significance
Diffstat (limited to 'include')
| -rw-r--r-- | include/api.php | 14 | ||||
| -rw-r--r-- | include/bbcode.php | 9 | ||||
| -rwxr-xr-x | include/oembed.php | 2 | ||||
| -rw-r--r-- | include/reddav.php | 4 | ||||
| -rwxr-xr-x | include/text.php | 5 |
5 files changed, 18 insertions, 16 deletions
diff --git a/include/api.php b/include/api.php index dd6733fe0..57551a3b0 100644 --- a/include/api.php +++ b/include/api.php @@ -533,12 +533,6 @@ require_once('include/items.php'); api_register_func('api/red/channel/export/basic','api_export_basic', true); - - - - - - function api_channel_stream(&$a, $type) { if(api_user() === false) { logger('api_channel_stream: no user'); @@ -700,12 +694,12 @@ require_once('include/items.php'); function red_item_new(&$a, $type) { if (api_user() === false) { - logger('api_statuses_update: no user'); + logger('api_red_item_new: no user'); return false; } - logger('api_statuses_update: REQUEST ' . print_r($_REQUEST,true)); - logger('api_statuses_update: FILES ' . print_r($_FILES,true)); + logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true)); + logger('api_red_item_new: FILES ' . print_r($_FILES,true)); // set this so that the item_post() function is quiet and doesn't redirect or emit json @@ -1698,7 +1692,7 @@ require_once('include/items.php'); 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, 'shorturllength' => '30', - 'friendica' => array( + 'redmatrix' => array( 'RED_PLATFORM' => RED_PLATFORM, 'RED_VERSION' => RED_VERSION, 'ZOT_REVISION' => ZOT_REVISION, diff --git a/include/bbcode.php b/include/bbcode.php index cd0bf527e..c8d1ab425 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -229,9 +229,12 @@ function bb_location($match) { function bbiframe($match) { $a = get_app(); - if(strpos($match[1],get_app()->get_hostname())) - return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; - return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; + + // use sandbox mode to prevent malicious goings on rather than host restriction + // if(strpos($match[1],get_app()->get_hostname())) + // return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; + + return '<iframe sandbox="allow-same-origin allow-top-navigation" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; } function bb_ShareAttributesSimple($match) { diff --git a/include/oembed.php b/include/oembed.php index 57631b051..46b1d72c4 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -165,7 +165,7 @@ function oembed_iframe($src,$width,$height) { $a = get_app(); $s = $a->get_baseurl()."/oembed/".base64url_encode($src); - return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; + return '<iframe sandbox="allow-same-origin allow-top-navigation" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; } diff --git a/include/reddav.php b/include/reddav.php index 2a26ac42a..a39a84e21 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -708,7 +708,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); @@ -719,7 +719,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); if($r) diff --git a/include/text.php b/include/text.php index 53b92c05f..e3b1f1c4e 100755 --- a/include/text.php +++ b/include/text.php @@ -278,6 +278,11 @@ function hex2bin($s) { if(! (is_string($s) && strlen($s))) return ''; + if(strlen($s) & 1) { + logger('hex2bin: illegal hex string: ' . $s); + return $s; + } + if(! ctype_xdigit($s)) { return($s); } |