aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Lib
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Lib')
-rw-r--r--Zotlabs/Lib/Activity.php203
-rw-r--r--Zotlabs/Lib/Cache.php13
-rw-r--r--Zotlabs/Lib/LDSignatures.php2
-rw-r--r--Zotlabs/Lib/Libzot.php53
-rw-r--r--Zotlabs/Lib/Queue.php2
-rw-r--r--Zotlabs/Lib/SvgSanitizer.php150
-rw-r--r--Zotlabs/Lib/ThreadItem.php5
7 files changed, 378 insertions, 50 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php
index f86dc1604..08a8b8d03 100644
--- a/Zotlabs/Lib/Activity.php
+++ b/Zotlabs/Lib/Activity.php
@@ -2,10 +2,12 @@
namespace Zotlabs\Lib;
+use Zotlabs\Access\PermissionLimits;
use Zotlabs\Daemon\Master;
use Zotlabs\Web\HTTPSig;
require_once('include/event.php');
+require_once('include/html2plain.php');
class Activity {
@@ -40,6 +42,8 @@ class Activity {
if($x['type'] === ACTIVITY_OBJ_PHOTO) {
return self::fetch_image($x);
}
+
+ call_hooks('encode_object',$x);
}
return $x;
@@ -63,12 +67,32 @@ class Activity {
}
else {
$m = parse_url($url);
+
+ // handle bearcaps
+ if ($m['scheme'] === 'bear') {
+ $params = explode('&',$m['query']);
+ if ($params) {
+ foreach ($params as $p) {
+ if (substr($p,0,2) === 'u=') {
+ $url = substr($p,2);
+ }
+ if (substr($p,0,2) === 't=') {
+ $token = substr($p,2);
+ }
+ }
+ $m = parse_url($url);
+ }
+ }
+
$headers = [
'Accept' => 'application/activity+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams"',
'Host' => $m['host'],
- '(request-target)' => 'get ' . get_request_string($url),
- 'Date' => datetime_convert('UTC','UTC','now','D, d M Y H:i:s') . ' UTC'
+ 'Date' => datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T'),
+ '(request-target)' => 'get ' . get_request_string($url)
];
+ if (isset($token)) {
+ $headers['Authorization'] = 'Bearer ' . $token;
+ }
$h = HTTPSig::create_sig($headers,$channel['channel_prvkey'],channel_url($channel),false);
$x = z_fetch_url($url, true, $redirects, [ 'headers' => $h ] );
}
@@ -178,6 +202,11 @@ class Activity {
$ev = bbtoevent($x['content']);
if($ev) {
+
+ if (! $ev['timezone']) {
+ $ev['timezone'] = 'UTC';
+ }
+
$actor = null;
if(array_key_exists('author',$x) && array_key_exists('link',$x['author'])) {
$actor = $x['author']['link'][0]['href'];
@@ -185,16 +214,17 @@ class Activity {
$y = [
'type' => 'Event',
'id' => z_root() . '/event/' . $ev['event_hash'],
- 'summary' => bbcode($ev['summary'], [ 'cache' => true ]),
+ 'name' => $ev['summary'],
+// 'summary' => bbcode($ev['summary'], [ 'cache' => true ]),
// RFC3339 Section 4.3
- 'startTime' => (($ev['adjust']) ? datetime_convert('UTC','UTC',$ev['dtstart'], ATOM_TIME) : datetime_convert('UTC','UTC',$ev['dtstart'],'Y-m-d\\TH:i:s-00:00')),
+ 'startTime' => (($ev['adjust']) ? datetime_convert($ev['timezone'],'UTC',$ev['dtstart'], ATOM_TIME) : datetime_convert('UTC','UTC',$ev['dtstart'],'Y-m-d\\TH:i:s-00:00')),
'content' => bbcode($ev['description'], [ 'cache' => true ]),
'location' => [ 'type' => 'Place', 'content' => bbcode($ev['location'], [ 'cache' => true ]) ],
'source' => [ 'content' => format_event_bbcode($ev), 'mediaType' => 'text/bbcode' ],
'actor' => $actor,
];
if(! $ev['nofinish']) {
- $y['endTime'] = (($ev['adjust']) ? datetime_convert('UTC','UTC',$ev['dtend'], ATOM_TIME) : datetime_convert('UTC','UTC',$ev['dtend'],'Y-m-d\\TH:i:s-00:00'));
+ $y['endTime'] = (($ev['adjust']) ? datetime_convert($ev['timezone'],'UTC',$ev['dtend'], ATOM_TIME) : datetime_convert('UTC','UTC',$ev['dtend'],'Y-m-d\\TH:i:s-00:00'));
}
// copy attachments from the passed object - these are already formatted for ActivityStreams
@@ -274,8 +304,14 @@ class Activity {
$ret = [];
- $objtype = self::activity_obj_mapper($i['obj_type']);
-
+ if($i['verb'] === ACTIVITY_FRIEND) {
+ // Hubzilla 'make-friend' activity, no direct mapping from AS1 to AS2 - make it a note
+ $objtype = 'Note';
+ }
+ else {
+ $objtype = self::activity_obj_mapper($i['obj_type']);
+ }
+
if(intval($i['item_deleted'])) {
$ret['type'] = 'Tombstone';
$ret['formerType'] = $objtype;
@@ -312,10 +348,21 @@ class Activity {
}
}
+ if (intval($i['item_wall']) && $i['mid'] === $i['parent_mid']) {
+ $ret['commentPolicy'] = map_scope(PermissionLimits::Get($i['uid'],'post_comments'));
+ }
+
if (intval($i['item_private']) === 2) {
$ret['directMessage'] = true;
}
+ if (array_key_exists('comments_closed',$i) && $i['comments_closed'] !== EMPTY_STR && $i['comments_closed'] !== NULL_DATE) {
+ if($ret['commentPolicy']) {
+ $ret['commentPolicy'] .= ' ';
+ }
+ $ret['commentPolicy'] .= 'until=' . datetime_convert('UTC','UTC',$i['comments_closed'],ATOM_TIME);
+ }
+
$ret['attributedTo'] = $i['author']['xchan_url'];
if($i['id'] != $i['parent']) {
@@ -354,26 +401,30 @@ class Activity {
$ret = [];
- if($item['tag']) {
- foreach($item['tag'] as $t) {
- if(! array_key_exists('type',$t))
+ if ($item['tag'] && is_array($item['tag'])) {
+ $ptr = $item['tag'];
+ if (! array_key_exists(0,$ptr)) {
+ $ptr = [ $ptr ];
+ }
+ foreach ($ptr as $t) {
+ if (! array_key_exists('type',$t))
$t['type'] = 'Hashtag';
switch($t['type']) {
case 'Hashtag':
- $ret[] = [ 'ttype' => TERM_HASHTAG, 'url' => ((isset($t['href'])) ? $t['href'] : $t['id']), 'term' => escape_tags((substr($t['name'],0,1) === '#') ? substr($t['name'],1) : $t['name']) ];
+ $ret[] = [ 'ttype' => TERM_HASHTAG, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'],0,1) === '#') ? substr($t['name'],1) : $t['name']) ];
break;
case 'Mention':
$mention_type = substr($t['name'],0,1);
- if($mention_type === '!') {
+ if ($mention_type === '!') {
$ret[] = [ 'ttype' => TERM_FORUM, 'url' => $t['href'], 'term' => escape_tags(substr($t['name'],1)) ];
}
else {
$ret[] = [ 'ttype' => TERM_MENTION, 'url' => $t['href'], 'term' => escape_tags((substr($t['name'],0,1) === '@') ? substr($t['name'],1) : $t['name']) ];
}
break;
-
+
default:
break;
}
@@ -384,6 +435,7 @@ class Activity {
}
+
static function encode_taxonomy($item) {
$ret = [];
@@ -467,6 +519,12 @@ class Activity {
$ret = [];
$reply = false;
+
+ if($i['verb'] === ACTIVITY_FRIEND) {
+ // Hubzilla 'make-friend' activity, no direct mapping from AS1 to AS2 - make it a note
+ $ret['obj'] = [];
+ }
+
if(intval($i['item_deleted'])) {
$ret['type'] = 'Tombstone';
$ret['formerType'] = self::activity_obj_mapper($i['obj_type']);
@@ -479,11 +537,6 @@ class Activity {
return $ret;
}
- if($i['verb'] === ACTIVITY_FRIEND) {
- // Hubzilla 'make-friend' activity, no direct mapping from AS1 to AS2 - make it a note
- $ret['obj_type'] = ACTIVITY_OBJ_NOTE;
- $ret['obj'] = [];
- }
$ret['type'] = self::activity_mapper($i['verb']);
@@ -497,6 +550,25 @@ class Activity {
xchan_query($p,true);
$p = fetch_post_tags($p,true);
$i['obj'] = self::encode_item($p[0]);
+
+ // convert to zot6 emoji reaction encoding which uses the target object to indicate the
+ // specific emoji instead of overloading the verb or type.
+
+ $im = explode('#',$i['verb']);
+ if($im && count($im) > 1)
+ $emoji = $im[1];
+ if(preg_match("/\[img(.*?)\](.*?)\[\/img\]/ism", $i['body'], $match)) {
+ $ln = $match[2];
+ }
+
+ $i['tgt_type'] = 'Image';
+
+ $i['target'] = [
+ 'type' => 'Image',
+ 'name' => $emoji,
+ 'url' => (($ln) ? $ln : z_root() . '/images/emoji/' . $emoji . '.png')
+ ];
+
}
}
@@ -537,9 +609,15 @@ class Activity {
}
if($i['id'] != $i['parent']) {
- $ret['inReplyTo'] = ((strpos($i['thr_parent'],'http') === 0) ? $i['thr_parent'] : z_root() . '/item/' . urlencode($i['thr_parent']));
$reply = true;
+ // inReplyTo needs to be set in the activity for followup actiions (Like, Dislike, Attend, Announce, etc.),
+ // but *not* for comments, where it should only be present in the object
+
+ if (! in_array($ret['type'],[ 'Create','Update' ])) {
+ $ret['inReplyTo'] = ((strpos($i['thr_parent'],'http') === 0) ? $i['thr_parent'] : z_root() . '/item/' . urlencode($i['thr_parent']));
+ }
+
if($i['item_private']) {
$d = q("select xchan_url, xchan_addr, xchan_name from item left join xchan on xchan_hash = author_xchan where id = %d limit 1",
intval($i['parent'])
@@ -577,7 +655,7 @@ class Activity {
$i['obj'] = json_decode($i['obj'],true);
}
if($i['obj']['type'] === ACTIVITY_OBJ_PHOTO) {
- $i['obj']['id'] = $i['id'];
+ $i['obj']['id'] = $i['mid'];
}
$obj = self::encode_object($i['obj']);
@@ -668,8 +746,24 @@ class Activity {
}
$ret = [];
+ $c = ((array_key_exists('channel_id',$p)) ? $p : channelx_by_hash($p['xchan_hash']));
+
$ret['type'] = 'Person';
- $ret['id'] = $p['xchan_url'];
+
+ if ($c) {
+ $role = get_pconfig($c['channel_id'],'system','permissions_role');
+ if (strpos($role,'forum') !== false) {
+ $ret['type'] = 'Group';
+ }
+ }
+
+ if ($c) {
+ $ret['id'] = channel_url($c);
+ }
+ else {
+ $ret['id'] = ((strpos($p['xchan_hash'],'http') === 0) ? $p['xchan_hash'] : $p['xchan_url']);
+ }
+
if($p['xchan_addr'] && strpos($p['xchan_addr'],'@'))
$ret['preferredUsername'] = substr($p['xchan_addr'],0,strpos($p['xchan_addr'],'@'));
$ret['name'] = $p['xchan_name'];
@@ -731,6 +825,7 @@ class Activity {
'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept'
];
+ call_hooks('activity_mapper',$acts);
if(array_key_exists($verb,$acts) && $acts[$verb]) {
return $acts[$verb];
@@ -743,6 +838,9 @@ class Activity {
if(strpos($verb,ACTIVITY_MOOD) !== false)
return 'Create';
+ if(strpos($verb,ACTIVITY_FRIEND) !== false)
+ return 'Create';
+
if(strpos($verb,ACTIVITY_POKE) !== false)
return 'Activity';
@@ -773,6 +871,7 @@ class Activity {
'http://purl.org/zot/activity/attendmaybe' => 'TentativeAccept'
];
+ call_hooks('activity_decode_mapper',$acts);
foreach($acts as $k => $v) {
if($verb === $v) {
@@ -806,6 +905,8 @@ class Activity {
];
+ call_hooks('activity_obj_decode_mapper',$objs);
+
foreach($objs as $k => $v) {
if($obj === $v) {
return $k;
@@ -843,6 +944,8 @@ class Activity {
];
+ call_hooks('activity_obj_mapper',$objs);
+
if(array_key_exists($obj,$objs)) {
return $objs[$obj];
}
@@ -1601,11 +1704,12 @@ class Activity {
}
if($act->obj['type'] === 'Event') {
+
$s['obj'] = [];
$s['obj']['asld'] = $act->obj;
$s['obj']['type'] = ACTIVITY_OBJ_EVENT;
$s['obj']['id'] = $act->obj['id'];
- $s['obj']['title'] = $act->obj['summary'];
+ $s['obj']['title'] = $act->obj['name'];
if(strpos($act->obj['startTime'],'Z'))
$s['obj']['adjust'] = true;
@@ -1863,6 +1967,15 @@ class Activity {
set_iconfig($s,'activitypub','rawmsg',$act->raw,1);
}
+ $hookinfo = [
+ 'act' => $act,
+ 's' => $s
+ ];
+
+ call_hooks('decode_note',$hookinfo);
+
+ $s = $hookinfo['s'];
+
return $s;
}
@@ -2052,16 +2165,25 @@ class Activity {
break;
}
- if(! $item) {
- break;
- }
- array_unshift($p,[ $a, $item, $replies]);
+ $hookinfo = [
+ 'a' => $a,
+ 'item' => $item
+ ];
+
+ call_hooks('fetch_and_store',$hookinfo);
- if($item['parent_mid'] === $item['mid'] || count($p) > 20) {
- break;
- }
+ $item = $hookinfo['item'];
+
+ if($item) {
+
+ array_unshift($p,[ $a, $item, $replies]);
+
+ if($item['parent_mid'] === $item['mid'] || count($p) > 20) {
+ break;
+ }
+ }
$current_act = $a;
$current_item = $item;
}
@@ -2110,11 +2232,19 @@ class Activity {
default:
break;
}
- if(! $item) {
- break;
- }
- array_unshift($p,[ $a, $item ]);
+ $hookinfo = [
+ 'a' => $a,
+ 'item' => $item
+ ];
+
+ call_hooks('fetch_and_store',$hookinfo);
+
+ $item = $hookinfo['item'];
+
+ if($item) {
+ array_unshift($p,[ $a, $item ]);
+ }
}
@@ -2495,7 +2625,12 @@ class Activity {
}
if($event) {
- $event['summary'] = html2bbcode($content['summary']);
+ $event['summary'] = $content['name'];
+ if(! $event['summary']) {
+ if($content['summary']) {
+ $event['summary'] = html2plain($content['summary']);
+ }
+ }
$event['description'] = html2bbcode($content['content']);
if($event['summary'] && $event['dtstart']) {
$content['event'] = $event;
diff --git a/Zotlabs/Lib/Cache.php b/Zotlabs/Lib/Cache.php
index cea075659..878201a42 100644
--- a/Zotlabs/Lib/Cache.php
+++ b/Zotlabs/Lib/Cache.php
@@ -11,8 +11,10 @@ class Cache {
$hash = hash('whirlpool',$key);
- $r = q("SELECT v FROM cache WHERE k = '%s' limit 1",
- dbesc($hash)
+ $r = q("SELECT v FROM cache WHERE k = '%s' AND updated > %s - INTERVAL %s LIMIT 1",
+ dbesc($hash),
+ db_utcnow(),
+ db_quoteinterval(get_config('system','object_cache_days', '30') . ' DAY')
);
if ($r)
@@ -40,12 +42,5 @@ class Cache {
dbesc(datetime_convert()));
}
}
-
-
- public static function clear() {
- q("DELETE FROM cache WHERE updated < '%s'",
- dbesc(datetime_convert('UTC','UTC',"now - 30 days")));
- }
-
}
diff --git a/Zotlabs/Lib/LDSignatures.php b/Zotlabs/Lib/LDSignatures.php
index b13c4cf4a..16c8cfc18 100644
--- a/Zotlabs/Lib/LDSignatures.php
+++ b/Zotlabs/Lib/LDSignatures.php
@@ -30,7 +30,7 @@ class LDSignatures {
'type' => 'RsaSignature2017',
'nonce' => random_string(64),
'creator' => z_root() . '/channel/' . $channel['channel_address'],
- 'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\Th:i:s\Z')
+ 'created' => datetime_convert('UTC','UTC', 'now', 'Y-m-d\TH:i:s\Z')
];
$ohash = self::hash(self::signable_options($options));
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
index 2a13744a3..100d45c05 100644
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -1223,9 +1223,39 @@ class Libzot {
if($private) {
$arr['item_private'] = true;
}
+
+ if ($arr['mid'] === $arr['parent_mid']) {
+ if (is_array($AS->obj) && array_key_exists('commentPolicy',$AS->obj)) {
+ $p = strstr($AS->obj['commentPolicy'],'until=');
+ if($p !== false) {
+ $arr['comments_closed'] = datetime_convert('UTC','UTC', substr($p,6));
+ $arr['comment_policy'] = trim(str_replace($p,'',$AS->obj['commentPolicy']));
+ }
+ else {
+ $arr['comment_policy'] = $AS->obj['commentPolicy'];
+ }
+ }
+ }
+
+
/// @FIXME - spoofable
if($AS->data['hubloc']) {
$arr['item_verified'] = true;
+
+ if (! array_key_exists('comment_policy',$arr)) {
+ // set comment policy depending on source hub. Unknown or osada is ActivityPub.
+ // Anything else we'll say is zot - which could have a range of project names
+ $s = q("select site_project from site where site_url = '%s' limit 1",
+ dbesc($r[0]['hubloc_url'])
+ );
+
+ if ((! $s) || (in_array($s[0]['site_project'],[ '', 'osada' ]))) {
+ $arr['comment_policy'] = 'authenticated';
+ }
+ else {
+ $arr['comment_policy'] = 'contacts';
+ }
+ }
}
if($AS->data['signed_data']) {
IConfig::Set($arr,'activitystreams','signed_data',$AS->data['signed_data'],false);
@@ -1734,7 +1764,7 @@ class Libzot {
// if it's a sourced post, call the post_local hooks as if it were
// posted locally so that crosspost connectors will be triggered.
- if(check_item_source($arr['uid'], $arr)) {
+ if(check_item_source($arr['uid'], $arr) || ($channel['xchan_pubforum'] == 1)) {
/**
* @hooks post_local
* Called when an item has been posted on this machine via mod/item.php (also via API).
@@ -1819,6 +1849,10 @@ class Libzot {
$ret = [];
+ $signer = q("select hubloc_hash, hubloc_url from hubloc where hubloc_id_url = '%s' and hubloc_network = 'zot6' limit 1",
+ dbesc($a['signature']['signer'])
+ );
+
foreach($a['data']['orderedItems'] as $activity) {
$AS = new ActivityStreams($activity);
@@ -1877,6 +1911,23 @@ class Libzot {
if($AS->data['hubloc']) {
$arr['item_verified'] = true;
}
+
+ // set comment policy depending on source hub. Unknown or osada is ActivityPub.
+ // Anything else we'll say is zot - which could have a range of project names
+
+ if ($signer) {
+ $s = q("select site_project from site where site_url = '%s' limit 1",
+ dbesc($signer[0]['hubloc_url'])
+ );
+ if ((! $s) || (in_array($s[0]['site_project'],[ '', 'osada' ]))) {
+ $arr['comment_policy'] = 'authenticated';
+ }
+ else {
+ $arr['comment_policy'] = 'contacts';
+ }
+ }
+
+
if($AS->data['signed_data']) {
IConfig::Set($arr,'activitystreams','signed_data',$AS->data['signed_data'],false);
}
diff --git a/Zotlabs/Lib/Queue.php b/Zotlabs/Lib/Queue.php
index baa1da70d..49891a55b 100644
--- a/Zotlabs/Lib/Queue.php
+++ b/Zotlabs/Lib/Queue.php
@@ -250,7 +250,7 @@ class Queue {
$host_crypto = null;
if($channel && $base) {
- $h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' order by hubloc_id desc limit 1",
+ $h = q("select hubloc_sitekey, site_crypto from hubloc left join site on hubloc_url = site_url where site_url = '%s' and hubloc_sitekey != '' order by hubloc_id desc limit 1",
dbesc($base)
);
if($h) {
diff --git a/Zotlabs/Lib/SvgSanitizer.php b/Zotlabs/Lib/SvgSanitizer.php
new file mode 100644
index 000000000..c9bafc464
--- /dev/null
+++ b/Zotlabs/Lib/SvgSanitizer.php
@@ -0,0 +1,150 @@
+<?php
+
+namespace Zotlabs\Lib;
+use DomDocument;
+
+/**
+ * SVGSantiizer
+ *
+ * Whitelist-based PHP SVG sanitizer.
+ *
+ * @link https://github.com/alister-/SVG-Sanitizer}
+ * @author Alister Norris
+ * @copyright Copyright (c) 2013 Alister Norris
+ * @license http://opensource.org/licenses/mit-license.php The MIT License
+ * @package svgsanitizer
+ */
+
+class SvgSanitizer {
+
+ private $xmlDoc; // PHP XML DOMDocument
+
+ private $removedattrs = [];
+
+ private static $allowed_functions = [ 'matrix', 'url', 'translate', 'rgb' ];
+
+ // defines the whitelist of elements and attributes allowed.
+ private static $whitelist = [
+ 'a' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'mask', 'opacity', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'href', 'xlink:href', 'xlink:title' ],
+ 'circle' => [ 'class', 'clip-path', 'clip-rule', 'cx', 'cy', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'mask', 'opacity', 'r', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+ 'clipPath' => [ 'class', 'clipPathUnits', 'id' ],
+ 'defs' => [ ],
+ 'style' => [ 'type' ],
+ 'desc' => [ ],
+ 'ellipse' => [ 'class', 'clip-path', 'clip-rule', 'cx', 'cy', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'mask', 'opacity', 'requiredFeatures', 'rx', 'ry', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+ 'feGaussianBlur' => [ 'class', 'color-interpolation-filters', 'id', 'requiredFeatures', 'stdDeviation' ],
+ 'filter' => [ 'class', 'color-interpolation-filters', 'filterRes', 'filterUnits', 'height', 'id', 'primitiveUnits', 'requiredFeatures', 'width', 'x', 'xlink:href', 'y' ],
+ 'foreignObject' => [ 'class', 'font-size', 'height', 'id', 'opacity', 'requiredFeatures', 'style', 'transform', 'width', 'x', 'y' ],
+ 'g' => [ 'class', 'clip-path', 'clip-rule', 'id', 'display', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'font-family', 'font-size', 'font-style', 'font-weight', 'text-anchor' ],
+ 'image' => [ 'class', 'clip-path', 'clip-rule', 'filter', 'height', 'id', 'mask', 'opacity', 'requiredFeatures', 'style', 'systemLanguage', 'transform', 'width', 'x', 'xlink:href', 'xlink:title', 'y' ],
+ 'line' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'x1', 'x2', 'y1', 'y2' ],
+ 'linearGradient' => [ 'class', 'id', 'gradientTransform', 'gradientUnits', 'requiredFeatures', 'spreadMethod', 'systemLanguage', 'x1', 'x2', 'xlink:href', 'y1', 'y2' ],
+ 'marker' => [ 'id', 'class', 'markerHeight', 'markerUnits', 'markerWidth', 'orient', 'preserveAspectRatio', 'refX', 'refY', 'systemLanguage', 'viewBox' ],
+ 'mask' => [ 'class', 'height', 'id', 'maskContentUnits', 'maskUnits', 'width', 'x', 'y' ],
+ 'metadata' => [ 'class', 'id' ],
+ 'path' => [ 'class', 'clip-path', 'clip-rule', 'd', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+ 'pattern' => [ 'class', 'height', 'id', 'patternContentUnits', 'patternTransform', 'patternUnits', 'requiredFeatures', 'style', 'systemLanguage', 'viewBox', 'width', 'x', 'xlink:href', 'y' ],
+ 'polygon' => [ 'class', 'clip-path', 'clip-rule', 'id', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'id', 'class', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'points', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+ 'polyline' => [ 'class', 'clip-path', 'clip-rule', 'id', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'marker-end', 'marker-mid', 'marker-start', 'mask', 'opacity', 'points', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform' ],
+ 'radialGradient' => [ 'class', 'cx', 'cy', 'fx', 'fy', 'gradientTransform', 'gradientUnits', 'id', 'r', 'requiredFeatures', 'spreadMethod', 'systemLanguage', 'xlink:href' ],
+ 'rect' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'height', 'id', 'mask', 'opacity', 'requiredFeatures', 'rx', 'ry', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'width', 'x', 'y' ],
+ 'stop' => [ 'class', 'id', 'offset', 'requiredFeatures', 'stop-color', 'stop-opacity', 'style', 'systemLanguage' ],
+ 'svg' => [ 'class', 'clip-path', 'clip-rule', 'filter', 'id', 'height', 'mask', 'preserveAspectRatio', 'requiredFeatures', 'style', 'systemLanguage', 'viewBox', 'width', 'x', 'xmlns', 'xmlns:se', 'xmlns:xlink', 'y' ],
+ 'switch' => [ 'class', 'id', 'requiredFeatures', 'systemLanguage' ],
+ 'symbol' => [ 'class', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'id', 'opacity', 'preserveAspectRatio', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'transform', 'viewBox' ],
+ 'text' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'id', 'mask', 'opacity', 'requiredFeatures', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'text-anchor', 'transform', 'x', 'xml:space', 'y' ],
+ 'textPath' => [ 'class', 'id', 'method', 'requiredFeatures', 'spacing', 'startOffset', 'style', 'systemLanguage', 'transform', 'xlink:href' ],
+ 'title' => [ ],
+ 'tspan' => [ 'class', 'clip-path', 'clip-rule', 'dx', 'dy', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'font-family', 'font-size', 'font-style', 'font-weight', 'id', 'mask', 'opacity', 'requiredFeatures', 'rotate', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'systemLanguage', 'text-anchor', 'textLength', 'transform', 'x', 'xml:space', 'y' ],
+ 'use' => [ 'class', 'clip-path', 'clip-rule', 'fill', 'fill-opacity', 'fill-rule', 'filter', 'height', 'id', 'mask', 'stroke', 'stroke-dasharray', 'stroke-dashoffset', 'stroke-linecap', 'stroke-linejoin', 'stroke-miterlimit', 'stroke-opacity', 'stroke-width', 'style', 'transform', 'width', 'x', 'xlink:href', 'y' ],
+ ];
+
+ function __construct() {
+ $this->xmlDoc = new DOMDocument('1.0','UTF-8');
+ $this->xmlDoc->preserveWhiteSpace = false;
+ libxml_use_internal_errors(true);
+ }
+
+ // load XML SVG
+ function load($file) {
+ $this->xmlDoc->load($file);
+ }
+
+ function loadXML($str) {
+ if (! $this->xmlDoc->loadXML($str)) {
+ logger('loadxml: ' . print_r(libxml_get_errors(),true), LOGGER_DEBUG);
+ return false;
+ }
+ return true;
+ }
+
+ function sanitize()
+ {
+ // all elements in xml doc
+ $allElements = $this->xmlDoc->getElementsByTagName('*');
+
+ // loop through all elements
+ for($i = 0; $i < $allElements->length; $i++)
+ {
+ $this->removedattrs = [];
+
+ $currentNode = $allElements->item($i);
+
+ // logger('current_node: ' . print_r($currentNode,true));
+
+ // array of allowed attributes in specific element
+ $whitelist_attr_arr = self::$whitelist[$currentNode->tagName];
+
+ // does element exist in whitelist?
+ if(isset($whitelist_attr_arr)) {
+ $total = $currentNode->attributes->length;
+
+ for($x = 0; $x < $total; $x++) {
+
+ // get attributes name
+ $attrName = $currentNode->attributes->item($x)->nodeName;
+
+ // logger('checking: ' . print_r($currentNode->attributes->item($x),true));
+ $matches = false;
+
+ // check if attribute isn't in whitelist
+ if(! in_array($attrName, $whitelist_attr_arr)) {
+ $this->removedattrs[] = $attrName;
+ }
+ // check for disallowed functions
+ elseif (preg_match_all('/([a-zA-Z0-9]+)[\s]*\(/',
+ $currentNode->attributes->item($x)->textContent,$matches,PREG_SET_ORDER)) {
+ if ($attrName === 'text') {
+ continue;
+ }
+ foreach ($matches as $match) {
+ if(! in_array($match[1],self::$allowed_functions)) {
+ logger('queue_remove_function: ' . $match[1],LOGGER_DEBUG);
+ $this->removedattrs[] = $attrName;
+ }
+ }
+ }
+ }
+ if ($this->removedattrs) {
+ foreach ($this->removedattrs as $attr) {
+ $currentNode->removeAttribute($attr);
+ logger('removed: ' . $attr, LOGGER_DEBUG);
+ }
+ }
+
+ }
+
+ // else remove element
+ else {
+ logger('remove_node: ' . print_r($currentNode,true));
+ $currentNode->parentNode->removeChild($currentNode);
+ }
+ }
+ return true;
+ }
+
+ function saveSVG() {
+ $this->xmlDoc->formatOutput = true;
+ return($this->xmlDoc->saveXML());
+ }
+}
diff --git a/Zotlabs/Lib/ThreadItem.php b/Zotlabs/Lib/ThreadItem.php
index 5e4600df2..667ea269a 100644
--- a/Zotlabs/Lib/ThreadItem.php
+++ b/Zotlabs/Lib/ThreadItem.php
@@ -778,8 +778,6 @@ class ThreadItem {
call_hooks('comment_buttons',$arr);
$comment_buttons = $arr['comment_buttons'];
- $feature_auto_save_draft = ((feature_enabled($conv->get_profile_owner(), 'auto_save_draft')) ? "true" : "false");
-
$comment_box = replace_macros($template,array(
'$return_path' => '',
'$threaded' => $this->is_threaded(),
@@ -814,8 +812,7 @@ class ThreadItem {
'$anoncomments' => ((($conv->get_mode() === 'channel' || $conv->get_mode() === 'display') && perm_is_allowed($conv->get_profile_owner(),'','post_comments')) ? true : false),
'$anonname' => [ 'anonname', t('Your full name (required)') ],
'$anonmail' => [ 'anonmail', t('Your email address (required)') ],
- '$anonurl' => [ 'anonurl', t('Your website URL (optional)') ],
- '$auto_save_draft' => $feature_auto_save_draft
+ '$anonurl' => [ 'anonurl', t('Your website URL (optional)') ]
));
return $comment_box;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 06:11:39 +0000