6 files changed, 57 insertions, 103 deletions

diff --git a/Zotlabs/Lib/MarkdownSoap.php b/Zotlabs/Lib/MarkdownSoap.php
index d0481eb4d..2dcaaec9a 100644
--- a/Zotlabs/Lib/MarkdownSoap.php
+++ b/Zotlabs/Lib/MarkdownSoap.php
@@ -5,7 +5,7 @@ namespace Zotlabs\Lib;
 /**
  * MarkdownSoap
  * Purify Markdown for storage
- *   $x = newMarkdownSoap($string_to_be_cleansed);
+ *   $x = new MarkdownSoap($string_to_be_cleansed);
  *   $text = $x->clean();
  *
  * What this does:
diff --git a/Zotlabs/Lib/NativeWikiPage.php b/Zotlabs/Lib/NativeWikiPage.php
index 941ade90c..9f54081a1 100644
--- a/Zotlabs/Lib/NativeWikiPage.php
+++ b/Zotlabs/Lib/NativeWikiPage.php
@@ -307,34 +307,6 @@ class NativeWikiPage {
 		return null;
 	}
 
-
-
-	static public function prepare_content($s) {
-			
-		$text = preg_replace_callback('{
-					(?:\n\n|\A\n?)
-					(	            # $1 = the code block -- one or more lines, starting with a space/tab
-					  (?>
-						[ ]{'.'4'.'}  # Lines must start with a tab or a tab-width of spaces
-						.*\n+
-					  )+
-					)
-					((?=^[ ]{0,'.'4'.'}\S)|\Z)	# Lookahead for non-space at line-start, or end of doc
-				}xm',
-				'self::nwiki_prepare_content_callback', $s);
-	
-		return $text;
-	}
-	
-	static public function nwiki_prepare_content_callback($matches) {
-		$codeblock = $matches[1];
-	
-		$codeblock = htmlspecialchars($codeblock, ENT_NOQUOTES, UTF8, false);
-		return "\n\n" . $codeblock ;
-	}
-	
-	
-	
 	static public function save_page($arr) {
 
 		$pageUrlName   = ((array_key_exists('pageUrlName',$arr))   ? $arr['pageUrlName']   : '');
@@ -352,7 +324,8 @@ class NativeWikiPage {
 
 		$mimetype = $w['mimeType'];
 		if($mimetype === 'text/markdown') {
-			$content = purify_html(Zlib\NativeWikiPage::prepare_content($content));
+			$x = new Zlib\MarkdownSoap($content);
+			$content = $x->clean();
 		}
 		else {
 			$content = escape_tags($content);
diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php
index 43cf535a4..71f410b2a 100644
--- a/Zotlabs/Module/Item.php
+++ b/Zotlabs/Module/Item.php
@@ -471,15 +471,16 @@ class Item extends \Zotlabs\Web\Controller {
 		if(! $mimetype)
 			$mimetype = 'text/bbcode';
 	
+
+		$execflag = ((intval($uid) == intval($profile_uid) 
+			&& ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
+
 		if($preview) {
-			$body = z_input_filter($profile_uid,$body,$mimetype);
+			$body = z_input_filter($body,$mimetype,$execflag);
 		}
 	
-	
 		// Verify ability to use html or php!!!
 	
-		$execflag = ((intval($channel['channel_id']) == intval($profile_uid) && ($channel['channel_pageflags'] & PAGE_ALLOWCODE)) ? true : false);
-
 		$gacl = $acl->get();
 		$str_contact_allow = $gacl['allow_cid'];
 		$str_group_allow   = $gacl['allow_gid'];
@@ -843,18 +844,6 @@ class Item extends \Zotlabs\Web\Controller {
 		if(mb_strlen($datarray['title']) > 255)
 			$datarray['title'] = mb_substr($datarray['title'],0,255);
 	
-		if(array_key_exists('item_private',$datarray) && $datarray['item_private']) {
-	
-			$datarray['body'] = trim(z_input_filter($datarray['uid'],$datarray['body'],$datarray['mimetype']));
-	
-			if($uid) {
-				if($channel['channel_hash'] === $datarray['author_xchan']) {
-					$datarray['sig'] = base64url_encode(rsa_sign($datarray['body'],$channel['channel_prvkey']));
-					$datarray['item_verified'] = 1;
-				}
-			}
-		}
-	
 		if($webpage) {
 			Zlib\IConfig::Set($datarray,'system', webpage_to_namespace($webpage),
 				(($pagetitle) ? $pagetitle : substr($datarray['mid'],0,16)),true);
diff --git a/Zotlabs/Module/Wiki.php b/Zotlabs/Module/Wiki.php
index 5e7307c7b..79ec5ba25 100644
--- a/Zotlabs/Module/Wiki.php
+++ b/Zotlabs/Module/Wiki.php
@@ -243,6 +243,7 @@ class Wiki extends \Zotlabs\Web\Controller {
 					$renderedContent = Zlib\NativeWikiPage::convert_links(zidify_links(smilies(bbcode($content))), argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
 				}
 				else {
+					$content = Zlib\MarkdownSoap::unescape($content);
 					$html = Zlib\NativeWikiPage::generate_toc(zidify_text(purify_html(MarkdownExtra::defaultTransform(Zlib\NativeWikiPage::bbcode($content)))));
 					$renderedContent = Zlib\NativeWikiPage::convert_links($html, argv(0) . '/' . argv(1) . '/' . $wikiUrlName);
 				}
diff --git a/include/items.php b/include/items.php
index 1037f9814..c978805cd 100755
--- a/include/items.php
+++ b/include/items.php
@@ -334,18 +334,6 @@ function post_activity_item($arr,$allow_code = false,$deliver = true) {
 	if(! array_key_exists('mimetype',$arr))
 		$arr['mimetype'] = 'text/bbcode';
 
-	if(array_key_exists('item_private',$arr) && $arr['item_private']) {
-
-		$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
-
-		if($channel) {
-			if($channel['channel_hash'] === $arr['author_xchan']) {
-				$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
-				$arr['item_verified'] = 1;
-			}
-		}
-	}
-
 	$arr['mid']          = ((x($arr,'mid')) ? $arr['mid'] : item_message_id());
 	$arr['parent_mid']   = ((x($arr,'parent_mid')) ? $arr['parent_mid'] : $arr['mid']);
 	$arr['thr_parent']   = ((x($arr,'thr_parent')) ? $arr['thr_parent'] : $arr['mid']);
@@ -1483,35 +1471,36 @@ function item_store($arr, $allow_exec = false, $deliver = true) {
 	// obsolete, but needed so as not to throw not-null constraints on some database driveres
 	$arr['item_flags']    = ((x($arr,'item_flags'))    ? intval($arr['item_flags'])          : 0 );
 
-	// only detect language if we have text content, and if the post is private but not yet
-	// obscured, make it so.
 
-	if((! array_key_exists('item_obscured',$arr)) || $arr['item_obscured'] == 0) {
 
-		$arr['lang'] = detect_language($arr['body']);
-		// apply the input filter here - if it is obscured it has been filtered already
-		$arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
+	$arr['lang'] = detect_language($arr['body']);
+	// apply the input filter here
+	$arr['body'] = trim(z_input_filter($arr['body'],$arr['mimetype'],$allow_exec));
 
-		if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
+	if(local_channel() && (local_channel() == $arr['uid'])) {
+		if(! $arr['sig']) {
 			$channel = App::get_channel();
 			if($channel['channel_hash'] === $arr['author_xchan']) {
 				$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
 				$arr['item_verified'] = 1;
 			}
 		}
+	}
 
-		$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+	if(! array_key_exists('sig',$arr))
+		$arr['sig'] = '';
 
-		if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
-			$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
-			call_hooks('item_translate', $translate);
-			if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
-				logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
-				$ret['message'] = 'language not accepted';
-				return $ret;
-			}
-			$arr = $translate['item'];
+	$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+
+	if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
+		$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
+		call_hooks('item_translate', $translate);
+		if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
+			logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
+			$ret['message'] = 'language not accepted';
+			return $ret;
 		}
+		$arr = $translate['item'];
 	}
 
 	if((x($arr,'obj')) && is_array($arr['obj'])) {
@@ -1907,33 +1896,31 @@ function item_store_update($arr,$allow_exec = false, $deliver = true) {
 		return $ret;
 	}
 
-    if((! array_key_exists('item_obscured', $arr)) || $arr['item_obscured'] == 0) {
 
-		$arr['lang'] = detect_language($arr['body']);
+	$arr['lang'] = detect_language($arr['body']);
 
-        // apply the input filter here - if it is obscured it has been filtered already
-        $arr['body'] = trim(z_input_filter($arr['uid'],$arr['body'],$arr['mimetype']));
+	// apply the input filter here
+	$arr['body'] = trim($arr['body'],$arr['mimetype'],$allow_exec);
 
-		if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
-            $channel = App::get_channel();
-            if($channel['channel_hash'] === $arr['author_xchan']) {
-                $arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
-                $arr['item_verified'] = 1;
-            }
-        }
+	if(local_channel() && (local_channel() == $arr['uid']) && (! $arr['sig'])) {
+		$channel = App::get_channel();
+		if($channel['channel_hash'] === $arr['author_xchan']) {
+			$arr['sig'] = base64url_encode(rsa_sign($arr['body'],$channel['channel_prvkey']));
+			$arr['item_verified'] = 1;
+		}
+	}
 
-		$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
+	$allowed_languages = get_pconfig($arr['uid'],'system','allowed_languages');
 
-		if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
-			$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
-			call_hooks('item_translate', $translate);
-			if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
-				logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
-				$ret['message'] = 'language not accepted';
-				return $ret;
-			}
-			$arr = $translate['item'];
+	if((is_array($allowed_languages)) && ($arr['lang']) && (! array_key_exists($arr['lang'],$allowed_languages))) {
+		$translate = array('item' => $arr, 'from' => $arr['lang'], 'to' => $allowed_languages, 'translated' => false);
+		call_hooks('item_translate', $translate);
+		if((! $translate['translated']) && (intval(get_pconfig($arr['uid'],'system','reject_disallowed_languages')))) {
+			logger('item_store: language ' . $arr['lang'] . ' not accepted for uid ' . $arr['uid']);
+			$ret['message'] = 'language not accepted';
+			return $ret;
 		}
+		$arr = $translate['item'];
 	}
 
 	if((x($arr,'obj')) && is_array($arr['obj'])) {
diff --git a/include/text.php b/include/text.php
index 6715eca22..500c87ad5 100644
--- a/include/text.php
+++ b/include/text.php
@@ -3,6 +3,7 @@
  * @file include/text.php
  */
 
+use \Zotlabs\Lib as Zlib;
 use \Michelf\MarkdownExtra;
 
 require_once("include/bbcode.php");
@@ -89,12 +90,10 @@ function escape_tags($string) {
 }
 
 
-function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
+function z_input_filter($s,$type = 'text/bbcode',$allow_code = false) {
 
 	if($type === 'text/bbcode')
 		return escape_tags($s);
-	if($type === 'text/markdown')
-		return escape_tags($s);
 	if($type == 'text/plain')
 		return escape_tags($s);
 	if($type == 'application/x-pdl')
@@ -104,13 +103,17 @@ function z_input_filter($channel_id,$s,$type = 'text/bbcode') {
 		return $s;
 	}
 
-	$r = q("select channel_pageflags from channel where channel_id = %d limit 1",
-		intval($channel_id)
-	);
-	if(($r) && (local_channel() == $channel_id) && ($r[0]['channel_pageflags'] & PAGE_ALLOWCODE)) {
+	if($allow_code) {
+		if($type === 'text/markdown')
+			return htmlspecialchars($s,ENT_QUOTES);
 		return $s;
 	}
 
+	if($type === 'text/markdown') {
+		$x = new Zlib\MarkdownSoap($s);
+		return $x->clean();
+	}
+
 	if($type === 'text/html')
 		return purify_html($s);
 
@@ -1636,6 +1639,7 @@ function prepare_text($text, $content_type = 'text/bbcode', $cache = false) {
 			break;
 
 		case 'text/markdown':
+			$text = Zlib\MarkdownSoap::unescape($text);
 			$s = MarkdownExtra::defaultTransform($text);
 			break;