diff options
-rw-r--r-- | include/api.php | 14 | ||||
-rw-r--r-- | include/bbcode.php | 9 | ||||
-rwxr-xr-x | include/oembed.php | 2 | ||||
-rw-r--r-- | include/reddav.php | 4 | ||||
-rwxr-xr-x | include/text.php | 5 | ||||
-rw-r--r-- | mod/oembed.php | 3 |
6 files changed, 19 insertions, 18 deletions
diff --git a/include/api.php b/include/api.php index dd6733fe0..57551a3b0 100644 --- a/include/api.php +++ b/include/api.php @@ -533,12 +533,6 @@ require_once('include/items.php'); api_register_func('api/red/channel/export/basic','api_export_basic', true); - - - - - - function api_channel_stream(&$a, $type) { if(api_user() === false) { logger('api_channel_stream: no user'); @@ -700,12 +694,12 @@ require_once('include/items.php'); function red_item_new(&$a, $type) { if (api_user() === false) { - logger('api_statuses_update: no user'); + logger('api_red_item_new: no user'); return false; } - logger('api_statuses_update: REQUEST ' . print_r($_REQUEST,true)); - logger('api_statuses_update: FILES ' . print_r($_FILES,true)); + logger('api_red_item_new: REQUEST ' . print_r($_REQUEST,true)); + logger('api_red_item_new: FILES ' . print_r($_FILES,true)); // set this so that the item_post() function is quiet and doesn't redirect or emit json @@ -1698,7 +1692,7 @@ require_once('include/items.php'); 'broughtbyurl' => '', 'timezone' => 'UTC', 'closed' => $closed, 'inviteonly' => 'false', 'private' => $private, 'textlimit' => $textlimit, 'sslserver' => $sslserver, 'ssl' => $ssl, 'shorturllength' => '30', - 'friendica' => array( + 'redmatrix' => array( 'RED_PLATFORM' => RED_PLATFORM, 'RED_VERSION' => RED_VERSION, 'ZOT_REVISION' => ZOT_REVISION, diff --git a/include/bbcode.php b/include/bbcode.php index cd0bf527e..c8d1ab425 100644 --- a/include/bbcode.php +++ b/include/bbcode.php @@ -229,9 +229,12 @@ function bb_location($match) { function bbiframe($match) { $a = get_app(); - if(strpos($match[1],get_app()->get_hostname())) - return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; - return '<iframe src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; + + // use sandbox mode to prevent malicious goings on rather than host restriction + // if(strpos($match[1],get_app()->get_hostname())) + // return '<a href="' . $match[1] . '">' . $match[1] . '</a>'; + + return '<iframe sandbox="allow-same-origin allow-top-navigation" src="' . $match[1] . '" width="' . $a->videowidth . '" height="' . $a->videoheight . '"><a href="' . $match[1] . '">' . $match[1] . '</a></iframe>'; } function bb_ShareAttributesSimple($match) { diff --git a/include/oembed.php b/include/oembed.php index 57631b051..46b1d72c4 100755 --- a/include/oembed.php +++ b/include/oembed.php @@ -165,7 +165,7 @@ function oembed_iframe($src,$width,$height) { $a = get_app(); $s = $a->get_baseurl()."/oembed/".base64url_encode($src); - return '<iframe height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; + return '<iframe sandbox="allow-same-origin allow-top-navigation" height="' . $height . '" width="' . $width . '" src="' . $s . '" frameborder="no" >' . t('Embedded content') . '</iframe>'; } diff --git a/include/reddav.php b/include/reddav.php index 2a26ac42a..a39a84e21 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -708,7 +708,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d $perms group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); @@ -719,7 +719,7 @@ function RedFileData($file, &$auth,$test = false) { $r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, created, edited from attach where folder = '%s' and filename = '%s' and uid = %d group by filename limit 1", dbesc($folder), - basename($file), + dbesc(basename($file)), intval($channel_id) ); if($r) diff --git a/include/text.php b/include/text.php index 53b92c05f..e3b1f1c4e 100755 --- a/include/text.php +++ b/include/text.php @@ -278,6 +278,11 @@ function hex2bin($s) { if(! (is_string($s) && strlen($s))) return ''; + if(strlen($s) & 1) { + logger('hex2bin: illegal hex string: ' . $s); + return $s; + } + if(! ctype_xdigit($s)) { return($s); } diff --git a/mod/oembed.php b/mod/oembed.php index adda63cf2..a053a8c98 100644 --- a/mod/oembed.php +++ b/mod/oembed.php @@ -19,8 +19,7 @@ function oembed_init(&$a){ else { echo "<html><body>"; - $url = base64url_decode(argv(1)); - $j = oembed_fetch_url($url); + $j = oembed_fetch_url(base64url_decode(argv(1))); echo $j->html; // logger('mod-oembed ' . $j->html, LOGGER_ALL); echo "</body></html>"; |